securitySumo

I don’t usually pay attention to spam, but for some reason this one caught my eye. When I opened it, I discovered that I was the lost beneficiary of Luciano Pavoratti. If I had only known this when he was alive! Continue reading ‘Funny Spam’

One of the tools that comes with the Backtrack distribution is airpwn.  Airpwn is a tool that first debuted at DefCon 12.  (Careful with the link, it is not safe for work, and may not actually be safe for humanity.)

A Little About Airpwn

Airpwn acts as a man in the middle tool for wireless networks.  It takes advantage of the time that a website takes to respond to normal page requests.  In that lag time, it can inject its own content onto the wireless channel of an access point.  For instance, you may request a page from wikipedia.org that takes, round-trip, approximately 125 ms.  If someone near you is running the airpwn tool, it will see your request and immediately respond with its own web page and/or content because it is much closer and takes much less time to respond.  When your computer receives the data, it will think the original request was answered and display the page.  When the real web page is presented, it will either ignore the page, or display some of the content.  Airpwn can be configured to carefully craft responses so that your browser will ignore the real web content as it would with html comments.  Continue reading ‘Running airpwn’

This website has been making the rounds of some popular security and technology blogs lately.  In concept, this web application is an interesting idea, but raises some concerns.  First, do you really want to give an anonymous website your trusted passwords?  A quick check of the registration shows that the domain was registered through GoDaddy using Domains by Proxy.  So, who owns the domain?  There is no privacy statement on the website, and if there was, would you trust it?

Second, if you walk through the application and try a few random passwords, the results tend to be inconsistent and often, in my opinion, inaccurate.  First the password length of the application is limited to sixteen characters.  (Please consider moving to passphrases instead of passwords.)  Second, if you run ‘Password123′ through the application, it gives it a 73% score, with a rating of ’strong.’  If you have ever been through a network security test that attempts to crack user passwords, you know that this password wouldn’t last but a few seconds.

Please don’t rely on anonymous, online password meters to test your passwords.  You never know if you can trust the results, or the intent.

There has been quite a bit of speculation lately about the FBI’s latest attempt to track and prosecute individuals involved in child porn.  Essentially, the background is that undercover FBI agents posted hyperlinks with very descriptive names in popular message boards. (See the news.com story here.)  If someone clicked on this link, the FBI tracked their IP address and soon after served a warrant to search their premises and computer equipment.

There are quite a few opinions on this tactic.  Did the FBI commit entrapment by doing this?  What if someone clicked on the link by accident?  Or, they could have been deceived into clicking the link.  For example, I could send a friend an email with the link in question encoded into text that makes the friend believe that it is the latest YouTube video.  (This is a method that many spyware, malware, and phishing authors use to deceive their victims.)

The reality of the situation is, we may never know if this is a valid FBI tactic.  It is definitely in the FBI’s best interest to let this story propogate, even if it is false.  There is certainly some benefit in obscurity in this case.

Here is a short tutorial on cracking WEP using Backtrack3 Beta, from within VMware.  The first thing you need is a compatible wireless network dongle.  I am currently using a Linksys WUSB54GC. Our process is going to go as follows:  locate the network you wish to crack, dump all packets that associate with the access point, gather enough data packets, then crack the encryption.  Read on for the details.

Continue reading ‘Cracking WEP with Backtrack3 Beta in VMWare’

Remote-Exploit is hosting a download for the Backtrack 3 beta virtual machine.  The new (beta) release of BT has updated tools for your penetration testing pleasure.  There is also an iso version, in addition to a USB version.  For the serious pentester, you can install permanently to a hard drive.

Update:  I bought a new 8gb Sandisk U3 USB memory stick to install Backtrack 3 as a bootable device.  At first I had some trouble with it (syslinux could not find the boot image), but here is the process I used.  Upon inserting the drive for the first time (in Windows) the initial menu and welcome screen pops up.  Select ‘Uninstall U3′ from the selections and the software will remove the U3 software.  I then zipped all the programs and backed them up in case I needed them in the future.  The key to making the bootable BT3 image is to use either Linux or a Mac (which is what I did) to completely remove the USB drive’s partitions and start over.  Once this is done, the normal install to the USB should work fine.

HowtoForge has a great write-up on how to configure an SSH server to use public key authentication. This makes SSH much more secure by locking out the use of standard username/password authentication. By using this method, only the clients you authorize will be able to connect.

The CIA and the FBI both have Freedom of Information Act websites where they publish the release of documents. Although most of the documents are pretty boring, you can find some real gems.

More and more emphasis is being placed on secure passwords. From your login, to the password you use for your encryption system, passwords have been traditionally weak and subject to brute force attacks. However, using a pass phrase  is simple, very difficult to break, and can be easily remembered. When a security policy requires that your password is at least eight characters long, contain both upper case and lower case characters, and at least one special character or number, Password123 fits the template. But is it secure? A passphrase strings several words together into an easily remembered sentence or statement.  This adds much more complexity to the password. So, how about trying the pass phrase “My dear Aunt Sally.”  Microsoft has a good three part article on the pros and cons of the password vs. pass phrase debate.

When using a hotspot, your communications are completely open for anyone to see.  Our goal is secure the communications you have at the hotspot, back to your desktop at home.  We’re going to do this with help from a few different sources.  I am going to assume that you are running Windows on your desktop at home and have a router sitting between your home network connection and your desktop computer.  I am going to outline the process here, and provide specific details in posts to come. Continue reading ‘How to use an open hotspot securely’