dslreports logo
 
    All Forums Hot Topics Gallery
spc
view:
topics flat nest 
Comments on news posted 2003-11-26 10:47:21: As Wi-Fi users anticipate better wireless security, a new tool allows a hacker to yank you from the web and grab your login information before you've even sipped your latte. "Airsnarf" is the latest utility to annoy wireless enthusiasts. ..

page: 1 · 2 · next

IamZed
Premium Member
join:2001-01-10
Dayton, OH

IamZed

Premium Member

Possible, but not probable

The creation of false sign in pages seems a bit obtuse. It’s not something you do as a drive by. I would hope people become familiar enough with this that when everyone is booted, let a sacrificial lamb try to log back on first.

LBDSL
Lightning Bolt
join:2002-01-07
Auburn Hills, MI

LBDSL

Member

someone will always crack it.

No matter what you build, someone will crack it. It is the way the world works

skyfreedomdo
Premium Member
join:2003-01-01
Boise, ID

skyfreedomdo

Premium Member

What do u mean 802.11b is not secure?!!!

I got WEP to protect me!!!!

anon_5224
join:2001-10-23
united state
Asus RT-AC66

anon_5224

Member

hot-spot providers take heed!!

we will not let you provide free/cheap access to just the 'special' individuals you know about! you have been warned!!

seriously, can anyone honesty have expected wi-fi to ever be secure? how can you make a broadcast 'secret' anyway? it's just an arms race between the 'hackers' and the providers/developers... i hope anyone investing in the hot-spot idea knows this going in, and will continue to fund what could someday become a utopia of free access anywhere in the country- even world. i don't care how much you encrypt the data, if it's broadcast, it can be seen by anyone, and the 'hacker' actually prefers not to be paid for his work, unlike the 9-5 sysadmin wo 'secures the network'. oh well, someone with more sense, please add to the discussion, i just saw the story and felt like posting:)

kapil
The Kapil
join:2000-04-26
Chicago, IL

kapil

Member

Where...

...can I get me a copy of this thing?

ctceo
Premium Member
join:2001-04-26
South Bend, IN

ctceo to skyfreedomdo

Premium Member

to skyfreedomdo

Re: What do u mean 802.11b is not secure?!!!

Apparently you need to open your other eye.

skyfreedomdo
Premium Member
join:2003-01-01
Boise, ID

skyfreedomdo

Premium Member

Apparently you need to c the humor!

Vamp
5c077
Premium Member
join:2003-01-28
MD

Vamp to kapil

Premium Member

to kapil

more hackers

by listing the name of the tool publicaly is only educating more people in hacking..

korym
Go Wisp's

join:1999-12-23
Richmond, VA

korym to kapil

to kapil

Re: Where...

»airsnarf.shmoo.com/

Also check out Airsnort too.
korym

korym to Vamp

to Vamp

Re: more hackers

Oops.

Sisqo
World Champs. Babe Who?
Premium Member
join:2002-08-14
Methuen, MA

Sisqo to Vamp

Premium Member

to Vamp
said by Vamp:
by listing the name of the tool publicaly is only educating more people in hacking..

This stinks, so how can someone really protect themselves? Now does this apply only to users that are using hotspots?

cinnamon
How Smart Is Your Card?
Premium Member
join:2002-01-19
Tulsa, OK

cinnamon to kapil

Premium Member

to kapil

Re: Where...

Of course from The Shmoo Group. You are running Red Hat Linux 9.0 aren't you?
Mr_Stealth
Premium Member
join:2001-05-18
Lucasville, OH

Mr_Stealth to kapil

Premium Member

to kapil
any Windows software like this?
my laptop's video card doesn't play well with Linux...I can't even use standard nVidia drivers with it, have to use Toshiba's

I've used NetStumbler, but it just finds networks

skyfreedomdo
Premium Member
join:2003-01-01
Boise, ID

skyfreedomdo

Premium Member

How long would it take to...

... break WEP 64 bit and 128 bit?
Any ideas or *shhh* experiences?
bmn
? ? ?

join:2001-03-15
hiatus

1 recommendation

bmn

said by skyfreedomdo:
... break WEP 64 bit and 128 bit?

An hour or two on a REALLY busy network, several hours on a not-so-busy network and probably several days on one not used all that often. You have to capture a couple thousand to a million plus packets for some software.

As for this program, it didn't say whether or not you needed to get the WEP keys first or if the software does it for you by capturing and analyzing the packets. Of course that is assuming that your local WIFi providing cafe actually has WEP turned on, and from casual war driving, many don't.

skyfreedomdo
Premium Member
join:2003-01-01
Boise, ID

skyfreedomdo

Premium Member

Good point on WEP not being used by many. How about TKIP (Temporal Key Integrity Protocol), as anyone read or applied it?

DSLDUDE6
Got The Folding Farm Itch
Premium Member
join:2002-01-07
Norcross, GA

DSLDUDE6 to bmn

Premium Member

to bmn
I like my MAC filtering. I've tried everything to get past that, and you just can't get in. WEP, MAC, and common sense will prevail over all...

skyfreedomdo
Premium Member
join:2003-01-01
Boise, ID

skyfreedomdo

Premium Member

I like MAC Filtering but theres always a chance of MAC SPOOFING!
But you are right common sense and, if I might add, knowledge of the enemy out there or within will prevail.
bmn
? ? ?

join:2001-03-15
hiatus

bmn to DSLDUDE6

to DSLDUDE6
Its already been stated, but MAC spoofing will defeat MAC filtering. Most wireless cards have the ability to change the Mac address that is used by the card. I'd post a screenshot of how it can be done (its very easy), but the laptop is packed up in the car.

DenverDialup
join:2003-06-06
Littleton, CO

DenverDialup to DSLDUDE6

Member

to DSLDUDE6
Well, consider too that WPA is becoming the new standard in wireless security. I don't see why Shmoo has to go write another hacking/phreaking/wardriving tool to "prove an inherent insecurity in 802.11b"...anyone who's spent more than a day looking at wireless technologies today knows how insecure it is. Why not take that effort and translate it into something more useful -- like actually working to make WiFi more secure?
bmn
? ? ?

join:2001-03-15
hiatus

bmn

said by DenverDialup:
Well, consider too that WPA is becoming the new standard in wireless security.
An article came out not long ago that stated that WPA is not much more secure than WEP and can still be broken.

gruggni
Oxygen Gets You High
join:2003-07-28
Corpus Christi, TX

gruggni

Member

No need to panic

Tools like this have been around for a while. You only need to use the tool if someone has encryption turn on. Majority of residential wifi networks are already open. Really no need for worries. Very few wifi networks are actually encrypted.

Tools like this are used to break encryption. Anyone with malicious intent will just go to the open wifi network instead of an encrypted one. Breaking encryption takes time.
How else do you test encryption works? You make a tool to break it. If someone is trying to sell me wifi equipment and they say its secure, I want a way to test the encryption instead of taking someones word for it.

oliphant5
Got Identity?
Premium Member
join:2003-05-24
Corona, CA

oliphant5 to IamZed

Premium Member

to IamZed

Re: Possible, but not probable

Exactly...this isn't nothing new. This is just a twist on the spoofed email looking for AOLer's account info. Like most "hacks" this requires end user carelessness in order to succeed.

BeesTea
Internet Janitor
Premium Member
join:2003-03-08
00000

BeesTea to bmn

Premium Member

to bmn

Re: How long would it take to...

Sure, changing your MAC is not hard. That isn't spoofing and it isn't "defeating" anything at all. You're literally becoming a device allowed to connect to the WAP. Now here's the interesting part. Can you explain the process of knowing what to set your MAC to in order to gain access to the WAP ?

On the issue of WEP, it isn't intended to provide strong cryptographic communication. WEP means "Wired Equivalent Privacy". That is, just as a wire holds the signal, keeping it from being intercepted easily, WEP keeps signal from being eavesdropped on easily.

This is another example of why the physical layer is NOT where security is applied for the average network. Wireless or otherwise.

Cheers,
-BeesT
shmoe1
join:2003-09-06
Fremont, CA

shmoe1 to bmn

Member

to bmn
One article about WPA vulnerability I've encountered was by Robert Moskowitz, senior technical director at ICSA Labs.

It details problems with the pre-shared key of less than 20 characters with simple pass phrases that were vulnerable to a dictionary attack. Complex passphrases of longer than 20 characters seem to be less of a security issue.

Also, I also read that WPA is just as vulnerable as WEP to denial-of-service attacks.

If others can point to other articles or specific problems it would be useful.

Thanx

Rhobite
Premium Member
join:2002-02-24
Waltham, MA

Rhobite to gruggni

Premium Member

to gruggni

Re: No need to panic

This tool has NOTHING to do with breaking encryption. It's a password-gathering tool, it puts up a fake login page just like you'd get from a T-Mobile or Verizon hotspot. Hotspots don't use WEP or WPA anyway, they are unencrypted. This tool just makes it easy to set up a rogue AP and fish for people's logins. The reason you can't just passively sniff for passwords is that I assume the real login pages are sent over SSL. Although I've never used a pay hotspot so I could be wrong.

ctceo
Premium Member
join:2001-04-26
South Bend, IN

ctceo to skyfreedomdo

Premium Member

to skyfreedomdo

Re: What do u mean 802.11b is not secure?!!!

Humor observed...

aSic
application specific
Premium Member
join:2001-05-17
Wakulla, FL

aSic to Mr_Stealth

Premium Member

to Mr_Stealth

Re: Where...

lol... the video card makes no difference at a command line..

...unless you're the wussy type that *NEEDS* X to do anything useful.

TexasGuy
49 States And Texas
Premium Member
join:2002-12-02
Houston, TX

TexasGuy to LBDSL

Premium Member

to LBDSL

Re: someone will always crack it.

said by LBDSL:
No matter what you build, someone will crack it. It is the way the world works

Right, go hack 256 bit DES key. Right. Easier to storm the safe and break it open.

lazarus_
join:2002-08-31
Resolute, NU

lazarus_ to anon_5224

Member

to anon_5224

Re: hot-spot providers take heed!!

said by anon_5224:
we will not let you provide free/cheap access to just the 'special' individuals you know about! you have been warned!!

seriously, can anyone honesty have expected wi-fi to ever be secure? how can you make a broadcast 'secret' anyway? it's just an arms race between the 'hackers' and the providers/developers... i hope anyone investing in the hot-spot idea knows this going in, and will continue to fund what could someday become a utopia of free access anywhere in the country- even world. i don't care how much you encrypt the data, if it's broadcast, it can be seen by anyone, and the 'hacker' actually prefers not to be paid for his work, unlike the 9-5 sysadmin wo 'secures the network'. oh well, someone with more sense, please add to the discussion, i just saw the story and felt like posting:)

Like my networking prof always says: "Anyone with a wet finger or metal clothing hanger can pickup your signal.."

Using WiFi you have the portability and easy of install but have to give up security.. If you have important info going over the network you should never use WiFi..
page: 1 · 2 · next