Domain: evilscheme.org
Stories and comments across the archive that link to evilscheme.org.
Comments · 23
-
SSL with unsigned certs makes little security sens
I've written an article criticizing the behavior in Firefox 3 [...]restricting encrypted HTTP to paying customers
Unfortunately, self-signed SSL certificates are vulnerable to man-in-the-middle attacks - for example, dodgy coffee shop WiFi, airpwn, DNS cache poisoning, corrupt ISP employees, ISP/government conspiracies, and so on.
Now, if it's just you and some friends using your server you can e.g. memorise the key fingerprint. But then, you can also add the self-signed key at whatever computer you happen to be using.
If you're facing a larger audience, however, self-signed certificates do not provide sufficient security as, though they protect against passive snooping, they do not protect against the very real risk of active (man-in-the-middle) snooping.
If you think Mozilla should have redesigned the SSL security model into a web of trust that's all very well, but frankly beyond Firefox's scope IMHO.
-
Re:Easy.
I can one-up that. http://evilscheme.org/defcon/
-
airpwn
-
Yesterday's story?
I spent the whole yesterday refreshing the slashdot frontpage, and somehow managed to miss the story!
Anyway, this technique reminded me (yes I know they're very different) of airpwn, a piece of code which sniffs out the images and replaces them with the ones you specify, the authors had some fun at defcon 12 -
Re:Goats
Memories are short round here... been done before...
google 'airpwn' -> http://www.evilscheme.org/defcon/
- mathx -
Can you imagine the tech support calls?Substituting everything with Goatse or Tubgirl (Goatse was already done with airpwn at DEFCON 12) would be funny, but Joe Sixpack would call tech support, and they'd all shrug it off saying he'd been cracked with some sort of virus.
But can you imagine Joe Sixpack trying to explain to Pradeep that all the images in his web pages were being displayed upside-down (or better yet, blurry, or upside-down and blurry!), while all the text in the very same web pages was being displayed upside-right in crystal clarity?
Joe Sixpack probably doesn't know the differences between images and text. Pradeep would hear the word "upside down" or "blurry" and immediately think it was a hardware problem.
It'd probably take any of us half an hour to convince a second-tier tech that we weren't trolling him, never mind Joe Sixpack.
I'd give my left nut to hear the support calls on this. (Particularly as I'm pretty sure that those of you in tech support have no use for my left nut.
:) -
He should've grossed the guy out by
1) using Airpwn http://www.evilscheme.org/defcon/ and giving him the same or similar image (e.g. goatse guy or tub girl)
2) set up a camcorder on the guy's face
3) laugh everytime the guy sees a pic
4) send a link to the video to slashdot
5) profit (emotionally)
See - that's how you get rid of the "???" step! -
Re:Let me be the first to say...
Out of morbid curiousity, I did a search for "goatse." I came across this page and thought I'd share: http://www.evilscheme.org/defcon/ Some of the reaction shots are hysterical.
-
airpwn3d!> Add a headset and Skype, and you don't need a cell phone to have loud, annoying phone conversations on an airplane."
Time for serious airpwnage. No, not the kind of pwnage that'll befall you for playing CS (namely wearing a headset and being prone to mutter things like "OK, 3 terrorists to the left, one's got a gun! Kill that fucker!" under your breath) on an airplane.
I'm talking about the amount of fun you can have when that annoying cellphone-addict using Skype to escape the withdrawal... you can already hear him from three seats behind of you, hollering to his wife and kids... and then the holler he makes when he finds himself airpwned!
-
AirPwnI predict increasing use of AirPwn on-campus. See also SourceForge project page.
Nothing works quite as well as a good, old-fashioned bundle of wires.
P.S. no connection to the AirPwn folks myself; I just think their particular demonstration project was eff-ing hilarious.
-paul
-
security?Do they have use sort of WEP, WPA, etc.?
Or can you do something like this?
As a previous poster mentioned, I would never do anything until I had an SSH tunnel or something.
Someone in promiscuous mode could ruin your whole month.
-
Can you say "airpwn"?
I knew you could.
(Warning: here there be goatses!)
Mal-2 -
Re:Airjack
I was thinking exactly the same thing as you, I remembered airpwn.
This is even worse that an "evil twin" mentioned on the BBC because the airpwn guys did not set up a new AP, they messed with the data being transmitted to the real AP.
Now you know why you should use authentication (or encryption if you think you need it) when putting data on the air.
PS: check the pictures -
Bad Idea, but will work....
This assumes your neighbors actually use the connection. (If they do not, should not most APs stay quite silent?)
Anyway....
1. Run airpwn
2. Watch your scared neighbors turn off APs in horror.
3. Wifi!!! -
Not only that..
What's the guarantee that the EULA you read online is the EULA that's presented by the software?
What happens if it's revised between the time they print the software, and the time you take it home? What happens then?
Or what about something nefarious? For example: suppose a MITM attack causes every request you make to (for example) MS's EULA site to return an text that states "you must use the software in accordance with copyright law", but then you go to install it, and the EULA includes all of MS's usual onerous terms. Will the store *still* be required to give you your money back?
Or (even better) what if the forged EULA says "instead of installing it, you may make copies of this software and sell it for $20" - what happens when you get busted for commercial copyright infringement because you decided to sell it instead of install it?
Now, I'm not even that devious, but it seems to me a requirement like this could be used to cause a *LOT* of trouble. -
Imagine for a moment....
your neighbors open accesspoint, a copy of Airpwn and a suitably infected jpeg. Sounds like a pretty nasty situation in the making to me.
-
Coming soon, to a hot spot near you!
-
Re:New way to war drive?
Soeaking of man-in-the-middle attacks, this thing looks like a lot of fun.
-
Re:How would that work?
If "Hackers" taught us anything, it'll be l337 h4x0r5 sending each other love letters or flames from the sides of buildings. Of course, after the recent article on airpwn's debut, I'd be worried of the ideas floating around of what image/videos to hack in place of actual ads.
-
flipping the birdWhat kind of middle finger is that?
-
wireless protectionYou gotta love the condom over the little antenna.
-
Who needs wallpaper when you can just fight back?
Maybe I'm the only one who ran across http://www.evilscheme.org/defcon/ this little gem , but this seems like a very good low-budget option for striking back at your friendly neighborhood wi-fi swipers.
-
AirPwn
Read all about AirPwn, the best wireless remote goatse display app ever used at a Defcon, here:
http://www.evilscheme.org/defcon/
At Defcon 12 this year my cow-orkers and I brought along a little piece of code called "airpwn." Airpwn is a platform for injection of application layer data on an 802.11b network. Although the potential for evil is very high with this tool, we decided to demonstrate it (and give it its first real field trial) on something nasty, but harmless (compared to say, wiping your hard-drive)
airpwn requires two 802.11b interfaces, one for listening, and another for injecting. It uses a config file with multiple config sections to respond to specific data packets with arbitrary content. For example, in the HTML goatse example, we look for any TCP data packets starting with "GET" or "POST" and respond with a valid server response including a reference to the canonical goatse image.
(Hugs toast!)