Re: [Full-disclosure] НА: WPA attack improved t o 1min, MITM
Le mercredi 26 août 2009 à 09:35 -0500, Rohit Patnaik a écrit : Do you have a link to the entire paper by any chance? http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message% 20Falsification%20Attack%20on%20WPA.pdf -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [NETRAGARD SECURITY ADVISORY] [AirCell GoGo Inflight Internet -- No Encryption ][NETRAGARD-2009042]
Le mercredi 06 mai 2009 à 21:02 -0400, Netragard Advisories a écrit : The GoGo Inflight Internet service does not encrypt wireless connections between GoGo Inflight Internet users (Users) and the GoGo Inflight Internet Wireless Access Points (WAP). I totally agree that captive portal based wireless access is a poor security practice and have been advocating so[1] for quite some time. But do you plan to release an advisory every single time you find one somewhere ? The fact that it sits in a plane, hotel, airport, train does not make a big difference... And by the way, speaking specifically of planes, this general issue has already been raised something like 3 years ago[2]... [1] http://sid.rstack.org/pres/0608_BCS_OpenWireless.pdf [2] http://www.nmrc.org/pub/present/shmoocon-2006-sn.ppt -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: WiFi is no longer a viable secure connection
Le samedi 11 octobre 2008 à 20:14 +0530, Anshuman G a écrit : lol, yea, when i said impossible i thought i was pretty clear i was kidding :P. Sorry, missed ye good old smiley ;) Coffee++ -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WiFi is no longer a viable secure connection
Le samedi 11 octobre 2008 à 11:03 +1100, Ivan . a écrit : Global Secure Systems has said that a Russian's firm's use of the latest NVidia graphics cards to accelerate WiFi 'password recovery' times by up to an astonishing 10,000 per cent proves that WiFi's WPA and WPA2 encryption systems are no longer enough to protect wireless data. No kinding ?! 100 times what a CPU can do[1] ?! Whaooo. But what are they referring to saying up to 100 times faster than by using CPU only ? We don't know. On, fast CPU, Aircrack cracking speed can go up to around 650/700 psk/s. By 100, it means 65k/70k psk/s. Let's round it to 100k psk/s. Now, do the maths. A PSK is a least 8 ASCII printable chars between codes 32 and 126. I let you figure how much time you will need to cover the minimum length (8 chars) key space. We covered the subject at BA-Con. We can reach 12k psk/s on a single GTX280 alone[2]. That's only a factor 5 to 6 behind, without any brilliant optimisation. I don't see any breakthrough here that could make WPA/WPA2 PSK inefficient. Really. Need something like a real crypto attack, or real computation power boost, like reaching 10M/s. [1] http://www.elcomsoft.com/news/268.html [2] http://sid.rstack.org/pres/0810_BACon_WPA2_en.pdf -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WiFi is no longer a viable secure connection
Le vendredi 10 octobre 2008 à 23:05 -0400, [EMAIL PROTECTED] a écrit : You only need a botnet of several hundred gamer's boxes and you're at 10M. Sure. But one question remains: is it worth it ? Using a botnet to crack John Doe's PSK where you can just push password stealing malware on his box ? My problem with this kind of announce is that it seems to make people believe that cracking WPA/WPA2 is easy, just like WEP. But it is not, and really far from it. Maybe, or likely, some day, not that far away, someone will come up with a crypto or implementation flaw that will crush them down, but right now, it is not the case. So we stuck to a password guessing game. A game we play for years, with password hashing algorithms that we are *way* more efficient at cracking than a PBKDF2. I don't say we can't break PSK. I say that we suck at it with current implementations, even with a x100 performance increase. -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: WiFi is no longer a viable secure connection
Le samedi 11 octobre 2008 à 09:08 +0530, Anshuman G a écrit : I have turned off SSID broadcast and its pretty obscure, the password is obscure too, its WPA personal, i think its impossible to crack/get in my router without knowing SSID :D . But your SSID is very easy to retrieve, as it is leaked every time you associate a legitimate box to your wlan... And guess what: the regular process of cracking a WPA PSK implies disassociating a client to sniff the 4-way handshake. Doing this, the attacker will also sniff SSID cleartext in the air. Which means: *do not* rely on SSID cloaking for your security. -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 802.1q Vlan Packets
Le jeudi 22 février 2007 à 18:31 -0800, pengo13 a écrit : Other than wireshark/ethereal there is Yersinia which is a tool that is supposed to take advantage of weaknesses in various protocols (802.q being one of them). I know it includes a vlan spoofing feature, but I haven't had time to really give the tool a try outside of installing it and running it for abit. Scapy can provide 802.1q encapsulation as well: http://www.secdev.org/projects/scapy/ -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [ Capture Skype trafic ]
Le vendredi 27 octobre 2006 à 16:53 -0400, gabriel rosenkoetter a écrit : (That said... keeping people from using Skype on a corporate network is an HR problem, not a network management/security problem, methinks, just like any P2P software.) Have you ever header of Skype API that basicly allows two application to communicate on top of Skype network, thus inheriting Skype resilience, encryption, obfuscation and firewall punching capapbilities ? -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [ Capture Skype trafic ]
Le samedi 28 octobre 2006 à 11:53 -0400, gabriel rosenkoetter a écrit : I don't see how this isn't still an HR problem. Ressources usage will definitly end-up in HR problem, but that does not mean you don't have to filter. There are technical means to block execution of arbitrary applications, as pointed out before, and that's just an example of what can be done from a technical perspective. Sometimes, you can consider risk low so you can let education deal with it for you. Sometimes you can't. I think Skype may induce risks that I wouldn't let to education alone. As a more general matter and as you said before, filtering will never work by itself, but it also applies to education. Education is not sufficient, or we would have noticed it before. And if users security is all about HR, and I really don't understand why we put so much protection around what they do... -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Idle scan rediscovered!!!
Le vendredi 05 mai 2006 à 12:33 -0400, Tim a écrit : Sorry, I'm having difficulty following some of the details of your results. Are you using the Windows machines as the idle hosts only, or is the Ubuntu box also being used as an idle host in some configurations? As standard 2.4/2.6 kernels behaviour is to set DF flag to 1, and IPID to 0, it's a very bad candidate for an idle host. And sadly, it's no news that Windows boxes are prone to idle scanning because they have an incremental IPID generator... -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Idle scan rediscovered!!!
Le vendredi 05 mai 2006 à 18:49 +0200, Cedric Blancher a écrit : As standard 2.4/2.6 kernels behaviour is to set DF flag to 1, and IPID to 0, it's a very bad candidate for an idle host. Mitigating this... 1. there's Marco Ivaldi finding posted on Bugtraq 2. There seem to be something with ACK packets to exploit for idle-scanning: hping3 -A -r host -p 80 Gives back exploitable incremental IPID on a Linux 2.6.15 box. Note that default ip_conntrack_tcp_loose of 3 prevents theses packets to get flaged as INVALID by conntrack. -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Idle scan rediscovered!!!
Le vendredi 05 mai 2006 à 16:11 -0400, Tim a écrit : Gives back exploitable incremental IPID on a Linux 2.6.15 box. Are you sure? Just because the sequences are predictable or even incremental for your source host doesn't mean it is exploitable. This is old information, but I would assume it is still the case (until someone presents hard evidence otherwise): I'm aware of this fact. As I figure all my tests were done from the same box, I'll still have to check it out. Let me test it more intensively after this week-end and I'll let you know. -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Secure HTTP
Le jeudi 23 mars 2006 à 15:55 +0200, Q Beukes a écrit : Are their any open source proxy/tunneling software that makes it possible to surf both HTTP/HTTPS over an SSL/HTTPS connection. Use PPP over stunnel, with a patch to support CONNECT method through proxies : http://www.stunnel.org/examples/pppvpn.html You can use OpenVPN as well, that supports both CONNECT and HTTP AUTH. Or you can use any HTTPS proxying service, such as anonymizer.com... -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ICMP injection
Le mardi 01 novembre 2005 à 00:11 -0600, Josh Perrymon a écrit : Anyone familiar with injecting ICMP or DNS packets with NC? You won't be able to inject ICMP with netcat (nc). Injecting DNS is possible, but you have to craft your UDP payload yourslef. You should try Scapy : http://www.secdev.org/projects/scapy/ Sort of Python shell to craft, inject packets and grab answers, with lots of useful classes. You'll find examples, and in particular all ICMP and DNS stuff you may need. As an example, you can find a DNS request based traceroute onliner with Scapy on page 3 of this article : http://sid.rstack.org/articles/0309_MISC_Traceroute_en.pdf -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/