Entry 37323 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 37323

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2024/11/23 [General] UID:1000 Activity:popular

11/23

2005/4/22-25 [Computer/HW/IO] UID:37323 Activity:kinda low

4/22    How secure can bluetooth be implemented.  I hear stories of remotely
        hacking into people's phonebook and such.  I'm specifically wondering
        about bluetooth keyboards.  Even if you don't advertise your presence,
        is it easy to remotely monitor your keystrokes?
        \_ In theory bt could be securely implemented. In reality it is prob.
           to much to expect that your bt kbd is encrypting everything that
           it sends to your computer.
           to much to expect that your bt kbd is properly encrypting keystrokes.
        \_ There are working bluetooth exploits--Max Moser demonstrated a few
           of them recently.  Many peripherals (kbd, mouse, earpieces, etc.)
           also are weak because of simple static auth keys (1111, 1234, etc.)
           Bluetooth's range is not an issue either; google for 'bluesniper.'
           The protocol is a bit safer due to some reasonably clever fidling
           with keys during a session.  Look at http://www.remote-exploit.org
           (the Auditor collection) for some very good tools and docs on the
           topic.  That said, will anyone care enough to attack your keyboard?
           Probably not.  -John

Cache (1774 bytes)

www.remote-exploit.orgWe are just a group of people that like to experiment with computers. We hope that we can provide some information back to the public and support the ongoing process of learning. News: Customized releases of Auditor When you like to have a custom logo branded auditor release to use it as a give away to your customers in courses etc. News: Released a new website whith default settings and vulnerabilities I have just setup the first draft of the list of default settings of wire less products. I w ill add other vendor settings as soon i have some time. News: cowpatty-20 released Check out our newest release from Joshua Wright. coWPAtty is designed to audit the pre-shared key (PSK) sele ction for WPA networks based on the TKIP protocol. Supply a libpcap file that includes the TKIP four-way handshake to mount an offline dictionar y attack with a supplied wordlist. The Auditor Security Collection is the most advanced an d up-to-date penetration testing linux live distro available. Its perfec t for security analyses, wireless security analysis and ...... PS Send us some photo shots, which shows auditor in action. Append wher e you have been with it, so i know where auditor has been used so far. News: Requesting Auditor Security Collection actionshots Hi all, please send us your Auditor Security Collection - action-screensh ots. Send us your auditor action pictures at the usual place. org) News: Hotspotter 04 released Hotspotter 04 has been released right now. It fixes a bug and enhances the hotspotter with the a bility to execute a script before going to accesspoint mode. There you will find hotspotter 04 on it in addition to some fake daemon and automated dhcp/dns script for hot spotter. org Well we have updated the website right now, as you can see.