Wireless hack,Wifi hack & security

Want to consume over the net…

try this http://nodedb.consume.net/nodedb.php

If you use any version of Internet Explorer to surf Twitter or other Web 2.0 sites, Jorge Luis Alvarez Medina can probably read the entire contents of your primary hard drive.

The security consultant at Core Security said his attack works by clicking on a single link that exploits a chain of weaknesses in IE and Windows. Once an IE user visits the booby-trapped site, the webmaster has complete access to the machine’s C drive, including files, authentication cookies – even empty hashes of passwords

This isn’t the first time security researchers at Core have identified security weaknesses in IE. The company issued this advisory in 2008 and this one in 2009, each identifying specific links in the chain that could potentially be abused by an attacker.

“Every time we reported this to Microsoft, they were fixing just one of the features,” Medina said in a telephone interview from Bueno Aires. “Every time they [fixed] it, we managed another way to build the attack again.”

Medina said he has fully briefed Microsoft on his latest attack, which he plans to demonstrate at next month’s Black Hat security conference in Washington, DC. Microsoft’s “rapid response team” didn’t reply to an email, but a statement sent to other news outlets said the company is investigating the vulnerability and isn’t aware of it being exploited in the wild.

The hole is difficult to close because the attack exploits an array of features IE users have come to rely on to make web application work seamlessly. Simply removing the features could neuter functions such as online file sharing and active scripting, underscoring the age-old tradeoff between a system’s functionality and its security.

Based on Medina’s characterization, it appears that fixing the weakness will require changes in a Windows network sharing technology known as SMB, or server message block, as well as the way Windows makes file caches available to a wide variety of applications.

“The things we are reporting are not bugs, they are features,” Medina said. “They are needed for many applications to work, so [Microsoft] can’t simply remove or truncate” them.

IE suffers from at least one other long-standing security bug that can enable attacks against people browsing websites that are otherwise safe to view. It can be exploited to introduce XSS, or cross-site scripting, exploits on webpages, allowing attackers to inject malicious content and code. Microsoft has said it’s unaware of this vulnerability being exploited

Now you can get any of ur neighbouring WPA passwords cracked for US 34$, a new cloud-based hacking service can crack a WPA (Wi-Fi Protected Access) network password in just 20 minutes,

the WPA Cracker service bills itself as a useful tool for security auditors and penetration testers who want to know if they could break into certain types of WPA networks. It works because of a known vulnerability in Pre-shared Key (PSK) networks, usually used by home and small-business users.

o use the service, the tester submits a small “handshake” file that contains an initial back-and-forth communication between the WPA router and a PC. Based on that information, WPA Cracker can then tell whether the network seems vulnerable to this type of attack or not.

The service was launched by a well-known security researcher who goes by the name of Moxie Marlinspike. In an interview, he said that he got the idea for WPA Cracker after talking to other security experts about how to speed up WPA network auditing. “It’s kind of a drag if it takes five days or two weeks to get your results,” he said.

Hackers have known for some time that these WPA-PSK networks are vulnerable to what’s called a dictionary attack, where the hacker guesses the password by trying out thousands of commonly used passwords until one finally works. But because of the way WPA is designed, it takes a particularly long time to pull off a dictionary attack against a WPA network.

Because each WPA password must be hashed thousands of times, a typical computer can guess perhaps just 300 passwords per second, while other password crackers can process hundreds of thousands of words per second. That means that the 20-minute WPA Cracker job, which runs 135 million possible options, would take about five days on a dual-core PC, Marlinspike said. “That has really stymied efforts of WPA cracking,” he said.

WPA Cracker customers get access to a 400-node computing cluster that employs a custom dictionary, designed specifically for guessing WPA passwords. If they find the $34 price tag too steep, they can use half the cluster and pay $17, for what could be a 40-minute job. Marlinspike declined to say who operates his compute cluster.

The attack will work if the network’s password is in Marlinspike’s 135 million-phrase dictionary, but if it’s a strong, randomly generated password it probably won’t be crackable.

Security Auditors u look for it

A new flaw in IE 8 can be exploited to introduce XSS , or cross site scripting errors on webpages that are otherwise safe, according to twoRegister sources, who discussed the bug on the condition they not be identified. Microsoft was notified of the vulnerability a few months ago

ronically, the flaw resides in a protection added by Microsoft developers to IE 8 that’s designed toprevent XSS attacks against sites. The feature works by rewriting vulnerable pages using a technique known as output encoding so that harmful characters and values are replaced with safer ones. A Google spokesman confirmed there is a “significant flaw” in the IE 8 feature but declined to provide specifics.

It’s not clear how the protections can cause XSS vulnerabilities in websites that are otherwise safe. Michael Coates – a senior application security engineer at Aspect Security who has closely studied the feature but was unaware of the vulnerability – speculates it may be possible to cause IE 8 to rewrite pages in such a way that the new values trigger an attack on a clean site.

After the ikee worm that displayed a picture of Rick Astley on jailbroken iPhones, the first malicious iPhone worm (Google translation;original, in Dutch) has now been discovered in the wild. Internet provider XS4ALL in the Netherlands encountered several of such devices(link in Dutch) on the wireless networks of their customers and put out a warning. After obtaining a copy of the malware it was discovered that the jailbroken phones, which are exploited through openSSH with a default password, scan IP ranges of mobile internet providers for other vulnerable iPhones, phone home to a C&C botnet server, are able to update themselves with additional malware and have the ability to dump the SMS database as well. Owners of a jailbroken iPhone with a default root password are advised to flash to the latest Apple firmware in order to ensure no malware is present

Researchers say they have created a special kind of paint which can block out wireless signals.

It means security-conscious wireless users could block their neighbours from being able to access their home network – without having to set up encryption.

The paint contains an aluminium-iron oxide which resonates at the same frequency as wi-fi – or other radio waves – meaning the airborne data is absorbed and blocked.By coating an entire room, signals can’t get in and, crucially, can’t get out.Developed at the University of Tokyo, the paint could cost as little as £10 per kilogram, researchers say.

The makers say that for businesses it’s a quick and cheap way of preventing access to sensitive data from unauthorised users. Presently, most companies have to invest in complicated encryption software to deter hackers.

Speaking on the BBC World Service’s Digital Planet programme, Shin-ichi Ohkoshi, who is leading the project, explained how the paint could have many uses beyond security.

“In a medical setting, you could transmit large volumes of data from a medical device, such as an endoscope, to a computer. 

“By painting a solution containing our magnetic particles on the walls, you would quickly, and effectively, shield the room from stray electromagnetic radiation from outside.”

While paints blocking lower frequencies have been available for some time, Mr Ohkoshi’s technology is the first to absorb frequencies transmitting at 100GHz (gigahertz). Signals carrying a larger amount of data – such as wireless internet – travel at a higher frequency than, for example, FM radio.

“I’m working on a material that can absorb a larger range of frequencies. We are capable of making a paint that can absorb over 200 gigahertz.”

A group of security research ppl from bangalore called Indiancyberarmy… have intiated the awareness on Wi-Fi security and its threats … they have raised there wireless education and will be happy to say others to do the same …

http://www.timesnow.tv/Wi-fi-an-easy-target-for-terrorists/videoshow/4326506.cms

This is gadget is bit old in markets but it has really great guns to .. the latest in the market is Wi-Spy2.4x this is a small portable USB device designed for IT professionals. It scans and displays all activity in the 2.4 GHz spectrum, quickly helping to identify interference, find the quietest channel, and analyze the quality of the signal. Save time and money by setting up your wireless network right the first time, and get our Chanalyzer 3 software at no additional cost.

What does Wi-Spy 2.4x do?

• Plugged into a computer, the Wi-Spy 2.4x will track all the radio activity from Wi-Fi, Cordless Phones, Microwaves, Zigbee, Bluetooth, and many more 2.4 GHz devices.
• Seeing these devices will help you locate and identify possible interference to optimize your WLAN.

How can the Wi-Spy 2.4x help me?

• If you install, maintain, or troubleshoot access points, find the open channel and minimize the interference.
• If you work with consumers, avoid a revisit by using a Wi-Spy in case they own a microwave or cordless phone.
• If you experience WiFi interference on a regular basis, discover competing access points.
• Conduct site surveys using Wi-Spy 2.4x.

System Requirements

• Windows 2000, XP, or Vista with .Net 2.0
• USB 1.1 or 2.0
• Mac OS X 10.5 with Chanalyzer Lite

Multiple serious security flaws in the Google Chrome browser could expose users to code execution attacks, according to an advisory released today.

The flaws, rated “high risk,” have been addressed in Google Chrome 2.0.172.43, which is released automatically to Chrome users.

Details on the serious issues:

CVE-2009-2935 (High Severity): A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing security checks. It is possible that this could lead to disclosing unauthorized data to an attacker or allow an attacker to run arbitrary code. Technical details are being withheld until the fix is shipped to a majority of Chrome users. An attacker might be able to run arbitrary code within the Google Chrome sandbox
CVE-2009-2416 (High Severity) Pages using XML can cause a Google Chrome tab process to crash. A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected. An attacker might be able to run arbitrary code within the Google Chrome sandbox.
With this update, Google Chrome will no longer connects to HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms. These algorithms are considered weak and might allow an attacker to spoof an invalid site as a valid HTTPS site,
google explaind

After nearly five years in draft, the next-generation Wi-Fi standard is set to be finalized in September. Officially known as 802.11n and often referred to as “Wireless N,” the new standard paves the way for blazing fast high definition video and data at home.

Products based on the final 802.11 n standard could offer up to 600 Mbps connectivity speeds, plus the ability to have up to four simultaneous streams of high-definition video, voice and data through the house. The standard also promises easy backward compatibility, which means new devices will work smoothly with older products. in detail

For consumers, the difference in speed and range will be palpable, says Will Strauss, an analyst with Forward Concepts.  “Speed is everything and videos are the main driver for this technology,” he says. “When you are home you want to get to YouTube fast and watch video and have a phone connection and surf.”

The 802.11n standard is the successor to the 802.11g Wi-Fi protocol, which offers speeds of up to 54 Mbps. The 802.11n standard’s most important addition has been the multiple-input multiple-output capability, also known as MIMO. MIMO allows for multiple antennas to resolve more information quickly.

Although 802.11n won’t be final until next month, manufacturers have been making products based on a draft version of the standard for several years. These typically offer two or three channels to send and receive data or voice respectively.  They also limit the overall speed to much less than the 600 Mbps that newer standard offers.