Posted by agent0x0 on August 11, 2006 – 11:24 am
<%image(20060811-wireless access point.jpg|136|94|Secure that router!)%>
I was digging though some of my links today and noticed I had bookmarked a really good demo of how to crack WEP in 10 easy steps easily using free tools that you can download from the Internet (WHAX Live CD Distro, Aircrack, etc…).
How to crack WEP in 10 Easy Steps!
This once again shows how important it is that you use a “more” secure encryption like WPA. Most home cable/dsl wireless routers should now support the WPA-PSK (pre-shared key) standard. This should include vendors like Linksys, Dlink, and Netgear. Many home users don’t know why WPA is so insecure and why WPA-PSK is the best way to secure a home wireless network.
What is WPA-PSK?
WPA-PSK is a mode of WPA that is for home users without enterprise authentication requirements (business). WPA-PSK overcomes the major encryption issues with WEP, however, a weak WPA passphrase can be cracked in less then 30 seconds if a bad guy can manage to trick your wireless access point to reveal it’s intial handshake with the wireless client. Don’t confuse passphrase with password as they are totally different. A good example of a weak passphrase that can be easily cracked is something like “myaccesspoint” or “passphrase”. A bad guy can take this handshake data and crack your pre-shared key with a brute force or dictionary attack. The only defense against this type of attack is to use a long passphrase that would take years to crack even with the powerful computers we use today.
How to create a good passphrase?
The best way that I have found to create a good passphrase is to use a secure password generator website like the one Steve Gibson has created. What is nice about Steve’s website is that you can use this password page to generate a 64 random hex or 63 random ASCII/alpha-numeric passphrase (which one depends on what your router can handle) which is completly unique to you.
Once you have this passphrase you and copy/paste this into a blank text file and save it to a USB drive, floppy disk (if you still have these..), or burn it to a CD-R. With this text file you can then copy/paste the passphrase into your wireless access point configuration as well as your wireless clients. Keeping it on a remote device like a USB drive ensures you will have it for safekeeping. I keep mine locked away in my home safe with my other important documents.
This is the most recommended way to setup WPA-PSK on your home network. While there are more methods to properly secure a home wireless network, I will be discusing these in a future article.
Posted by agent0x0 on August 11, 2006 – 10:28 am
eEye has just released a free MS06-040 vulnerability scanner for you network admins out there. It will tell you what machines are vulnerable. It comes in a 16 and 256 IP version. This might come in handy if you need to quickly audit a network for vulnerable systems.
Network Security | IT Security | Vulnerability Assessment | Intrusion Prevention
Posted by agent0x0 on August 11, 2006 – 9:53 am
I guess it is just a matter of time…a worm is about to be released we can all feel it coming. New module is even been released for Metasploit..so now the script kiddies can have some fun too. By the way if you haven’t patched for MS06-040..do it now!
Slashdot | Microsoft Bracing for Worm Attack
Posted by agent0x0 on August 10, 2006 – 3:42 pm
<%image(20060810-e112.jpg|191|230|Security?)%>
As I am sure all of you have heard in the news about the bomb plot that was recently uncovered in London. What is now starting to happen becuase of this is that all electronic devices with a battery will most likely be banned from all flights. This will dramatically change the way people fly…could you imagine a 6+ hour flight without your iPod or laptop? How would this change the entire business world as many people conduct lots of company business on long flights with a laptop? Lots of questions to answer with very few answers I am afraid.
CNN.com – Experts: Air security focuses on past threats – Aug 10, 2006
Posted by agent0x0 on August 10, 2006 – 9:20 am
This is really scary..as having AOL installed on your machine isn’t scary enough! Privacy of personal search data should never be disclosed as it can lead to all kinds of bad things. If I were an AOL subscriber..I would dump them in a heartbeat.
AOL search data identified individuals
Posted by agent0x0 on August 10, 2006 – 9:11 am
Microsoft patch Tuesday brings us another very critical vunerability that needs to be patched ASAP! This one has the potential to be developed into a huge worm:
SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System
Note: Even though this article says Windows SP2 can block this…patching should still occur regardless!
Posted by agent0x0 on August 8, 2006 – 9:04 am
Looking for a free, open source host based IDS which also runs on Windows and Linux? Check out OSSEC:
OSSEC HIDS – Open Source Security
I will be installing this in a few days to give you my review. It look very promising! Kinda like Cisco CSA for the masses…hmmm..here is a good review on OSSEC as well:
Linux.com Review
Posted by agent0x0 on August 7, 2006 – 10:50 am
Good write up and pics below on DefCon going on right now in Las Vegas. If you don’t know, DefCon is the largest black hat/white hat/fed hacker conference in the US. Hoping next year I can get this on my training schedule! Gotta love that “Wall of Sheep”..lol.
DefCon: Friday Insanity!
Posted by agent0x0 on August 7, 2006 – 10:10 am
Scary things those pesky proxy servers…Not only is this a problem for college networks but it is a major issue for corporate IT security as well. The majority of corporate networks are now starting to block Myspace. Especially with the recent “Flash banner ad Worm” that hit Myspace not long ago. These proxy sites allow users to basically bypass any web filtering that is installed at the gateway. There are hundreds of these sites and more poping up all the time. Products like Websense and SurfControl can help, however, these sites only get blocked when the products blocked lists get updated or the administrator manually adds the site(s) to a blocked list.
Slashdot | Proxy Sites Offer Secret Passage to Myspace
Posted by agent0x0 on August 7, 2006 – 9:43 am
So this is seriously cool..you have heard of “War Driving” and “War Flying”, etc…how about “War Rocketing”? Only at DEFCON:
War driving by rocket at 6,800 feet
