Slashdot Mirror

...to crack WEP, according to Airsnort. Whew!

If a computer is not my own computer i simply don't trust it.

Ah, but you don't need to trust it in order to use it!

It is hard to break WEP. Even though attacks are theoretically possible, my experience is that it takes too long to collect enough packets. I let AirSnort run for most of a day. It collected nothing. On a low traffic home network, WEP is quite good.

I really do not know the details of attacking WEP, so maybe there are fast cracking approaches. Writing as someone who uses WEP and casually tried to break WEP, WEP provides a high barrier to network infiltration. A stranger would have to make a lengthy effort to do it.

Osiris, an intrusion detection software package, will compile and run on OS X. Seems to work, but haven't had a real intrusion attempt yet to test it against (knock on wood).

Not sure about the network hardware vendor but the official software vendor would have to be These Guys.

Don't tell anyone.

Cheers
Stor

If you're stuck with an orinoco card (I was) this web page is a good start:
http://airsnort.shmoo.com/orinocoinfo.html
Follow the instructions and be careful because most probably you'll have to recompile the kernel exactly as they say there (with pcmcia support but not built-in).
If you use one of the heavily-modified kernels from redhat, fedora, mandrake etc. expect troubles. Actually I installed slackware in a small (below 1Gb) partition and had it working there.

The open source kismet is a powerful alternative to NetStumbler. For those of us who don't use Windows, this is nice ;) There is also airsnort, once again for the non-windows crowd.

Hints for a better recording session:

1. Bring along a camera strobe/flash unit, attached to telescoping rod.
2. Wait for the lights to go out, then sneak to the back of the theater.
3. Use strobe flash to temporarily blind night-gogglers in projection booth.
4. Swear loudly, then remember to close own eyes next time.
5. Gosub Step 3.
6. ???
7. Profit!

Kids, don't try this at home. Void where prohibited. Professional driver on closed course. If you're caught, the secretary will disavow all knowledge of your actions. My thoughts are my own.

Tinfoil Hat Linux

With no doubt, this must be the biggest security hole I have seen lately. 802.11g directly to the hard drive. Bravo. Is this an April Fool's joke posted prematurely or are they really out of their minds thinking that anyone would be so stupid to buy such a hard drive, which is basically asking to be cracked? I find it insulting. I hope script kiddies will have lots of fun.

The Illuminati are watching your computer, and you need to use morse code to blink out your PGP messages on the numlock key.

Heh... note the email address Annalee Newitz is using here... she evidentally creates a new mail alias for every column: sugarpill@techsploitation.com

Ah, slash ids pushing a billion and whining about what a sewer it's become...

I don't know, compare them
Tin Foil Hat Linux

Nothing will separate me from my tinfoil hat from now on!

This has the added bonus that all us tinfoil-hat weenies know about! Make sure you line the ceiling as well, or the spy satellites will get you.

...And of all the days I don't have mod points... But I do have my hat

go ahead and try to wire tap my dorm's P2P WEP protected 802.11g WiFi network

You do know that WEP can be easily cracked, right? I realize that some access point vendors have tweaked their firmware to not send weak IVs, but as I understand it the attack is still possible (especially if you have a way of injecting extra traffic into the network).

It's been mentioned already by many posters that WEP is insecure. Take a look at AirSnort for details, but basically, depending on the traffic of your network, you can be cracked in as little time as under a day.

Talk about a false sense of security.

WEP is completely disabled to reduce needless overhead on my AP. But I do run a certificate based relaying (See http://vpn.ebootis.de/ & http://www.freeswan.ca/ for details. So if you don't have the right certificate, you can't route any packets in or out of my wireless network.

Have fun cracking a 1024-bit RSA key.

"Now where did I put my tin-foil hat?"

Right here

of an article I read a while back, about "URL hiding by using alternate character set". I did a little bit of searching, and come up with this

One problem with non-Latin scripts is that cybersquatters could begin registering non-Latin versions of popular domain names in order to divert viewers from intended destinations. Two Israeli students did just that in order to make an international point: They registered microsoft.com using the Russian Cyrillic "o" and "c," an international domain that looks exactly like microsoft.com in English even though it is in fact a different domain name.

Whole text can be found here

How about a printer attached to Tin Foil Hat Linux
This would just about be hack proof. (Tin Foil Hat Linux does not support networking at all)

Tinfoil Hat linux.

Actually, there already is a Tinfoil Hat linux. It's a bootable single-floppy distro for gpg-signing and/or wiping files.

The NSA's version is called SE-Linux, for Security Enhanced Linux. It has a "strong, flexible mandatory access control architecture incorporated into the major subsystems of the kernel. The system provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements. This allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications." Or some such.

If you really need security and don't think running Bastille-linux is going to be enough, then ACLs a la SE-Linux might be the way to go. I suppose no OS is truly secure, but it's hard to imagine even talented crackers getting very far against it.

A quick google suggests the evil government also has nothing better to do that to protect those stupid "cypherpunks" too: http://www.shmoo.com/mail/cypherpunks/janfeb00/msg 00401.shtml

The DefCon presentation describes their authentication setup, IIRC.

If it's Scientology you wish, my lad, simply point your browser to Operation Clambake.

Huh? Who's there? Black helicopters? Quick! Where's my tinfoil hat?!?!? AAAAAAAGGGHHHHHmphNO CARRIER

"Morseall is a morse code input server for Linux using the mouse buttons."#

Combined with tinfoil hat linux which 'displays' your decrypted text by blinking it on the numlock light, you have a system invulnerable to key-logging.

Tinfoil Hat Linux is designed for just such a case. Boots of a CD-ROM, randomized keyboard for password entry, tempest-resistant fonts, PGP encryption and decryption (also of random files, in the background, to thwart timing attacks), and in a pinch "output console text to keyboard LEDs in morse code" mode.

certain sites have noticed increase traffic. All your WEP (abtu).

WEP is a horrible thing. I use it msyelf, but that's mainly to keep my non-techie neighbors from turning on their laptops one day, have windows xp realize there's a wireless connection in their range, and start using my bandwidth. I have no delusions that my data is secure since anyone could, with a little patience, use airsnort to find out what my key is.

The accesspoints of the future would hopefully have 2 WEPs: One to allow access to acesspoint and a second second one - dynamically assigned to individual clients(probably recognized by unique mac address) for all data communication between that unique client and accesspoint.

As another poster pointed out in this very article, it would be much better to have some sort of PGP encryption in the access point, where you send your public key to it, and it encrypts the data back. Problem with doing anything based on mac addresses themselves, is that you can change your mac address in both windows and linux

Forget 802.1x. It was cracked over a year ago. Here's an article reporting on the vulnerability. WEP (any bit length) is even worse; cracks have been out for it for ages.

Your best bet is to deploy IPSec. Yes, as an earlier poster points out, there are some vulnerabilities that IPSec doesn't address, but if you build your network properly (keep all APs on a spur in the DMZ; make sure the spur router(s) refuse all hostile Ethernet frames), you can mitigate or eliminate those problems.

Schwab

Well, duh. I don't think I was gaving the /. crowd too much credit by assuming they're smart enough to parse the phrase correctly on their own, but in case I'm wrong... THE ROCKET IS POWERED BY COMBUSTIBLE FUEL! LINUX IS NOT A POWER SOURCE! For those refuse to believe that, try on one of these hats! ;)

Two points:

Which is cheaper, buying SCO or kicking their butt in the courtroom?

Would buying SCO just to shut them up set a bad example for any company looking to get bought that has a wooden spoon and a pot to bang on?

BTW, on the subject of the hat, would running Tinfoil Hat Linux be an acceptable alternative?

SCO is using AirSnort now? =)

Tinfoil Hat Linux has gpggrid , a wrapper for GPG that lets you use a video game style character entry system instead of typing in your passphrase. Keystroke loggers get a random set of grid points, not your passphrase.

Well, no. It's not as strong as it could be or ought to be, but someone has to sniff and crunch your packets for a good long time (there's a spam subject line if I ever heard one) to break WEP.

This site suggests that you need the packet traffic generated by 500 person-hours of heavy network usage to break WEP. I use my network about 10 hours a week. Accordingly, if I change my password once every few months -- that is, once every 100-200 hours of network use -- I avoid the nightmare scenario of someone printing 500 copies of goat-man to my color printer.

If anyone has any information that suggests WEP is weaker than that, I'd be happy to hear about it.

• The identifier you are referring to is the SSID (Service Set Identifier).
• wardriving programs operate by putting the wlan card into promiscuous mode and sniffing all the wireless traffic passing through the air. I beleive that they also send out probes for SSIDs.
• If you are not using WEP (Wired Equivalent Privacy), then everything transmitted is cleartext. However, WEP has been proven insecure, and should not be relied on for any sensitive data.

Kismet - Wardriving application for Linux
Airsnort - On-the-fly WEP cracking for Linux

I wouldn't be so sure.

That is a post to a Cypherpunks mailing list concerning a hypothetical device to crack the 1024 bit keys that are so widely used in ssh and the like. The "machine" would cost between several hundred million to a billion dollars and require a megawatt or so of power, but would make cracking those types of keys childs play.

Considering that spy agencies could spend up to 2 billion USD on satellites, they would be crazy to pass something like this up.

Food for thought...

Interesting link. AirSnort is not quite ready for prime time the way NetStumbler is, but it appears not to be terribly far away.

I would point out that the FAQ suggests that on average, a moderately busy network -- 4 persons surfing the Net continuously during business hours -- would take about 16 days to generate enough packets to permit cracking the encryption. Doing some rough math, that's about 500 hours of person-surfing. My home network generates maybe 10 hours of person-surfing a week, so it would take on average 50 weeks of continuous monitoring to crack my password, assuming that someone was inclined to devote that much time to the project. That suggests I should change my password every 3-6 months, but it doesn't suggest that WEP is so weak that wireless is a bad idea for me.

Airsnort.

AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.

802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous security flaws. Most damning of these is the weakness described in " Weaknesses in the Key Scheduling Algorithm of RC4 " by Scott Fluhrer, Itsik Mantin and Adi Shamir. Adam Stubblefield was the first to implement this attack, but he has not made his software public. AirSnort, along with WEPCrack, which was released about the same time as AirSnort, are the first publicly available implementaions of this attack.

AirSnort requires approximately 5-10 million encrypted packets to be gathered. Once enough packets have been gathered, AirSnort can guess the encryption password in under a second.

You seem to be confusing a private network using NAT and a Virtual Private Network.

As the VPN Information on the World Wide Web puts it (bold is my emphasis on certain parts):

What's a VPN? Virtual private networks are secured private network connections, built on top of publicly-accessible infrastructure, such as the Internet or the public telephone network. VPNs typically employ some combination of encryption, digital certificates, strong user authentication and access control to provide security to the traffic they carry. They usually provide connectivity to many machines behind a gateway or firewall.

Literally, a VPN is two remote networks treating one another like they're one big LAN and routing communications (encrypted) across another network, usually The Internet.

"The slippery slope argument is clearly invalid if it is meant to be a point of logic, for it does not follow that "if b is an exception to A, then no part of A is true." Specific exceptions to a rule or principle do not in any way logically imply that the rule is otherwise false or never justifiably applicable in any cases. In fact, calling something an "exception" points out that only it is the relevant act that the rule does not cover. If, for example, a pharmaceutical drug should be used only by people who have asthma, that does not imply people should also take it for arthritis or pregnancy. Permitting stem cell research on embryos does not logically imply that sacrificing infants or terminally ill patients is acceptable.
It appears the argument is meant to be more an argument about people's psychology, and, spelled out, it seems to be something more like "if you make any exceptions to a rule, particularly a cherished or time-honored rule, people will think the rule arbitrary to begin with and will see no reason to follow it at all." Hence, any exceptions undermine respect for a rule, and thus eventually lead to the rule's not being followed at all. Or another intended argument might be "people cannot generally make fine distinctions, so if you make an exception to a (time-honored) rule, people will think you have shown the rule to be flawed and therefore unnecessary to follow."
A slightly different, and more sophisticated version of the principle might be "if you make exceptions to a rule, people will generalize the reasons for that exception and apply them to other aspects of the rule to which those generalizations will also apply." In the embryo issue, the argument would be that "if you allow embryonic stem cell research people will see that defenseless human life has only instrumental value --value for helping others-- so nothing will stop people from wanting to kill infants or people with terminal diseases to help others." Or it might be phrased as "if you allow embryonic stem cell research because embryos are not viable on their own, then you will end up allowing infanticide and termination of the lives of the terminally ill because they are not viable on their own either."

If you want to be suitably paranoid, you boot Tin-Foil hat Linux. The boot media may be write-protected and the machiine can be off the net. You ignore the original OS and boot your own. You are only vulnerable to BIOS modifications.

tinfoil hat linux does this, to some degree. IIRC, The login screen is called "arcade mode" for good reason.

Aleph did a good job on this one. It's a classic. Exploit posts to bugtraq somtimes contain comments in the source code crediting this article.

http://www.shmoo.com/phrack/Phrack49/p49-14

Put simply, "Smashing the stack" is a method of overwriting variables within a program (which are located on "the stack") with malicious CPU instructions. When done properly, the vulnerable application will jump to those malicious instructions and do Bad Things(tm).

Preventing the CPU from executing code located on the stack will in many/most cases prevent these malicious instructions from ever running (because they're located on the stack).

For a detailed explanation, see Smashing the Stack For Fun and Profit by Aleph One.

here's hoping they use more than just WEP to protect the damn thing....airsnort...

oh well, now all those green peace boats sailing by can get wireless access and look at all the pr0n passing through the chilly sea air....

as long as you're not running a safe operating system, no amount of hats are going to protect you, buddy.

• You're using a computer that could have a keystroke logger installed. http://www.keyghost.com is an example of a tiny & cheap hardware logger.
• You need to use your personal GPG keys at work, school or a web hosting facility where you don't trust or own the equipment.
• If you maintain a PGP Certificate Authority or signing key and have to have a safe place to use the CA key.
• If you simply don't want to risk putting a PGP key on a hard drive where someone else might have access to it.
• The Illuminati are watching your computer, and you need to use morse code to blink out your PGP messages on the numlock key."

On the loganalysis mailing list.

It's covered everything from requirements for logs to be admitted, to the validity of using checksums.

It's also been archived on the log analysis website.

even better, we've had several lawyers in on the conversation who site actual case law.

for once the conversation doesn't need the standard IANAL.

Here's a link to the start of the thread
[Log] Log Archival

or for those who prefer a top down view:

Index of threads for december

oh, and here's a website by the ever excellent Tina Bird of counterpayne, as well as Marcus Ranum

Log Analysis

you can find all the info you need in the library off this site.