IamZed Premium Member join:2001-01-10 Dayton, OH |
IamZed
Premium Member
2003-Nov-26 10:49 am
Possible, but not probableThe creation of false sign in pages seems a bit obtuse. Its not something you do as a drive by. I would hope people become familiar enough with this that when everyone is booted, let a sacrificial lamb try to log back on first. |
|
LBDSLLightning Bolt join:2002-01-07 Auburn Hills, MI |
LBDSL
Member
2003-Nov-26 10:50 am
someone will always crack it.No matter what you build, someone will crack it. It is the way the world works |
|
|
What do u mean 802.11b is not secure?!!!I got WEP to protect me!!!! |
|
Asus RT-AC66
|
hot-spot providers take heed!!we will not let you provide free/cheap access to just the 'special' individuals you know about! you have been warned!!
seriously, can anyone honesty have expected wi-fi to ever be secure? how can you make a broadcast 'secret' anyway? it's just an arms race between the 'hackers' and the providers/developers... i hope anyone investing in the hot-spot idea knows this going in, and will continue to fund what could someday become a utopia of free access anywhere in the country- even world. i don't care how much you encrypt the data, if it's broadcast, it can be seen by anyone, and the 'hacker' actually prefers not to be paid for his work, unlike the 9-5 sysadmin wo 'secures the network'. oh well, someone with more sense, please add to the discussion, i just saw the story and felt like posting:) |
|
kapilThe Kapil join:2000-04-26 Chicago, IL |
kapil
Member
2003-Nov-26 11:02 am
Where......can I get me a copy of this thing? |
|
ctceo Premium Member join:2001-04-26 South Bend, IN |
to skyfreedomdo
Re: What do u mean 802.11b is not secure?!!!Apparently you need to open your other eye. |
|
|
Apparently you need to c the humor! |
|
Vamp5c077 Premium Member join:2003-01-28 MD |
Vamp to kapil
Premium Member
2003-Nov-26 11:09 am
to kapil
more hackersby listing the name of the tool publicaly is only educating more people in hacking.. |
|
korymGo Wisp's
join:1999-12-23 Richmond, VA |
to kapil
Re: Where...» airsnarf.shmoo.com/Also check out Airsnort too. |
|
korym |
to Vamp
Re: more hackersOops. |
|
SisqoWorld Champs. Babe Who? Premium Member join:2002-08-14 Methuen, MA |
Sisqo to Vamp
Premium Member
2003-Nov-26 11:14 am
to Vamp
said by Vamp: by listing the name of the tool publicaly is only educating more people in hacking..
This stinks, so how can someone really protect themselves? Now does this apply only to users that are using hotspots? |
|
cinnamonHow Smart Is Your Card? Premium Member join:2002-01-19 Tulsa, OK |
to kapil
Re: Where...Of course from The Shmoo Group. You are running Red Hat Linux 9.0 aren't you? |
|
Mr_Stealth Premium Member join:2001-05-18 Lucasville, OH |
to kapil
any Windows software like this? my laptop's video card doesn't play well with Linux...I can't even use standard nVidia drivers with it, have to use Toshiba's
I've used NetStumbler, but it just finds networks |
|
|
|
How long would it take to...... break WEP 64 bit and 128 bit? Any ideas or *shhh* experiences? |
|
bmn? ? ?
join:2001-03-15 hiatus
1 recommendation |
said by skyfreedomdo: ... break WEP 64 bit and 128 bit?
An hour or two on a REALLY busy network, several hours on a not-so-busy network and probably several days on one not used all that often. You have to capture a couple thousand to a million plus packets for some software. As for this program, it didn't say whether or not you needed to get the WEP keys first or if the software does it for you by capturing and analyzing the packets. Of course that is assuming that your local WIFi providing cafe actually has WEP turned on, and from casual war driving, many don't. |
|
|
Good point on WEP not being used by many. How about TKIP (Temporal Key Integrity Protocol), as anyone read or applied it? |
|
DSLDUDE6Got The Folding Farm Itch Premium Member join:2002-01-07 Norcross, GA |
to bmn
I like my MAC filtering. I've tried everything to get past that, and you just can't get in. WEP, MAC, and common sense will prevail over all... |
|
|
I like MAC Filtering but theres always a chance of MAC SPOOFING! But you are right common sense and, if I might add, knowledge of the enemy out there or within will prevail. |
|
|
bmn? ? ?
join:2001-03-15 hiatus |
to DSLDUDE6
Its already been stated, but MAC spoofing will defeat MAC filtering. Most wireless cards have the ability to change the Mac address that is used by the card. I'd post a screenshot of how it can be done (its very easy), but the laptop is packed up in the car. |
|
|
to DSLDUDE6
Well, consider too that WPA is becoming the new standard in wireless security. I don't see why Shmoo has to go write another hacking/phreaking/wardriving tool to "prove an inherent insecurity in 802.11b"...anyone who's spent more than a day looking at wireless technologies today knows how insecure it is. Why not take that effort and translate it into something more useful -- like actually working to make WiFi more secure? |
|
bmn? ? ?
join:2001-03-15 hiatus |
said by DenverDialup: Well, consider too that WPA is becoming the new standard in wireless security.
An article came out not long ago that stated that WPA is not much more secure than WEP and can still be broken. |
|
gruggniOxygen Gets You High join:2003-07-28 Corpus Christi, TX |
gruggni
Member
2003-Nov-26 12:43 pm
No need to panicTools like this have been around for a while. You only need to use the tool if someone has encryption turn on. Majority of residential wifi networks are already open. Really no need for worries. Very few wifi networks are actually encrypted.
Tools like this are used to break encryption. Anyone with malicious intent will just go to the open wifi network instead of an encrypted one. Breaking encryption takes time. How else do you test encryption works? You make a tool to break it. If someone is trying to sell me wifi equipment and they say its secure, I want a way to test the encryption instead of taking someones word for it. |
|
oliphant5Got Identity? Premium Member join:2003-05-24 Corona, CA |
to IamZed
Re: Possible, but not probableExactly...this isn't nothing new. This is just a twist on the spoofed email looking for AOLer's account info. Like most "hacks" this requires end user carelessness in order to succeed. |
|
BeesTeaInternet Janitor Premium Member join:2003-03-08 00000 |
to bmn
Re: How long would it take to...Sure, changing your MAC is not hard. That isn't spoofing and it isn't "defeating" anything at all. You're literally becoming a device allowed to connect to the WAP. Now here's the interesting part. Can you explain the process of knowing what to set your MAC to in order to gain access to the WAP ?
On the issue of WEP, it isn't intended to provide strong cryptographic communication. WEP means "Wired Equivalent Privacy". That is, just as a wire holds the signal, keeping it from being intercepted easily, WEP keeps signal from being eavesdropped on easily.
This is another example of why the physical layer is NOT where security is applied for the average network. Wireless or otherwise.
Cheers, -BeesT |
|
shmoe1 join:2003-09-06 Fremont, CA |
to bmn
One article about WPA vulnerability I've encountered was by Robert Moskowitz, senior technical director at ICSA Labs.
It details problems with the pre-shared key of less than 20 characters with simple pass phrases that were vulnerable to a dictionary attack. Complex passphrases of longer than 20 characters seem to be less of a security issue.
Also, I also read that WPA is just as vulnerable as WEP to denial-of-service attacks.
If others can point to other articles or specific problems it would be useful.
Thanx |
|
Rhobite Premium Member join:2002-02-24 Waltham, MA |
to gruggni
Re: No need to panicThis tool has NOTHING to do with breaking encryption. It's a password-gathering tool, it puts up a fake login page just like you'd get from a T-Mobile or Verizon hotspot. Hotspots don't use WEP or WPA anyway, they are unencrypted. This tool just makes it easy to set up a rogue AP and fish for people's logins. The reason you can't just passively sniff for passwords is that I assume the real login pages are sent over SSL. Although I've never used a pay hotspot so I could be wrong. |
|
ctceo Premium Member join:2001-04-26 South Bend, IN |
to skyfreedomdo
Re: What do u mean 802.11b is not secure?!!!Humor observed... |
|
aSicapplication specific Premium Member join:2001-05-17 Wakulla, FL |
to Mr_Stealth
Re: Where...lol... the video card makes no difference at a command line..
...unless you're the wussy type that *NEEDS* X to do anything useful. |
|
TexasGuy49 States And Texas Premium Member join:2002-12-02 Houston, TX |
to LBDSL
Re: someone will always crack it.said by LBDSL: No matter what you build, someone will crack it. It is the way the world works
Right, go hack 256 bit DES key. Right. Easier to storm the safe and break it open. |
|
|
to anon_5224
Re: hot-spot providers take heed!!said by anon_5224: we will not let you provide free/cheap access to just the 'special' individuals you know about! you have been warned!!
seriously, can anyone honesty have expected wi-fi to ever be secure? how can you make a broadcast 'secret' anyway? it's just an arms race between the 'hackers' and the providers/developers... i hope anyone investing in the hot-spot idea knows this going in, and will continue to fund what could someday become a utopia of free access anywhere in the country- even world. i don't care how much you encrypt the data, if it's broadcast, it can be seen by anyone, and the 'hacker' actually prefers not to be paid for his work, unlike the 9-5 sysadmin wo 'secures the network'. oh well, someone with more sense, please add to the discussion, i just saw the story and felt like posting:)
Like my networking prof always says: "Anyone with a wet finger or metal clothing hanger can pickup your signal.." Using WiFi you have the portability and easy of install but have to give up security.. If you have important info going over the network you should never use WiFi.. |
|