Who's Online
There are currently, 191 guest(s) and 1 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
|  |
Zigbee Wireless Networks testing tools by Joshua Wright
Posted by cdupuis on Monday, 15 March 2010 @ 07:43:42 EDT (1783 reads)
Topic WarDriving
8 March 2010, 19:07
ZigBee: attack of the killer bees
Developer Joshua Wright[1] intends to release KillerBee, an open source collection[2] of Linux tools intended for testing the security of ZigBee networks. According to Wright, many ZigBee implementations are a mess – he hopes that his tool, which is coded in Python, will ultimately lead to more secure products.
Wright lists ZigBee applications which include controlling water flows in dams and natural gas control valves. The technology is also widely used in building automation; many thousands of ZigBee devices have been used in the brand-new MGM CityCenter in Las Vegas, for example. Some intelligent electricity meters in use in the US also communicate using ZigBee in a mesh network.
ZigBee[3] (IEEE 802.15.4) is far more popular than Bluetooth, Wi-Fi or DECT for these kind of scenarios, as it is simpler to implement – the complete stack requires only 120 KB of space – and because the wireless technology uses significantly less energy. Wright, however, concludes that "When both simplicity and low cost are goals, security suffers."
KillerBee includes a number of tools which, taken together, look at lot like the sort of attack programs familiar from Wi-Fi environments. According to Wright, the security problems and the errors that underlie them, are reminiscent of the design problems which dogged Wi-Fi. ZigBee offers no protection against replay attacks, in which an attacker simply resends recorded packets to the network. Wright's succinct comment, "Wi-Fi was dogged by the same errors – but that was 15 years ago."
KillerBee includes applications for sniffing out any ZigBee devices in the surrounding area (zbid), for recording data streams from the wireless network (zbdump) and for replaying recorded data streams (zbreplay). Replaying packets could, according to Wright, be useful in contexts such as locks networked using ZigBee. An attacker would merely need to record the data transmitted from the lock to a control server located in the building at the moment at which a door is opened. Sending this sequence to the server via ZigBee at a later date should cause the lock to open again.
KillerBee also includes a program for cracking the secret key stored in ZigBee devices. Since many ZigBee devices have no display or keypad, the code required for encryption is frequently stored in factory-set Flash memory. Where keys are exchanged over the air (OTA), they are exchanged in unencrypted form and can easily by recorded using zbdump. Recordings can be subsequently analysed in Wireshark without difficulty.
zbgoodfind uses a memory dump generated using sniffer hardware developed by Travis Goodspeed to crack stored keys. Wright's tools all work with the Atmel AVR RZ USBStick[4] ZigBee USB stick, which costs just under $40, though if you want to record and be able to replay data simultaneously, you'll need two. To replay data, you'll also need to overwrite the device's firmware, for which you'll need an on-chip debugger and programmer, such as Atmel's AVR JTAG ICE mkII[5], a clone version of which can be picked up for around 50 euros. Wright is not officially selling pre-flashed sticks, but intimated to heise Security, The H's associates in Germany, that he was sure he could help out in 'individual cases'.
(Uli Ries)
URL of this Article:
http://www.h-online.com/security/news/item/ZigBee-attack-of-the-killer-bees-949111.html
Links in this Article:
[1] http://www.willhackforsushi.com/
[2] http://www.willhackforsushi.com/presentations/toorcon11-wright.pdf
[3] http://en.wikipedia.org/wiki/ZigBee
[4] http://www.atmel.com/dyn/Products/tools_card.asp?tool_id=4291
[5] http://www.atmel.com/dyn/Products/tools_card.asp?tool_id=3353
Aircrack-NG 1.0 is finally released along with new web site
Posted by cdupuis on Monday, 14 September 2009 @ 08:40:54 EDT (2970 reads)
Topic WarDriving
As seen in the H Security newsletter:
9 September 2009, 09:45
Aircrack-ng 1.0 released
Aircrack-ng's new logo
Aircrack-NG, the WEP and WPA-PSK cracking application, has been released[1] as a finalised 1.0 version, after being in beta test since October 2007. The application, also billed as "a set of tools for auditing wireless networks", incorporates a packet sniffer and analysis tools which can be used with any wireless card that supports raw monitoring mode. The code, a fork of the original Aircrack, runs on Windows and Linux, with ports to Zaurus and Maemo devices.
The 1.0 release was made in conjunction with the launch of the new aircrack-ng.org[2] website and logo for the wireless cracking and auditing tool. The change log[3] details changes that have been made to the application since the first beta release of Aircrack-ng 1.0 was made available in 2007, though little has changed since the last beta release beyond a number of bug fixes. Aircrack-ng is available as source code, windows binaries, a VMWare image or as part of a Live CD[4] and is licensed under the GPLv2.
(djwm[5])
URL of this article:
http://www.h-online.com/security/news/114185
Links in this article:
[1] http://aircrack-ng.blogspot.com/2009/09/aircrack-ng-10.html
[2] http://aircrack-ng.org
[3] http://aircrack-ng.org/doku.php?id=changelog
[4] http://aircrack-ng.org/doku.php?id=slitaz
[5] mailto:djwm@h-online.com
WEPBuster 1.0 has been released
Posted by cdupuis on Tuesday, 02 June 2009 @ 23:29:10 EDT (2550 reads)
Topic WarDriving
Anonymous writes "WEPBuster 1.0
This small utility was written for Information Security Professionals to aid in conducting Wireless Security Assessment. The program executes various utilities included in the aircrack-ng suite, a set of tools for auditing wireless networks, in order to obtain the WEP encryption key of
a wireless access point. aircrack-ng can be obtained from http://www.aircrack-ng.org
Features:
WEPBuster Cracks all access points within the range in one go!!
Supports:
- Mac address filtering bypass (via mac spoofing)
- Auto reveal hidden SSID
- Client-less Access Point injection
- Shared Key Authentication
- WEP Decloacking (future version)
- whitelist (crack only APs included in the list)
- blacklist (do not crack AP if it's included in the list)
USAGE:
WEPBuster_1.0"> perl wepbuster [1 | 6 | 11] (or any combination, space separated)
perl wepbuster (sort | connect) [HOST | IP] Defaults to: gateway)
Typically, one would invoke the program without any arguments. Doing this will set the mode to 'crack' and will try to crack all wep-enabled access points within the range on each of those 3 non-overlapping channels(1,6,11)
Given an argument of numbers (1, 6, or 11 only), mode will be set to 'crack' and will crack all APs on that particular channel/s specified.
If passed with a 'sort' argument, followed by an optional IP address or a hostname, the program will try to sort the list of cracked access points (obtained after running 'crack' mode) in the order of decreasing ping round trip time to the gateway or to the IP address or hostname specified.
If passed with a 'connect' argument, followed by an optional IP address or a hostname, the program will try to connect to each access point included in the list of cracked access points.
The program exits once connection is made to an access point and verified, e.g, if it can successfully ping the gateway or the IP address or hostname specified.
RECOMMENDED MODIFICATIONS (aircrack-ng):
The following modifications to the source and header file of the two aircrack-ng utilities (aircrack-ng, airodump-ng), are not required but will make the decryption of WEP key more accurate (in terms of number of IVs needed in order to obtain the key.
1.) Instead of 5000, change PTW_TRY_STEP to 100 to make cracking more accurate (in terms of number of IVs needed to crack the key) Look for this line below in "aircrack-ng.h"
PTW_TRY_STEP #5000
2.) The script relies heavily on reading and parsing the .csv file output of airodump-ng. As such, instead of airodump-ng waiting for 20 seconds before writing the .csv text output, it is recommended that you make it 2 seconds.
If not changing this line below, you should set $airodumpwait to at least more than 20 to avoid getting errors. A value of 23 should be safe. Look for this line below in "airodump-ng.c"
if( time( NULL ) - tt1 >= 20)
REQUIRED PERL MODULES:
The only module used in this script is the module "Term::ReadKey". This module is used when the 'Enter' key is pressed, e.g, if the user wants to skip injecting into a particular Access Point.
This module can be obtained from "http://search.cpan.org".
A typical installation procedure of any perl module consists of the following steps:
perl Makefile.PL
make install
On Debian systems, this can be installed using apt-get e.g:
"apt-get install libterm-readkey-perl"
REQUIRED APPLICATION:
macchanger (http://www.alobbs.com/macchanger)
This tool is used for spoofing the macaddress when the AP is using mac address filtering.
TESTING PLATFORM:
During the development, this program was tested inside an Ubuntu Linux installation, using Alfa AWUS036H with R8187 driver. The access points tested were Aztech DSL605EW and Linksys WAG54G2
WARNINGS:
Other linux platforms, were not tested. The wireless card mentioned above is the only card that was used, others are not guaranteed to work without making any changes. I don't have all the necessary hardwares to test.
I'm leaving this work to the community. Please contribute so that everyone can benefit. =)
WHERE TO GET IT?
Please visit the project page at http://code.google.com/p/wepbuster/ where you can download the script, and find the link to the video demo.
FINAL THOUGHTS:
This is the first program I have provided to the opensource community.
I hope you'll find it useful. Donations are welcome if you do =). Send them to my paypal account: markjayson.alvarez_AT_gmail.com
Please use this program in a good way and remember: "Morality works best when chosen not when mandated" - Larry Wall "
OSWA™-Assistant Wireless Auditing Software Toolkit - public edition release!
Posted by boss on Monday, 30 July 2007 @ 11:00:51 EDT (1906 reads)
Topic WarDriving
Anonymous writes "ThinkSECURE is officially launching the public edition of its OSWA™-Assistant wireless auditing CD on 8 August 2007 and it's free for anyone to download and use !
Read on...
=== What is the OSWA-Assistant? ===
The OSWA™-Assistant is a CDROM-based, standalone software toolkit for auditing wireless networks and technologies. In addition to specialized WiFi (802.11) auditing tools, it also covers Bluetooth and RFID auditing.
=== Who is it intended for? ===
The OSWA™-Assistant is ThinkSECURE's social contribution to the wireless security & auditing community. It is released with two groups of people in mind:
- Technical IT-security professionals who need specialized tools to assist them in conducting professional, consistent and thorough wireless audits, and
- Non-technical users who need help testing and securing their own home and business wireless networks.
=== Why is there a need for it? ===
Many IT-security professionals who attended the OSWA™ wireless auditing professional certification programme frequently requested for ready-to-use wireless auditing software tools which they didn't have to install on their corporate laptops, or repartition their laptop hard drives for, because their laptops were often governed by corporate rules on software installation.
They also complained about the user-unfriendliness of many LiveCD toolkits available today, including:
- tools being kept in different locations on the CD
- menus for some tools while others have no menus at all
- not being wireless-specific
- in general not being easy to navigate or use
Thus, was born the OSWA™-Assistant wireless auditing toolkit, which is designed to address the gripes of this first group. The reason for addressing the second group is because Home-owners and SOHO setups often do not have the money to engage qualified technical professionals to conduct wireless audits, even though they own and run wireless networks.
Thus, the OSWA™-Assistant aims to empower these individuals and small businesses to do basic self-help wireless auditing. It enables them to find out if their wireless networks and clients have any weaknesses. By identifying weaknesses and following various recommendations made by the toolkit, they can secure their networks before any "bad guys" (hackers, competitors, etc) can attack and compromise them and use their infrastructure for malicious purposes. By helping the people tighten their wireless security, this helps raise their country's wireless security defence posture.
=== How do the technical and non technical users use it? ===
Easy! Just insert the OSWA™-Assistant CD into your computer's CDROM drive and power-up/boot from the CDROM drive instead of your computer's hard drive. Technical professionals will appreciate the OSWA™-Assistant's logically organized and intuitive technical graphical menu interface, as well as its wide array of specialized wireless auditing tools. Non-technical folk will find it easier to use the ThinkSECURE-developed onboard web-based help system called the OSWA™-Assistant ActivityMap™, which we believe to be a first-of-its-kind-in-the-world feature for a LiveCD toolkit. The ActivityMap™ guides non-technical users through the process of performing a basic wireless audit against their own network. More advanced audit work can then be passed to a suitably trained technical professional.
=== When and Where will you be making this toolkit available? ===
We will be officially launching it at a 2-hour presentation/Q&A session at the following venue,
date & time:
Venue: Capital Tower Level 9 168 Robinson Road Singapore 068912
Date: 8 August 2007
Time: 3pm - 5pm
Venue seating/capacity is limited! Attendance is free and registration for the event is optional. However, we'll be giving out a special laser-etched copy of the OSWA™-Assistant at the end of the presentation to each of the first 30 people who register via our website to attend the presentation AND are physically present for the presentation (yes, you'll need to meet both conditions to receive it !) All other presentation attendees will receive a surprise door gift at the end of the presentation, subject to availability.
The official public download link will be made available during the presentation and also on our website after the presentation. Using this link, the public can freely download the toolkit image and "burn" it to a CD.
More details are available at : http://oswa-assistant.securitystartshere.org "
Aircrack NG version '0.9 is Released
Posted by boss on Friday, 18 May 2007 @ 21:56:17 EDT (5988 reads)
Topic WarDriving
cdupuis writes "Homepage:
http://www.aircrack-ng.org
Tar/GZ:
http://download.aircrack-ng.org/aircrack-ng-0.9.tar.gz
Changelog:
http://download.aircrack-ng.org/ChangeLog
The changes in this release are as follows:
- The main change is the addition of PTW attack to aircrack-ng.
- Aireplay-ng has a new option to test injection (--test).
- Aireplay-ng no longer needs to be patched to inject with bcm43xx (the driver still needs to be).
- Patches were updated (zd1211rw, bcm43xx, and rtl8187).
- Some changes were made to the Windows GUI and to airodump-ng (Windows).
- There are other fixes and improvements.
Project description:
aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an
802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).
"
Aircrack-ptw - WEP Cracking Tool (ARP)
Posted by boss on Wednesday, 02 May 2007 @ 22:23:05 EDT (1927 reads)
Topic WarDriving
Anonymous writes "As seen within the great SecuriTeam mailing list.
WEP is a protocol for securing wireless LANs. WEP stands for "Wired Equivalent Privacy" which means it should provide the level of protection a wired LAN has. WEP therefore uses the RC4 stream to encrypt data which is transmitted over the air, using usually a single secret key (called the root key or WEP key) of a length of 40 or 104 bit.
A history of WEP and RC4
WEP was previously known to be insecure. In 2001 Scott Fluhrer, Itsik Mantin, and Adi Shamir published an analysis of the RC4 stream cipher. Some time later, it was shown that this attack can be applied to WEP and the secret key can be recovered from about 4,000,000 to 6,000,000 captured data packets. In 2004 a hacker named KoReK improved the attack: the complexity of recovering a 104 bit secret key was reduced to 500,000 to 2,000,000 captured packets.
In 2005, Andreas Klein presented another analysis of the RC4 stream cipher. Klein showed that there are more correlations between the RC4 keystream and the key than the ones found by Fluhrer, Mantin, and Shamir which can additionally be used to break WEP in WEP like usage modes.
Aircrack-ptw attack
Aircrack-ptw is able to extend Klein's attack and optimize it for usage against WEP. Using aircrack-ptw's version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets. For 60,000 available data packets, the success probability is about 80% and for 85,000 data packets about 95%. Using active techniques like deauth and ARP re-injection, 40,000 packets can be captured in less than one minute under good condition. The actual computation takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 GHz and can additionally be optimized for devices with slower CPUs. The same attack can be used for 40 bit keys too with an even higher success probability.
Countermeasures
We believe that WEP should not be used anymore in sensitive environments. Most wireless equipment vendors provide support for TKIP (as known as WPA1) and CCMP (also known as WPA2) which provides a much higher security level. All users should switch to WPA1 or even better WPA2.
How the attack works
A paper describing the details and methods we used in our attack is available on the IACR ePrint server.
Implementation
We implemented a proof-of-concept of our attack in a tool called aircrack-ptw. It should be used together with the aircrack-ng toolsuite.
Reproduction of our results
The tool is quite similar to aircrack-ng. You can find a very good tutorial on the aircrack-ng homepage. For usage with our tool, you need to make some little changes.
* In Step 3, you MUST NOT use the parameter -ivs. Just skip this parameter, the other command line arguments still apply.
* In Step 5, you should use aircrack-ptw instead of aircrack-ng. ls -la output*.cap will give you a list of capture files airodump-ng has created. Usually, if you did not interrupt airodump-ng, there should be only one file named output-01.cap. Just start aircrack-ptw output-01.cap to get the key. If aircrack-ptw was not successfull, wait a few seconds and start it again.
Questions and answers
Does aircrack-ptw work with arbitrary packets?
No, aircrack-ptw currently only works with ARP requests and ARP responses. Using methods like ARP re-injection, it is usually not a problem to generate a sufficient amount of ARP traffic.
In a future version, aircrack-ptw could be extended to work with other packets too.
Does aircrack-ptw work with 256 bit keys?
Currently, aircrack-ptw does not support 256 bit WEP.
Does aircrack-ptw work on WPA1 or WPA2 too?
No. WPA is a complete redesign. Although the TKIP specified for WPA still uses RC4 as encryption algorithm, related-key attacks are not possible in this case since the per-packet keys do not share a common suffix. Furthermore, re-injection attacks on WPA protected networks will not work: WPA requires multiple packets with the same IV to be discarded. Although no cryptographic attacks against WPA1 are known, we recommend WPA2 over WPA1 if you have the choice.
Does aircrack-ptw work against WEPplus?
This has not been tested due to lack of equipment supporting WEPplus. Since WEPplus only avoids the weak IVs of the original FMS attack, we foresee no problems in applying the attack against WEPplus.
Does aircrack-ptw work against Dynamic WEP?
This has not been tested as well. In principle we expect our attack to work on networks protected by Dynamic WEP. Since Dynamic WEP allows for re-keying, the attack will provide a key that may only be valid for a certain time frame. After the key has expired, the attack needs to be performed again.
Additional Information:
The information has been provided by Sn0rkY.
To keep updated with the tool visit the project's homepage at: http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/
"
Kisgearth -- Maps your Kismet results onto Google Earth
Posted by boss on Wednesday, 07 March 2007 @ 09:08:41 EST (1904 reads)
Topic WarDriving
Anonymous writes "Dear wireless interested guys ;)
Every time i tried kismets gpsmap tool none of the map servers were available. so i decided to write my own tool while using the best resources available.
Kisgearth is a small perl script that gives you the possibility to convert your kismet xml logfiles to google earth kml files. You can apply a lot of filters and use sorting/ordering functions in order to get the best results.
please, inform me about bugs, feature requests and so on.
i hope it will be useful!
website: http://e-axe.mytty.org/kisgearth/
br,
richard"
Aircrack-ng 0.6 is released
Posted by boss on Monday, 03 July 2006 @ 17:19:37 EDT (2422 reads)
Topic WarDriving
cdupuis writes "Version 0.6 (changes from aircrack-ng 0.5) - Released 23 June 2006:
* aircrack-ng: Multithreaded keybytes bruteforcer
* aircrack-ng: Now bruteforce only last keybyte by default (faster than last 2KB)
* aircrack-ng: Added option to show ASCII version of the key
* aircrack-ng: Fixed: bug with -d option. It adds a leading "0x00" to the key
* aireplay-ng: fixed compilaton issues on some distro
* aireplay-ng: fixed a bug when using 'ash'
* aireplay-ng: You can change ring buffer size (-g option)
* airodump-ng: Log by default only one beacon (added option to log all beacons)
* airodump-ng: Dump prefix isn't mandatory anymore, not giving it won't store any data
* airmon-ng: Ralink devices needs be put in ad-hoc prior to inject packets
* manpages: Added kstat manpage
* manpages: fixed airodump-ng manpage (hyphen used as minus sign)
* Makefile: You can now compile aircrack-ng with Intel C Compiler (really faster)
* Updated madwifi-ng patch to r1545 (and up; can be applied on madwifi v0.9.0 and v0.9.1)
* Added instructions to compile on different plateforms/OS
* Added a WPA2 capture file in test directory
* Some other fixes
Version 0.5 (changes from aircrack-ng 0.4.4) - Released 04 May 2006:
* airodump-ng: Hop on 2.4Ghz channels by default
* airodump-ng: Added support for OpenWrt devices (use prism0 as capture interface)
* aircrack-ng and aireplay-ng: korek chopchop optimisation (Thanks to ASPj)
* airodump-ng: Fixed: when starting, it captured data on channel 10
* aircrack-ng: Fixed: Not using all CPU on SMP systems
Homepage:
http://www.aircrack-ng.org
Tar/GZ:
http://download.aircrack-ng.org/aircrack-ng-0.6.tar.gz
Changelog:
http://download.aircrack-ng.org/ChangeLog
"
High Quality Security Podcast at pauldotcom.com
Posted by boss on Wednesday, 14 June 2006 @ 23:11:56 EDT (6009 reads)
Topic WarDriving
Aircrack-ng 0.4.2 is released
Posted by boss on Friday, 21 April 2006 @ 09:48:34 EDT (2576 reads)
Topic WarDriving
cdupuis writes "aircrack-ng is a set of tools for auditing
wireless networks. It's an enhanced/reborn version
of aircrack. It consists of airodump (an 802.11
packet capture program), aireplay (an 802.11
packet injection program), aircrack (static WEP
and WPA-PSK cracking), airdecap (decrypts WEP/WPA
capture files), and some tools to handle capture
files (merge, convert, etc.).
Here are some of the changes:
Version 0.4.2 (changes from aircrack-ng 0.4.1) - Released 20 april 2006:
* airodump-ng: Fixed: dumpfile prefix took the name of the second argument
* airodump-ng: Fixed: .gps file creation if GPSd isn't used
* version.c removed (the content was moved to common.c)
Version 0.4.1 (changes from aircrack-ng 0.4) - Released 19 april 2006:
* airodump-ng: use of parameters like aircrack-ng, aireplay-ng, ...
* airodump-ng: more sanity checks
* airodump-ng & aireplay-ng: forbid the use of ndiswrapper
* airodump-ng & aireplay-ng: check of iwpriv existence
* manpages: updated and fixed typos
* Makefile: fixed "make doc"
* airmon-ng: fixed and improved madwifi detection
Homepage:
http://www.aircrack-ng.org
Tar/GZ:
http://download.aircrack-ng.org/aircrack-ng-0.4.2.tar.gz
Changelog:
http://download.aircrack-ng.org/ChangeLog
"
The first Wireless Security law enacted in N.Y. County
Posted by boss on Friday, 21 April 2006 @ 09:22:34 EDT (1453 reads)
Topic WarDriving
cdupuis writes "N.Y. County Enacts Wireless Security Law
by The Associated Press (AP)
4/20/2006 — Westchester County on Thursday enacted a law that is
designed to limit identity theft by forcing local businesses to install
basic security measures for any wireless network that stores customers'
credit card numbers or other financial information.
The law also requires that businesses offering Internet access --
coffeehouses and hotels, for example -- post signs warning that users
should have firewalls or other security measures.
As he signed the bill, County Executive Andrew Spano said the county
had been unable to find any law like it in the country and had received
inquiries about the legislation from other states and from Great
Britain, South Korea and the Czech Republic.
"There are many unsecured wireless networks out there, and any
malicious individual with even minimal technical competence would have
no trouble accessing information that should be kept confidential,"
Spano said.
"It would be nice if these businesses took the necessary
steps on their own to ensure their networks were kept secure, but the
sad fact is that many don't."
All computers connected to the Internet and other networks are
potentially vulnerable, but wireless networks are especially
troublesome because a hacker can easily grab data traveling through the
air.
Experts warned that the law would not fully protect anyone from
dedicated hackers but acknowledged it could raise awareness of the
vulnerabilities inherent in wireless technology.
Bruce Schneier, chief technical officer of Counterpane Internet
Security Inc., said laws like Westchester's are probably helpful
"because the information companies have on their networks is more
valuable to you than it is to them and the law gives them an incentive"
to protect it.
"But it's not going to stop identity theft," he added.Spano said businesses will also find that "this is an easy way to
avoid that public relations disaster that comes when companies find out
their customers' information has been stolen."
The law requires each business to install a firewall or change the
default SSID, the name that identifies a wireless network, if the
personal information stored has not already been encrypted.
Penalties
would range from a warning on first offense to a $500 fine on third
offense. Norman Jacknis, the county's chief information officer, said that
when the law was being considered officials detected 248 wireless
networks during a 20-minute drive through downtown White Plains. Nearly
half had no visible security.
Some of the unprotected networks were at cafes, hotels or other
establishments that offer wireless hot spots to patrons.
Other
networks, like those at Starbucks, were protected.The signs that are to go up at such places will say, "For your own
protection and privacy, you are advised to install a firewall or other
computer security measure when accessing the Internet."
Jacknis said easily available firewalls would protect credit card
transactions, for example, from being detected by a hacker posted
outside a dry cleaner that uses a wireless network.
At most, he said, installing firewall protection -- or just turning
on the encryption and other security measures available -- would take
an hour of a consultant's time.The law takes effect in six months
"
Interesting precedent has been set on illegal use of someone else connection
Posted by boss on Thursday, 30 March 2006 @ 15:09:11 EST (1277 reads)
Topic WarDriving
cdupuis writes "http://rrstar.com/apps/pbcs.dll/article?AID=/20060323/NEWS0107/103230036/1011
By Chris Green
ROCKFORD REGISTER STAR
March 23, 2006
ROCKFORD - Just as pirating your neighbor's cable service to watch premium movie channels is against the law, so too is surfing the Web using someone else's wireless Internet access.
David M. Kauchak, 32, a former Machesney Park resident, is the first person in Winnebago County to be charged with remotely accessing another computer system without the owner's approval. He pleaded guilty Tuesday to the charge and was fined $250 and sentenced to one year of court supervision.
"We just want to get the word out that it is a crime. We are prosecuting it, and people need to take precautions," Assistant State's Attorney Tom Wartowski said.
Kauchak was arrested in January in Loves Park when local authorities learned he was accessing the Internet through a nonprofit agency's computer.
Wartowski said a Loves Park police officer was on patrol in the wee hours of the morning when he saw Kauchak sitting in a car with a computer.
"He slowed down, took a look and saw he had a laptop in his lap. He talked to him and put it all together," Wartowski said.
In a prepared statement, Winnebago County State's Attorney Paul Logli said, "With the increasing use of wireless computer equipment, the people of Winnebago County need to know that their computer systems are at risk. They need to use encryption or what are known as firewalls to protect their data, much the same way locks protect their homes.
"Likewise, our residents need to know that it is a crime, punishable by up to a year in jail, to access someone else's computer, wireless system or Internet connection without that person's approval.""
Aircrack-NG
Posted by boss on Sunday, 19 March 2006 @ 09:51:32 EST (1314 reads)
Topic WarDriving
Iwar The Intelligent Wardialer version 0.071 is released
Posted by boss on Tuesday, 17 January 2006 @ 15:51:28 EST (1465 reads)
Topic WarDriving
cdupuis writes "iWar is a "war dialer" written completely in C for Unix types of operating systems (Linux, FreeBSD, OpenBSD, etc). It is intended for legal phone security equipment auditing.
Current Features:
- Full and Normal logging: Full logging records all possible events
during dialing (busy signals, no answers, carriers, etc). By default it
only records things that we might find interesting (carriers, possible
telco equipment).
- ASCII flat file and MySQL logging: You can log to a traditional
ASCII flat file, and record information into a MySQL database.
- Dials randomly or sequentially.
- Remote system identification: When finding a remote modem and
connecting, iWar will remain connected and attempt to identify
the remote system type.
- Key stroke marking: When actively "listening" to iWar work,
if you hear something interesting, you can manually "mark" it
by hitting a key. You can also enter a "note" about something
you find interesting.
- Multiple modem support, because... well, hey - this is "Unix".
iWar will support as many modems you can hook up
- Nice "curses" based display. This means that if you're using
iWar from a Linux console or a VT100 based terminal, it should
work fine. It's not a escape sequence kludge, but true "curses".
- Full control over the modem: Unlike other 'kludges', iWar
doesn't just open the modem as a typical "file". It controls
the baud rate, parity, and CTS/RTS (Hardware flow control)
DTR (Data terminal ready). This is important for controlling
the modem and making it preform the way you want it to during
scanning. For example, DTR hang ups.
- Blacklisted phone number support: For numbers the system
should never dial.
- Save state: If within the middle of a "wardialing" session you
want to quit, you can save the current state to a file. This
allows you to come back later and restart iWar where you left off.
(via the '-l' option)
- Load pre-generated numbers: You can load a file (via the '-L' option)
of numbers that you want to dial. This is useful if you want to load
numbers generated by another routine (perl/shell script/etc).
- Tone location, if your modem supports it. iWar uses two
different methods. The traditional "ATDT5551212w;" (Toneloc)
and "silence" detection.
- Records remote system banners on connection for later review
- iWar can be used to attack PBX's and Voice mail systems
- Terminal window so you can watch modem interactions and carrier results
in real time
- Support the IAX2 (Intra-Asterisk eXchange) "Voice over IP" (VoIP)
protocol. This allows you to scan without the need of additional
hardware! To my
knowledge, iWar is the first war dialer with VoIP functionality
- In IAX2 mode, iWar acts as a "full blown" VoIP client. In this mode,
key 0-9, * and # play there DTMF equivalents. In this mode, you can also
directly "talk" (using a microphone) with the remote target if so desired.
- In IAX2 mode, if your VoIP provider supports it, you can "set"
your caller ID number (caller ID spoofing).
- Comes with complete source code and is released under the
GNU General Public License.
Click on Read More... below to see screenshoots of IWar.
Visit their main web site at: http://www.softwink.com/iwar/
"
Aircrack - 802.11 Sniffer and WEP/WPA Key Cracker
Posted by boss on Sunday, 21 August 2005 @ 21:11:16 EDT (3769 reads)
Topic WarDriving
What is aircrack?
Aircrack is a set of tools for auditing wireless networks:
* airodump: 802.11 packet capture program
* aireplay: 802.11 packet injection program
* aircrack: static WEP and WPA-PSK key cracker
* airdecap: decrypts WEP/WPA capture files
The official download location is http://www.cr0.net:8040/code/network/.
However, if you can't access port 8040 for some reason, you may use this mirror instead: http://100h.org/wlan/aircrack/.
Additional Information:
The information has been provided by Christophe Devine.
To keep updated with the tool visit the project's homepage at: http://www.cr0.net:8040/code/network/
|
|
Login
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
Big Story of Today
There isn't a Biggest Story for Today, yet.
|
[Criptography] DES Modes