Friday 14 June 2013

crackxls 0.3 released

crackxls 0.3 has been released. Download it at https://github.com/GavinSmith0123/crackxls2003/tags. This version supports breaking encryption on Microsoft Word 97/2000/2002/2003 documents for the first time.


Windows users may just want to download "crackxls2003.exe" from https://github.com/GavinSmith0123/crackxls2003.

Sunday 9 June 2013

crackxls2003 - Initial support for Microsoft Word

I've added initial support for scanning Microsoft Word files to the crackxls2003 program.

It is on the "msword" branch of the git repository, which is at https://github.com/GavinSmith0123/crackxls2003/tree/msword.

As with Excel files, it will only work for the RC4 method of decryption, which was used in Office XP and some earlier versions.

There is no support yet for decrypting Word documents, only scanning for their encryption keys. I haven't tried it, but it is likely that the trial version of "guaword" would be able to decrypt a file given the encryption key, as this was true for Excel files for "guaexcel", another program from the same developer.

Adding decryption support may not be that difficult, and I may manage it in the next week or so.

Yahoo! mail insecurities

Round about late 2011, I found that there had been log-ins to my Yahoo! mail account from foreign countries. Investigating, I found that they had logged in using some kind of mobile interface. I (thought I) disabled the mobile interface, as I read many reports of crackers getting into to people's email that way.

Today I logged in again and had a warning. Somebody had logged in a few days ago - again via Yahoo! mobile, which I thought I had disabled.

I had already been through all web services, etc., that I had registered with using my Yahoo! account, and changed them to another email account, on account of the last time it was cracked. For readers, I recommend doing this. Yahoo! mail is really not trustworthy.

However, for two or three web services I was unable to change the email address associated with it, so I didn't want anyone taking over the account. I also had a few emails I wanted to keep. So I didn't want to delete my account altogether.

What I did today was set up an account in Mozilla Thunderbird (an email reader) to retrieve all of my mail by POP, so it is stored locally but not accessible on the web interface. Now if anybody breaks in, they would have little information.