Wireless hack,Wifi hack & security

A new flaw in IE 8 can be exploited to introduce XSS , or cross site scripting errors on webpages that are otherwise safe, according to twoRegister sources, who discussed the bug on the condition they not be identified. Microsoft was notified of the vulnerability a few months ago

ronically, the flaw resides in a protection added by Microsoft developers to IE 8 that’s designed toprevent XSS attacks against sites. The feature works by rewriting vulnerable pages using a technique known as output encoding so that harmful characters and values are replaced with safer ones. A Google spokesman confirmed there is a “significant flaw” in the IE 8 feature but declined to provide specifics.

It’s not clear how the protections can cause XSS vulnerabilities in websites that are otherwise safe. Michael Coates – a senior application security engineer at Aspect Security who has closely studied the feature but was unaware of the vulnerability – speculates it may be possible to cause IE 8 to rewrite pages in such a way that the new values trigger an attack on a clean site.

After the ikee worm that displayed a picture of Rick Astley on jailbroken iPhones, the first malicious iPhone worm (Google translation;original, in Dutch) has now been discovered in the wild. Internet provider XS4ALL in the Netherlands encountered several of such devices(link in Dutch) on the wireless networks of their customers and put out a warning. After obtaining a copy of the malware it was discovered that the jailbroken phones, which are exploited through openSSH with a default password, scan IP ranges of mobile internet providers for other vulnerable iPhones, phone home to a C&C botnet server, are able to update themselves with additional malware and have the ability to dump the SMS database as well. Owners of a jailbroken iPhone with a default root password are advised to flash to the latest Apple firmware in order to ensure no malware is present

Hope you know Hardware keyloggers, which is a perfect way to keep track of user activity, which is totally electronic device, and using this doesnt need any access to any OS no fear of ur tracks, so here is a  link which gives you total detail of making a hardware keylogger  for yourself…

http://www.keelog.com/wireless_keylogger.html

enjoy

Researchers say they have created a special kind of paint which can block out wireless signals.

It means security-conscious wireless users could block their neighbours from being able to access their home network – without having to set up encryption.

The paint contains an aluminium-iron oxide which resonates at the same frequency as wi-fi – or other radio waves – meaning the airborne data is absorbed and blocked.By coating an entire room, signals can’t get in and, crucially, can’t get out.Developed at the University of Tokyo, the paint could cost as little as £10 per kilogram, researchers say.

The makers say that for businesses it’s a quick and cheap way of preventing access to sensitive data from unauthorised users. Presently, most companies have to invest in complicated encryption software to deter hackers.

Speaking on the BBC World Service’s Digital Planet programme, Shin-ichi Ohkoshi, who is leading the project, explained how the paint could have many uses beyond security.

“In a medical setting, you could transmit large volumes of data from a medical device, such as an endoscope, to a computer. 

“By painting a solution containing our magnetic particles on the walls, you would quickly, and effectively, shield the room from stray electromagnetic radiation from outside.”

While paints blocking lower frequencies have been available for some time, Mr Ohkoshi’s technology is the first to absorb frequencies transmitting at 100GHz (gigahertz). Signals carrying a larger amount of data – such as wireless internet – travel at a higher frequency than, for example, FM radio.

“I’m working on a material that can absorb a larger range of frequencies. We are capable of making a paint that can absorb over 200 gigahertz.”

Info from Offensive Security

This is it! After months of hard work, we are finally ready to present the free version of our online course – Metasploit Unleashed – Mastering the Framework. This resource will be a living, breathing Metasploit documentation entity. We will keep on updating and adding new modules and chapters as the MSF evolves.

check the entire info here

http://www.offensive-security.com/blog/offsec/free-online-information-security-training-by-offensive-security/

A group of security research ppl from bangalore called Indiancyberarmy… have intiated the awareness on Wi-Fi security and its threats … they have raised there wireless education and will be happy to say others to do the same …

http://www.timesnow.tv/Wi-fi-an-easy-target-for-terrorists/videoshow/4326506.cms

This is gadget is bit old in markets but it has really great guns to .. the latest in the market is Wi-Spy2.4x this is a small portable USB device designed for IT professionals. It scans and displays all activity in the 2.4 GHz spectrum, quickly helping to identify interference, find the quietest channel, and analyze the quality of the signal. Save time and money by setting up your wireless network right the first time, and get our Chanalyzer 3 software at no additional cost.

What does Wi-Spy 2.4x do?

• Plugged into a computer, the Wi-Spy 2.4x will track all the radio activity from Wi-Fi, Cordless Phones, Microwaves, Zigbee, Bluetooth, and many more 2.4 GHz devices.
• Seeing these devices will help you locate and identify possible interference to optimize your WLAN.

How can the Wi-Spy 2.4x help me?

• If you install, maintain, or troubleshoot access points, find the open channel and minimize the interference.
• If you work with consumers, avoid a revisit by using a Wi-Spy in case they own a microwave or cordless phone.
• If you experience WiFi interference on a regular basis, discover competing access points.
• Conduct site surveys using Wi-Spy 2.4x.

System Requirements

• Windows 2000, XP, or Vista with .Net 2.0
• USB 1.1 or 2.0
• Mac OS X 10.5 with Chanalyzer Lite

Multiple serious security flaws in the Google Chrome browser could expose users to code execution attacks, according to an advisory released today.

The flaws, rated “high risk,” have been addressed in Google Chrome 2.0.172.43, which is released automatically to Chrome users.

Details on the serious issues:

CVE-2009-2935 (High Severity): A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing security checks. It is possible that this could lead to disclosing unauthorized data to an attacker or allow an attacker to run arbitrary code. Technical details are being withheld until the fix is shipped to a majority of Chrome users. An attacker might be able to run arbitrary code within the Google Chrome sandbox
CVE-2009-2416 (High Severity) Pages using XML can cause a Google Chrome tab process to crash. A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected. An attacker might be able to run arbitrary code within the Google Chrome sandbox.
With this update, Google Chrome will no longer connects to HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms. These algorithms are considered weak and might allow an attacker to spoof an invalid site as a valid HTTPS site,
google explaind

It was a long time i made a vid so thaught to make on WEPBuster script

thanks for markjayson.alvarez for such a nice tool and saving our time while doing Wireless pentest.

decrypt WEP  using WEPbuster

1)download the tool here

check the project page http://code.google.com/p/wepbuster/

wget http://wepbuster.googlecode.com/files/wepbuster-1.0_beta_0.6.tgz
tar -xvf wepbuster-1.0_beta_0.6.tgz
cd wepbuster-1.0_beta
perl wepbuster

DONE

Video is here

http://blip.tv/file/2488100

note:testing should be done only if u have permissions on the AP,otherwise check ur local laws or u may come in newspapper or TV

Punter

After nearly five years in draft, the next-generation Wi-Fi standard is set to be finalized in September. Officially known as 802.11n and often referred to as “Wireless N,” the new standard paves the way for blazing fast high definition video and data at home.

Products based on the final 802.11 n standard could offer up to 600 Mbps connectivity speeds, plus the ability to have up to four simultaneous streams of high-definition video, voice and data through the house. The standard also promises easy backward compatibility, which means new devices will work smoothly with older products. in detail

For consumers, the difference in speed and range will be palpable, says Will Strauss, an analyst with Forward Concepts.  “Speed is everything and videos are the main driver for this technology,” he says. “When you are home you want to get to YouTube fast and watch video and have a phone connection and surf.”

The 802.11n standard is the successor to the 802.11g Wi-Fi protocol, which offers speeds of up to 54 Mbps. The 802.11n standard’s most important addition has been the multiple-input multiple-output capability, also known as MIMO. MIMO allows for multiple antennas to resolve more information quickly.

Although 802.11n won’t be final until next month, manufacturers have been making products based on a draft version of the standard for several years. These typically offer two or three channels to send and receive data or voice respectively.  They also limit the overall speed to much less than the 600 Mbps that newer standard offers.