For those that "secure" their dos network, this isn't going to anything unless they write the proper matching regex and haveit reply with a deauth frame. This isn't included as part of the code base, so they have to figure it out.
Those were the same people that were afraid to use the network (because they don't know how to do it securely) and also the same people that don't get how the tool works.
All I see in this discussion is either people joking, bitching or having no idea how airpwn works.
Let's just set things straight. First of all, there is no arp posioning. Do you disagree? Well it's a GPL app, go read the source, show me the arp posion part of the code. What's that you can't find it? Oh, well jesus, it's because it doesn't do that.
You can hijack any tcp connection with this, it cannot be blocked without blocking the legit traffic.
This is accomplished by using raw frame injection. One network card listens on a given channel (or in the case of a cisco card, all channels) and the other card simply injects custom frames with perfect replies. If your reply (it's up to you how big it is) is the right size, it's injected so perfectly that the connection not only still works, all of your webpage stuff still works, images just load as whatever the attacker wants.
It works with ftp, http, aim or whatever. You can just have a ball.
It would be entirely possible to write regex that replied over aim or icq or any of that crap with a raw frame telling the other people in the conversation that they were coming out, it's up to you.
The software uses a very customizable framework to allow for use of regular expressions for matching. It's really useful for things other than goatse, but at defcon, they deserve the best.
Anyway, the totally clueless people here that claim to know how it works haven't even compiled it, so don't listen to them.
This article is a trival example of something you can do, a bomb would be much more damaging and more of threat as RFID is used for ID (with regards to people, not products. Unless you consider for a second that it makes them products, but i digress).
I really can't wait until we have time bombs that are a result of the number of times a given person walks by with their RFID tag on. 10, 11, 12, booom.
First of all, the budget you cite isn't why I called you a troll.
I called you a troll because you're shilling for front groups.
Second, why do you think I do their book keeping? Go look at the tax documents just like that front group claimed.
People who work for them get health insurance, like any other company that cares about it's workers. We have an IT staff, which I am a part of, we have computers, we pay rent. We have ships, which of course you knew because your RTFA, right?
We are just like other Non-Profits and other companies in that regard. Everyone has overhead and not everyone spends their entire budget.
I don't do their finances, so I can't entirely answer, only the book keepers could.
The important fact is that what they do is entirely legit. The other important fact is that when someone said it wasn't they were entirely wrong.
That group you keep citing is a front and you sir are a troll if you keep this up anymore as I have answered your questions.
I wonder, now that I have refuted your claims, do you have any basis for disliking Greenpeace or are you still going to dislike us anyway?
Perhaps you feel that way, but a company isn't a person. It has a mission statement and it has agents to carry out that mission.
With that said, I have effectively and correctly shown your statements to be without merit.
You have and will always be wrong in regards to your attacks on Greenpeace. There is nothing to tie Greenpeace to violence, terrorism or illegal money handling.
Stop trying to make Greenpeace look bad because of a personal grudge.
It's not that know nothing about budgets or money, it's that I wanted to know where you got your "facts." As it turns out, you were spewing more stupid bullshit.
If the IRS didn't want to go after someone like Greenpeace (when someone claims they had good reason to) and the people backing this research won't disclose who gives them money.... Where does this lead you?
The PIW is a front, plain and simple.
Hmmm.
Smear campaign?
Sorry dude, it's all legal and it's not even unethical.
I am interested mostly because like most of the other uninformed people here, you don't cite your sources. Sounds like bullshit FUD to me, back it up or look like a fool.
Also, re: WTF do you do with the money? And it doesn't sound like you are doing anything that matters, I mean WHAT HAVE YOU DONE?
It sounds like the problem here is you and your lack of understanding.
On the one hand you seem to state that you don't think we do anything that matters and then you ask what we have done. Well hmm, if you don't know what we have done, how can you know the value of it?
All you are doing is making people, who might agree with your views but not your methods, not like you or your views.
That's pretty subjective don't you think?
I meet people on a daily basis that thank me for the work that Greenpeace does on a daily basis.
I meet people all over the planet when I donate my time to speak at conferences and they don't seem to be alienated.
I talk to lots of people on a daily basis and I have never had anyone tell me to my face that Greenpeace was worthless, bad or otherwise something that was a waste of time.
The only time that I have heard bad things, they have been from folks like you on the internet. You can't back up your facts and you just seem to be angry.
If, of the top of your head, you can not name three things GP has done then they most not have done very much.
Ah. Again we see the problem here. It's you. You can't name something we have done and thus we are worthless?
No. I am sorry, play again.
Just because you can't name something of value doesn't mean that it lacks value, it means that you lack understanding.
You lack an education on Greenpeace, please visit our website greenpeace.org with an open mind.
I just love how your comment is broken down into two basic components.
Greenpeace members have spiked trees.
You make this claim and have zero facts to go along with it, good job on that. You discredit yourself.
I lived with one of them, before he became a fucktard.
So what you're now saying is that you lived with a member of Greenpeace (which isn't the same as someone who works there) and you dislike him?
Well golly, I have no idea what your agenda is? Bitter much?
A member of Greenpeace isn't the same as someone who works for Greenpeace. Anyone can join and support Greenpeace with money, it's a tax deduction in most countries, so many people do.
As far as the tree spiking, again: Greenpeace doesn't do that.
Your friend was a "fucktard" if he was the one that spiked trees and claimed to be from Greenpeace. We don't do that. Ever.
Slashdot Mirror
Well the seriousness is obviously in the code asshat.
FYI: You're wrong.
As you disclaimed that you have never bothered to attend defcon, you discredit yourself right off the bat.
I mean just basically just said: "I don't know what i am talking about, I haven't ever been there but I just like to hear my laps flip."
With that said, you're wrong.
I know I don't go around getting drunk and fucking up the pool.
Besides with 5000 people there are going to be idiots and there are going to be people with skill.
But if you haven't been to defcon, don't sit around bitching about it and professing to know anything.
Easily.
Secure your wireless network and hope that your attacker doesn't use one of 8billion other software tricks to mess with you.
Airpwn doesn't crack WEP, but it can inject anything, so secure your network.
Of course a legit user can use it, so it becomes nontrivial at that point.
It looks like a perfectly good response from the server. It's an entire frame constructed to be a reply to your request.
HostAP driver is needed for raw frame injection. Any card that's supported by it should work.
For those that "secure" their dos network, this isn't going to anything unless they write the proper matching regex and haveit reply with a deauth frame. This isn't included as part of the code base, so they have to figure it out.
Those were the same people that were afraid to use the network (because they don't know how to do it securely) and also the same people that don't get how the tool works.
So really you weren't because this wouldn't have affected you at all.
This type of attack doesn't bother people that don't request images.
Stop karma whoring.
Hi.
I wrote the manual page for airpwn.
All I see in this discussion is either people joking, bitching or having no idea how airpwn works.
Let's just set things straight.
First of all, there is no arp posioning.
Do you disagree? Well it's a GPL app, go read the source, show me the arp posion part of the code. What's that you can't find it? Oh, well jesus, it's because it doesn't do that.
You can hijack any tcp connection with this, it cannot be blocked without blocking the legit traffic.
This is accomplished by using raw frame injection.
One network card listens on a given channel (or in the case of a cisco card, all channels) and the other card simply injects custom frames with perfect replies. If your reply (it's up to you how big it is) is the right size, it's injected so perfectly that the connection not only still works, all of your webpage stuff still works, images just load as whatever the attacker wants.
It works with ftp, http, aim or whatever.
You can just have a ball.
It would be entirely possible to write regex that replied over aim or icq or any of that crap with a raw frame telling the other people in the conversation that they were coming out, it's up to you.
The software uses a very customizable framework to allow for use of regular expressions for matching. It's really useful for things other than goatse, but at defcon, they deserve the best.
Anyway, the totally clueless people here that claim to know how it works haven't even compiled it, so don't listen to them.
If you have any questions, feel free to ask.
As someone that watched idiots try that, i laugh at you.
The tool injects the data in a way that isn't possible to block unless you drop packets from the server. Tunnel your traffic if you care.
(Hugs toast!)
This article is a trival example of something you can do, a bomb would be much more damaging and more of threat as RFID is used for ID (with regards to people, not products. Unless you consider for a second that it makes them products, but i digress).
I really can't wait until we have time bombs that are a result of the number of times a given person walks by with their RFID tag on. 10, 11, 12, booom.
Food for thought anyway.
I am not one to support pot, I don't smoke it, but I see why other people do.
Did you ever think that they wouldn't have become that way without pot?
I know a number of programmers who inorder to deal with the stress their job gives them, they smoke pot.
As a result, they are calm and relaxed when working 90 hours a week.
Granted they annoy the hell out of me, they still do a damn fine job.
First of all, the budget you cite isn't why I called you a troll.
I called you a troll because you're shilling for front groups.
Second, why do you think I do their book keeping? Go look at the tax documents just like that front group claimed.
People who work for them get health insurance, like any other company that cares about it's workers. We have an IT staff, which I am a part of, we have computers, we pay rent. We have ships, which of course you knew because your RTFA, right?
We are just like other Non-Profits and other companies in that regard. Everyone has overhead and not everyone spends their entire budget.
I don't do their finances, so I can't entirely answer, only the book keepers could.
The important fact is that what they do is entirely legit. The other important fact is that when someone said it wasn't they were entirely wrong.
That group you keep citing is a front and you sir are a troll if you keep this up anymore as I have answered your questions.
I wonder, now that I have refuted your claims, do you have any basis for disliking Greenpeace or are you still going to dislike us anyway?
Perhaps you feel that way, but a company isn't a person. It has a mission statement and it has agents to carry out that mission.
With that said, I have effectively and correctly shown your statements to be without merit.
You have and will always be wrong in regards to your attacks on Greenpeace. There is nothing to tie Greenpeace to violence, terrorism or illegal money handling.
Stop trying to make Greenpeace look bad because of a personal grudge.
And please do us all a favor and stop trolling.
It's not that know nothing about budgets or money, it's that I wanted to know where you got your "facts." As it turns out, you were spewing more stupid bullshit.
But I am glad that you finally cited your source.
Because you happened to cite them, you can now read this nice little piece about what you're citing.
If the IRS didn't want to go after someone like Greenpeace (when someone claims they had good reason to) and the people backing this research won't disclose who gives them money.... Where does this lead you?
The PIW is a front, plain and simple.
Hmmm.
Smear campaign?
Sorry dude, it's all legal and it's not even unethical.
You're grasping at straws at this point.
The cost of those enclosures is out of fucking hand.
The ones that plug into the back of the disk are even worse.
$400 to not bother opening the case of a removable hard disk container is nuts.
I mean, it's a slick design and it's nice to have all of those ports, but that's crazy for that price.
For under $200 I just got a 250 gig drive (7200rpm) and it does firewire 400/usb1.1/2.0
And that was for the *expensive* enclosure!
Where do you get the figure $145,000,000?
I am interested mostly because like most of the other uninformed people here, you don't cite your sources. Sounds like bullshit FUD to me, back it up or look like a fool.
Also, re:
WTF do you do with the money? And it doesn't sound like you are doing anything that matters, I mean WHAT HAVE YOU DONE?
It sounds like the problem here is you and your lack of understanding.
On the one hand you seem to state that you don't think we do anything that matters and then you ask what we have done. Well hmm, if you don't know what we have done, how can you know the value of it?
All you are doing is making people, who might agree with your views but not your methods, not like you or your views.
That's pretty subjective don't you think?
I meet people on a daily basis that thank me for the work that Greenpeace does on a daily basis.
I meet people all over the planet when I donate my time to speak at conferences and they don't seem to be alienated.
I talk to lots of people on a daily basis and I have never had anyone tell me to my face that Greenpeace was worthless, bad or otherwise something that was a waste of time.
The only time that I have heard bad things, they have been from folks like you on the internet. You can't back up your facts and you just seem to be angry.
If, of the top of your head, you can not name three things GP has done then they most not have done very much.
Ah. Again we see the problem here. It's you.
You can't name something we have done and thus we are worthless?
No. I am sorry, play again.
Just because you can't name something of value doesn't mean that it lacks value, it means that you lack understanding.
You lack an education on Greenpeace, please visit our website greenpeace.org with an open mind.
What are you talking about?
One of the guys who was *on that ship* is in this discussion!
He even commented above, the whaling ship rammed Greenpeace!
They have the fucking video tape to prove it.
Read his comment here.
Stop being such a tool, will you?
I just love how your comment is broken down into two basic components.
Greenpeace members have spiked trees.
You make this claim and have zero facts to go along with it, good job on that. You discredit yourself.
I lived with one of them, before he became a fucktard.
So what you're now saying is that you lived with a member of Greenpeace (which isn't the same as someone who works there) and you dislike him?
Well golly, I have no idea what your agenda is?
Bitter much?
A member of Greenpeace isn't the same as someone who works for Greenpeace. Anyone can join and support Greenpeace with money, it's a tax deduction in most countries, so many people do.
As far as the tree spiking, again: Greenpeace doesn't do that.
Your friend was a "fucktard" if he was the one that spiked trees and claimed to be from Greenpeace. We don't do that. Ever.
Not really, I am agreeing that harddrives are the right way to go.
I personally use a firewire enclosure, it's fast, it's hotpluggable and it's easy to swap the internal disk.
You're always going to get a better rate with Hard drives but you're going to be prone to failure.
If you buy them in bulk you can save.
Burning DVDs is going to take you forever and drive you nuts.
Find a hotswappable set of drives and use that for your offline backups. Use a raid for your current backups.
You must have entirely missed that banner hang on the coal plant on the east coast, eh?
No, these are not the same people that release non-native mink into the natural environment.
Greenpeace doesn't do that type of activity.
That's so funny!
:-)
Buhahahaha!
I am glad that people have such a good sense of humor!
Sounds like something i would joke about on my way into work