About 1040 packets in my experence. I have heard about custom programs that are able to brute force a key from a single packet (weak or otherwise) from what I hear. Something about the fact that the IV key is only 24bit and how real time breaking of WEP isn't really that unpractical.
40bit ssl is easy to break, why shouldn't 24bit IV keys be?
I wouldn't sit in your driveway for 36 hours, but I bet someone would use the above stuff to go back to your house when they need net access near by.
No, your wrong. You cannot create a secure WiFi network. If you can't even secure the first layer, your screwed.
Tell me, do you know what wifi network your on when your on it?
You know the SSID, but what channel?
You can layer cruft on top and pretend it's secure but when I can send a disconnect to your wifi clients and have them associate with my rouge network, I own your ass.
Did you pay attention at the black hat breifing last year?
Your real network is on channel 6.
I can mirror your wavesec setup, make a gatway that accepts any wepkey (LEAP, PEAP and EAP/TLS setup).
With how wificards join networks, you join mine when I disconnect you.
Your client will go to channel 7,8, etc until it finds a network that is correct.
Combine that with my rouge AP and guess what?
Now your users trust the monitored and owned (upstream) wifi network!
The problem with these solutions is that it requires an education.
All the security in the world won't help if people use bad passwords, let people get access to their secret keys, become the victim of man in the middle attacks and so on.
Anything that lacks education behind the security is going to fail from a trivial, well documented exploit.
And once again, layers do not matter if all that matters is a connection. Sometimes it's not important to decrypt the message (but that is a plus), sometimes it's just important to build a network of communication patterns.
This is actually a really big interest of mine as of late and I think that it can be a really big problem/solution to tracking people.
The police (if savvy enough) can tell when people meet and communicate. If they use a bad crypto system then they might also break it.
The citizens can be (mostly) sure they aren't being evesdropped on but they are being tracked.
Key signing patterns are a good example of this, eg: who met who and where.
Then anything outside of key signing parties could be considered something personal.
You must live in another country than we do. In america we have the right to life, liberty and the persuit of freedom.
We have the right to freedom of persecuition.
When a police officer want's my computer they can't just take it good sir. No we have laws. They cannot take something and make me fight for it. That's against what I as an american feel is right.
That sir is fascism. We don't support that in america.
We are free, soon we will free your country too.
Freedom will come to everyone that waits for but a moment.
I have and I think that cisco is pretty secure if it's using LEAP. If it's not, it's just as insecure.
WEP all uses 24bit IV keys and that's the problem.
Use kismet and don't channel hop. Use the network for a few hours and do some math.
Figure out when your wep key will be able to be cracked and besure to change it before it's time.
It's possible.
Also there is also the fact that someone can attempt to crack the 24bit IV with brute force on their workstation but this is less common. Infact I know of only one person doing this to crack wep. The good news about this is that it means that you don't really need much data at all to crack WEP, just time. The bad news is that it doesn't matter how much your keys change, data sniffed isn't secure. That means that passwords/stuff that may be important can still be had.
This tool exisits. Many like it exsist. They have only been stopped when the people running it were total jackasses, they got what they deserved.
This is not terrorism. If it was then that is the role you take on when you use it. Change the law through action be it direct action or passive gradualism.
It will work. This is going to change the face of things. If you think it can be stopped read my comment about how it doesnt have to be run out of U.S.A..
The point I make is this: I do have the right to anonymous free speech.
So take my credit away with my identity. Why believe your wife is a tramp because some anonymous source says so? If I hold that your wife is a tramp in opinion and do not present it as fact you have no lawsuit on your hands.
This is not a supposed right to anonymous free speech. It is a right. Do not discredit it because you think it holds no merit. It might make you irresonsible but it allows me to critique my society without my employer firing me for my political views. Or my neighbors from keying my car because I feel that they should be able to speak their mind in a non-violent manner.
You talk about the American Revolution but that is an example of all things I mentioned (in a non digital form) but then it goes above and beyond. This is the first form of revolution, protest. Protest should be first, not violence.
Not war. However you cannot truly avoid war, you can only sway it into ones favor. So perhaps protest may serve as the sway the people need to see to understand.
This could very well be true. They could go after the site that is a public forum where people meet and decide to start pounding with (valid) requests.
Perhaps you will sue them. Perhaps you will sue a few nodes.
Then think of the effect. People start to hide their nodes more effectivly. They do it from wireless networks around their city. They do it from public places that provide internet access.
Perhaps. I doubt those things will happen with the current trend of computer users. I have utter disdain for most computer users now. They feel they have no power and that just isn't true.
Your right people would be sued. If that would be a success remains to be seen. People get arrested and sued over protests all the time, it goes with the terrority. Most people that protest have nothing other than their freedom to have taken away from them, the poor, the disadvantaged.
So yes people will use it. You cannot stop a distributed network. Once its out it will not go back. These networks already exsist.
Also: Why are you so centric of one justice center? Do you think that these networks cannot be run outside of the west? Do you think all the networks of this type have been in the good ol' U.S.A.?
In your opinion did the ebay dos of latter days not get onto the news? The papers? The court system?
Money is what matters. When people block the whitehouse they used to stop the flow of communication, the flow of governing, now they do not. Cash still flows. The governing goes on. To be effective one must stop the flow. The form it takes now is the internet. It is time to use this medium that has brought back the ability to have civil disobedience.
I am a part of the activist community. I am also a geek. I think people all bring a trade to the table. So if you have the ability to bring computers to the activist table you should do so.
I suggest you get yourself a copy of "electronic civil disobedience" by the critical art ensemble.
So who are you going to sue? The person that made the remark go to blah.com? The tool that allows peoples computers to all be a part of a digital demonstration?
Each person in this network would have to take responsibilty for their own node, so who are you going to sue?
Also again with the bandwidth rumor. One person on a modem can take down any webserver, mail server, and/or ftp server without exceeding the normal (perhaps even less than normal) bandwidth quota.
Well as much as your respect of my right to anonymous free speech matters to me. I have the right to anonymous free speech. In many cases it is needed to prevent violent reprisials against the protesters.
You live in a dream world if you think that the US is going to force (or even suggest) that the WTO host dissent speech. Also, just because they could host it doesn't then mean that no one else could protest (but watch if they did that I am sure they would say there is no more reason to hold protests).
My point is concise.
Protest is a disruption that will cause change when there is no effective way to punish and stop it.
Slashdot Mirror
About 1040 packets in my experence.
I have heard about custom programs that are able to brute force a key from a single packet (weak or otherwise) from what I hear. Something about the fact that the IV key is only 24bit and how real time breaking of WEP isn't really that unpractical.
40bit ssl is easy to break, why shouldn't 24bit IV keys be?
I wouldn't sit in your driveway for 36 hours, but I bet someone would use the above stuff to go back to your house when they need net access near by.
No, your wrong. You cannot create a secure WiFi network. If you can't even secure the first layer, your screwed.
Tell me, do you know what wifi network your on when your on it?
You know the SSID, but what channel?
You can layer cruft on top and pretend it's secure but when I can send a disconnect to your wifi clients and have them associate with my rouge network, I own your ass.
Did you pay attention at the black hat breifing last year?
Your real network is on channel 6.
I can mirror your wavesec setup, make a gatway that accepts any wepkey (LEAP, PEAP and EAP/TLS setup).
With how wificards join networks, you join mine when I disconnect you.
Your client will go to channel 7,8, etc until it finds a network that is correct.
Combine that with my rouge AP and guess what?
Now your users trust the monitored and owned (upstream) wifi network!
Good job!
I agree with you but don't think wires are security by any means.
;-)
If I overflow your switch, your fucked
But can you name a single tool that brute forces keys from as little as a single encrypted packet?
You rock, I was just thinking that.
101 is also the highway near where they filmed the movie in California.
The freeway scene was however an entirely faked freeway.
I cannot even begin to count the number of cute girls that stopped dating me because I used a computer.
We should have a talk about that.
CCC seems like the right place for such a social activity/talk.
The problem with these solutions is that it requires an education.
All the security in the world won't help if people use bad passwords, let people get access to their secret keys, become the victim of man in the middle attacks and so on.
Anything that lacks education behind the security is going to fail from a trivial, well documented exploit.
And once again, layers do not matter if all that matters is a connection. Sometimes it's not important to decrypt the message (but that is a plus), sometimes it's just important to build a network of communication patterns.
This is actually a really big interest of mine as of late and I think that it can be a really big problem/solution to tracking people.
The police (if savvy enough) can tell when people meet and communicate. If they use a bad crypto system then they might also break it.
The citizens can be (mostly) sure they aren't being evesdropped on but they are being tracked.
Key signing patterns are a good example of this, eg: who met who and where.
Then anything outside of key signing parties could be considered something personal.
Patterns are fun.
I think that McViegh was a fucking hero.
Do you remember the shirt he wore when he was arrested?
Some people know the futility of writing a letter and others know the stigma.
He decided to skip it and just make a difference.
He did, good or bad.
It's a shame that most people don't understand why he did it. He was a true american.
I might sound like a gun nut but I assure you I am not.
I remember when the building went down and I remember everyone suprised to see it wasn't an arab.
Well this last time, it was some arabs, it wasn't a single iraqi arab, but brown it brown.
So let's just kill them all, right?
I agree with you, but it's hard to contact a party under watch without causing a stir doing that.
Both parties need to be anonymous.
If you read deeper in cryptonomicon you will remember the idea about constant noise being better than burst traffic.
You must live in another country than we do. In america we have the right to life, liberty and the persuit of freedom.
We have the right to freedom of persecuition.
When a police officer want's my computer they can't just take it good sir. No we have laws. They cannot take something and make me fight for it. That's against what I as an american feel is right.
That sir is fascism. We don't support that in america.
We are free, soon we will free your country too.
Freedom will come to everyone that waits for but a moment.
You fucking idiot. Germany is more free than most of the world today.
Read a fucking history book or better yet, go visit Berlin.
Asshole.
I have and I think that cisco is pretty secure if it's using LEAP. If it's not, it's just as insecure.
WEP all uses 24bit IV keys and that's the problem.
Use kismet and don't channel hop. Use the network for a few hours and do some math.
Figure out when your wep key will be able to be cracked and besure to change it before it's time.
It's possible.
Also there is also the fact that someone can attempt to crack the 24bit IV with brute force on their workstation but this is less common. Infact I know of only one person doing this to crack wep. The good news about this is that it means that you don't really need much data at all to crack WEP, just time. The bad news is that it doesn't matter how much your keys change, data sniffed isn't secure. That means that passwords/stuff that may be important can still be had.
As it stands it would take me less than two days to crack your network with moderate use.
MAC auth is so easy to fake I wouldn't even bother.
japanrush.com has nice slick sony viaos imported from japan and they CHARGE EXTRA for windows.
So don't pay!
From Santa Rosa?
Live in the southern removed part of the state now?
I do it. :)
Why should I care if the SS does it
Right Kyle?
It isn't spam. This isn't an ad. This is people mailing opinions in. This is people connecting to websites. To ftp servers.
This isn't the only option but it is a safe way to convey a message. By safe I mean from physical abuse.
This tool exisits. Many like it exsist.
They have only been stopped when the people running it were total jackasses, they got what they deserved.
This is not terrorism. If it was then that is the role you take on when you use it. Change the law through action be it direct action or passive gradualism.
It will work. This is going to change the face of things. If you think it can be stopped read my comment about how it doesnt have to be run out of U.S.A..
The point I make is this: I do have the right to anonymous free speech.
So take my credit away with my identity. Why believe your wife is a tramp because some anonymous source says so? If I hold that your wife is a tramp in opinion and do not present it as fact you have no lawsuit on your hands.
This is not a supposed right to anonymous free speech. It is a right. Do not discredit it because you think it holds no merit. It might make you irresonsible but it allows me to critique my society without my employer firing me for my political views. Or my neighbors from keying my car because I feel that they should be able to speak their mind in a non-violent manner.
You talk about the American Revolution but that is an example of all things I mentioned (in a non digital form) but then it goes above and beyond. This is the first form of revolution, protest. Protest should be first, not violence.
Not war. However you cannot truly avoid war, you can only sway it into ones favor. So perhaps protest may serve as the sway the people need to see to understand.
This could very well be true.
They could go after the site that is a public forum where people meet and decide to start pounding with (valid) requests.
Perhaps you will sue them. Perhaps you will sue a few nodes.
Then think of the effect.
People start to hide their nodes more effectivly.
They do it from wireless networks around their city.
They do it from public places that provide internet access.
Perhaps. I doubt those things will happen with the current trend of computer users. I have utter disdain for most computer users now. They feel they have no power and that just isn't true.
Your right people would be sued. If that would be a success remains to be seen. People get arrested and sued over protests all the time, it goes with the terrority. Most people that protest have nothing other than their freedom to have taken away from them, the poor, the disadvantaged.
So yes people will use it.
You cannot stop a distributed network.
Once its out it will not go back.
These networks already exsist.
Also: Why are you so centric of one justice center? Do you think that these networks cannot be run outside of the west? Do you think all the networks of this type have been in the good ol' U.S.A.?
Think again kid.
In your opinion did the ebay dos of latter days not get onto the news? The papers? The court system?
Money is what matters.
When people block the whitehouse they used to stop the flow of communication, the flow of governing, now they do not. Cash still flows. The governing goes on. To be effective one must stop the flow. The form it takes now is the internet. It is time to use this medium that has brought back the ability to have civil disobedience.
I am a part of the activist community. I am also a geek. I think people all bring a trade to the table. So if you have the ability to bring computers to the activist table you should do so.
I suggest you get yourself a copy of "electronic civil disobedience" by the critical art ensemble.
It is not wrong to disrupt society.
The first was a wrong by the government and the second was a RIGHT by the people.
Get with it.
So who are you going to sue?
The person that made the remark go to blah.com?
The tool that allows peoples computers to all be a part of a digital demonstration?
Each person in this network would have to take responsibilty for their own node, so who are you going to sue?
Also again with the bandwidth rumor.
One person on a modem can take down any webserver, mail server, and/or ftp server without exceeding the normal (perhaps even less than normal) bandwidth quota.
Well as much as your respect of my right to anonymous free speech matters to me. I have the right to anonymous free speech. In many cases it is needed to prevent violent reprisials against the protesters.
You live in a dream world if you think that the US is going to force (or even suggest) that the WTO host dissent speech. Also, just because they could host it doesn't then mean that no one else could protest (but watch if they did that I am sure they would say there is no more reason to hold protests).
My point is concise.
Protest is a disruption that will cause change when there is no effective way to punish and stop it.
Protesting in a political action.