Berkeley CSUA MOTD:Entry 38359
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2024/11/23 [General] UID:1000 Activity:popular
11/23   

2005/6/29-30 [Computer/Networking, Computer/SW/Security] UID:38359 Activity:low
6/30    I don't want to crack WEP, but I'd like to learn more about it.
        For example, is it a link layer encryption or is it tied to the
        physical layer? If it is link layer encryption (something built
        on top of link layer), then is it possible to "sniff" sequences
        of packets on a regular computer then brute force crack it? Does it
        take a super computer to do it or can anyone with a regular
        laptop do it?
        \_ go read http://www.tomsnetworking.com/Sections-article118.php - danh
        \_ Looking at how some of the crackers work is a great way of
           learning how WEP works.  Have a look at Auditor at
           http://www.remote-exploit.org for good tools and docs.  -John
           \- This may be more relevant to people with a greater interest
              in wireless security than the OP but i looked at draft of
              a book on wireless sec by william arbaugh of university of
              maryland [i forgot the other authors, see AMAZONG] which
              is going to be more indepth and theoretical than random
              "how to" web pages, but is more practical than a berkeley-type
              textbook. oh it looks like the book is out now:
              http://csua.org/u/ck2 anyway, if that is what you are
              lookig for, the book is decent (looks like it is 2yrs old
              an unrevised, so may be lean on some recent things and
              cover some things that died on the vine). ok tnx.
ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2024/11/23 [General] UID:1000 Activity:popular
11/23   

You may also be interested in these entries...
2009/4/26-29 [Computer/Networking] UID:52910 Activity:nil
4/25    I have an Airport Express.  is there some way to let computer
        1 ping computer 2?  both computers are connected to wireless network
        successfully.  I can get to internet on both of them.  I just can't
        ping each other.  weird.  maybe they think that's a feature?
        \_ Sounds like your router is enforcing client isolation. If you can't
           change the setting on the router you're probably SOL.
	...
2009/2/27-3/5 [Computer/Networking] UID:52658 Activity:nil
2/27    I need to buy a wireless router, can u guys help me out?   I need the
        following features:  wireless, G or better, PPTP dial up, PPoE dialup,
        VoIP/SIP register, DDNS, uPnP.
        I am having a such hard time to find a review site which allow me to
        select these features.   Any ideas?  There are a couple model from
        this small company Draytek has these features, I am having the hardest
	...
2008/12/15-29 [Computer/Networking] UID:52254 Activity:kinda low
12/15   ausman, maybe this can help form your views on net neutrality:
        http://lessig.org/blog/2008/12/the_madeup_dramas_of_the_wall.html
        if you're bored, skip down to the iFilm example.
        \_ jim: consider the case of a private electrical utility:
           do you believe in "current neurality"? i agree if say GOOG
           were to put in a giant server complex creating a sudden local
	...
2008/11/11-26 [Computer/Networking] UID:51916 Activity:nil
11/11   Dumb question. My apartment has a bunch of inter-computer file
        exchange going on. Should I get a switch instead of a router to
        minimize traffic? Does it really make a difference? Let's say
        two computers exchanging info with each other are on the switch
        and the switch is connected to the router. The router will never
        know about the transfer between the two computers right?
	...
2008/10/21-22 [Computer/HW/Soundcard] UID:51610 Activity:nil
10/21   I installed the latest Ubuntu.  It recognized my wireless, dual
        monitor setup, sound card, then made me breakfast.
	...
2008/9/29-10/1 [Computer/Networking] UID:51325 Activity:nil
9/29    I'm looking for a new wireless router / firewall, preferably
        something that supports 802.11n. Any recommendations?
        \_ Which 802.11n?
           \_ Draft 2.0 or whatever version is supported by the the
              MacBook and iMac.
	...
2008/6/6-10 [Computer/Networking] UID:50171 Activity:nil
6/6     Now that 3g wireless speeds are getting useable and phones are
        coming out that have built in wifi are there any phones that
        can be used as wireless wifi access point?  -aspo
        \_ Yes. My coworker does this with his Blackberry.
	...
2008/5/31 [Computer/SW/Apps/Media, Computer/SW/Unix] UID:50105 Activity:nil
5/31    I have a slow wireless router and slow fileserver on my network.
        Is there a video or media player (windows or unix) that is smart
        about caching content while playing it?  I would like to be able
        to hit play on a file from a file share, wait for it to catch
        up for a while because my connection is so slow, walk away for
        a while and come back and view my movie with no annoying skips. thanks.
	...
2013/10/24-11/21 [Computer/Companies/Apple] UID:54747 Activity:nil
9/19    "No, A Severed Finger Will Not Be Able to Access a Stolen iPhone 5S"
        http://mashable.com/2013/09/15/severed-finger-iphone-5s
        I'm sure the Apple QA department has tested extensively that a severed
        finger will not be able to access a stolen iPhone 5S.
        \_ It doesn't matter whether or not a severed finger can be used.  It
           matters whether or not a robber thinks that a severed finger can be
	...
2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil
6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil
8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...
2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil
7/18    "Largest penis record holder arouses security suspicions at airport"
        http://www.csua.org/u/x2f (in.news.yahoo.com)
        \_ I often have that same problem.
        \_ I think the headline writer had some fun with that one.
           \_ One time when I glanced over a Yahoo News headline "U.S. busts
              largest-ever identity theft ring" all I saw was "U.S. busts
	...
2012/4/23-6/1 [Computer/SW/WWW/Browsers] UID:54360 Activity:nil
4/19    My Firefox 3.6.28 pops up a Software Update box that reads "Your
        version of Firefox will soon be vulnerable to online attacks."  Are
        they planning to turn off some security feature in my version of
        Firefox?
        \_ Not as such, no, but they're no longer developing this version,
           so if a 3.6.x-targeted hack shows up, you're not going to get
	...
Cache (2370 bytes)
www.tomsnetworking.com/Sections-article118.php
Print This Updated June 9, 2005 Introduction Hundreds, perhaps thousands of articles have been written about the vulne rability of WEP (Wired Equivalent Privacy), but how many people can actu ally break WEP encryption? Beginners to WEP cracking have often been fru strated by the many wireless cards available and their distribution-spec ific commands. And things are further complicated when the beginner is n ot familiar with Linux. In this three part series, we will give you a step by step approach to br eaking a WEP key. The approach taken will be to standardize as many vari ables as possible so that you can concentrate on the mechanics of WEP cr acking without being hindered by hardware and software bugs. The entire attack is done with publicly available software and doesn't require spec ial hardwarejust a few laptops and wireless cards. This first article will help you set up your wireless lab and guide you t hrough the scanning portion of WEP cracking. After all, you will need to find and document the wireless networks before you can crack them. second article will describe the stimulation of the target WLAN to g enerate traffic and the actual process of capturing data and cracking th e WEP key. After reading these two articles, you should be able to break WEP keys in a matter of minutes. BIZI International - can save you up to 85% off list on used Cisco, Norte l, Extreme, Juniper and more. POs from domestic end users welcome along with 1-Year End User Warranty. All products Next2New re-certified for pr oblem free installation. Troubleshoot and Repair Home Networks in Minutes Troubleshoot, Repair and Manage wireless or wired home networks easily wi th Network Magic. View the entire network map on one screen and easily s ee broken connections. Get Steady Network Consulting Clients: $397 Kit Finally, now you can get more steady, high-paying small business technolo gy consulting clients with new, immediately downloadable self-paced trai ning program. See site now for free immediate access to a sample audio e xcerpt. Shop Copyright of all documents and scripts belonging to this site by Tom's Gu ides Publishing LLC 1996 - 2005. Most of the information contained on th is site is copyrighted material. It is illegal to copy or redistribute t his information in any way without the expressed written consent of Tom' s Guides Publishing.
Cache (1774 bytes)
www.remote-exploit.org
We are just a group of people that like to experiment with computers. We hope that we can provide some information back to the public and support the ongoing process of learning. News: Customized releases of Auditor When you like to have a custom logo branded auditor release to use it as a give away to your customers in courses etc. News: Released a new website whith default settings and vulnerabilities I have just setup the first draft of the list of default settings of wire less products. I w ill add other vendor settings as soon i have some time. News: cowpatty-20 released Check out our newest release from Joshua Wright. coWPAtty is designed to audit the pre-shared key (PSK) sele ction for WPA networks based on the TKIP protocol. Supply a libpcap file that includes the TKIP four-way handshake to mount an offline dictionar y attack with a supplied wordlist. The Auditor Security Collection is the most advanced an d up-to-date penetration testing linux live distro available. Its perfec t for security analyses, wireless security analysis and ...... PS Send us some photo shots, which shows auditor in action. Append wher e you have been with it, so i know where auditor has been used so far. News: Requesting Auditor Security Collection actionshots Hi all, please send us your Auditor Security Collection - action-screensh ots. Send us your auditor action pictures at the usual place. org) News: Hotspotter 04 released Hotspotter 04 has been released right now. It fixes a bug and enhances the hotspotter with the a bility to execute a script before going to accesspoint mode. There you will find hotspotter 04 on it in addition to some fake daemon and automated dhcp/dns script for hot spotter. org Well we have updated the website right now, as you can see.
Cache (7237 bytes)
csua.org/u/ck2 -> www.amazon.com/exec/obidos/ASIN/0321136209/qid=1120112101/sr=2-1/ref=pd_bbs_b_2_1/002-7045555-9880802
The authors handle complex topics nicely, and offe r significant clarification of IEEE draft standards." " --John Viega, founder and chief scientist, Secure Software, Inc. "This book keeps the exposition as straightforward as possible and enable s you to cut through the maze of acronyms, hacking tools, rumored weakne sses, and vague vendor security claims to make educated security decisio ns when purchasing or deploying WLAN." But how can privacy and securit y be maintained effectively? This is the book that will show you how to establish real security within your Wi-Fi LAN. Recent developments in Wi-Fi security achieve what no amount of reconfigu ration can do: They solve the problem at the source. Wi-Fi Protected Acc ess (WPA) repairs weaknesses in existing Wi-Fi systems and is designed t o allow software upgrades. It provides an overview of security issues, explains h ow security works in Wi-Fi networks, and explores various security and a uthentication protocols. The book concludes with an in-depth discussion of real-world security issues and attack tools. Written by two experts in wireless security, Jon Edney and William Arbaug h, this book shows you how to stay informed and aware when making securi ty decisions, and what steps you can take to implement the most effectiv e, proactive wireless security now and in the future. After InTalk was acquired by Nokia Cor poration, he focused on the application of Wi-Fi to public access networ ks. William A Arbaugh is an assistant professor of computer science at the U niversity of Maryland in College Park, where he conducts research in inf ormation systems security. Arbaugh served as a senior computer scientist for the National Security Agency's Office of Research and Technology, a nd then as senior technical advisor for the Office of Advanced Network P rograms. He has many publications to his credit and has delivered papers at security-related conferences such as IEEE, SANS, USENIX, and Comdex. The company I work for is moving more and more to wireless to provide connectivity to our customers. In terms of understanding architecture, and the cryptography behind the s ecurity protocols this was my favorite book. My favorite chapter was the how WEP works and why it doesn't. The writing was clear and the explana tions were accurate. I also loved chapter 15, that equipped me to explai n why wireless networks are dangerous beasts with detail. It is a tougher read than some of the other books on the subject, the goo d news is that you understand the cryptography, the bad news is you have to work through the pages with the crytography. I think it would have been a stronger, more focused work without chapters 2, 3, and 4 An y reader that is willing to wade through the inner workings of TLS, TKIP or WPA doesn't need a security overview. Also, I really wish more effor t had been put into chapter 14, Public Wireless Hotspots. It is good, it covers the fundamentals, but I finished the chapter without increasing my understanding of a question every reader of the book will have. Do I dare check my (encrypted) email at a Starbucks or airport hot spot? See all my re views This is a very advanced book, not for the meek at heart. Exceptionally we ll written with five pages of references, three pages of acronyms and th ree appendices: AES encryption / block cipher, message modification and file integrity. The authors spare no details about wireless security, ye t are still able to make thing easy to understand. Edney and Arbaugh show just how "loose" current wireless systems really a re, their vulnerabilities and the most common attack methods used, inclu ding man in the middle, WEP cracking and MAC spoofing. They detail the l ayers of transmittion and how those layers interact in the most common w ireless scenarios. They also define the terms and uses of current wirele ss security including the latest methods under development. They dig down to t he actual tools and processes used to hack wireless networks and give ex cellent summaries of the most commonly used methods. Their examples deta il the uses of headers, their encryption and the algorithms used by each security protocol. They then show how each protocol is broken down, how server and client interact and the security holes present. After a good overview of the current landscape, Edney and Arbaugh go on t o show the reader how each protocol stacks up against one another, thus allowing the reader greater flexibility to decide just which type or typ es of security maybe right for their wireless environment. They also give very good examples of the problems inherent to communication and au thentication in highly mobile, fast paced environments. The authors go i nto the details and difficulties of how to strengthen wireless networks thru the understanding and use of algorithms, hardware authentication an d transport layer security. Edney and Arbaugh finalize their book by showing how the protocols are ap plied and the details of implementing Wi-Fi security in day-to-day actua l situations. They use screen shots of actual tools in use making it eas ier for the novice radio buff to understand the whole process. Any white hat will enjoy the final chapter as the authors proceed to show details on how to craft your own client and server side certificates, construct and harden a RADIUS server using open source software and plan your net work. A must read for all IT professionals running wireless in any sensitive en vironment. Most books simply reiterate the basics of wireless sec urity architecture and then spend a chapter or two on the hacking tools for locating networks and defeating WEP. Edney and Arbaugh start with th e basic insecurities, and then build on the explanation layer after laye r from the overview to the cryptography and its implementation. You as t he reader decide how deep your understanding needs to go. As its title suggests, i t is focused on the issues of security so don't expect a general treatme nt of Wireless Architecture in addition. However, with this book, the authors explain the concepts in a clear and simple matter. Yes, it was actually fun reading about how encryption and the security suites can protect WLANs. I highly recommend this book to everyone who owns and operates an access point including beginners at home and exper ts in the enterprise. It covered the basics of wireless securi ty starting from the ground and working up. It was organized well so tha t if a section was already familiar you could simply jump forward. There is the occasional section where the theory starts to get a little deep, but they warn you and instruct you to skip over the section if it is of no interest. This was my first book on wireless security and will provide a good basis to move forward to vendor specific security and eventual certification. A great place to start with enough depth to provide a learning opportun ity for the more experienced. Suggestion Box Your comments can help make our site better for everyone. If you've found something incorrect, broken, or frustrating on this page, let us know s o that we can improve it. Please note that we are unable to respond dire ctly to suggestions made via this form.