That said, new tales are always welcome and Two Frogs has oodles of charisma and charm, especially amongst the mums and dads who have an appreciation for security.

Two frogs are sitting on a lily pad and one of them has a stick. The stick, he says, is to beat off the dog. But there is no dog. Yet. So begin the trials and adventures of this hapless pair.

A free cigar if you can guess what this new configuration snippet will do:

Yes, I know that’s bandwidth theft as well, but let’s face it. Lemon Party is a site which I’m sure expects this kind of usage.

The practical upshot of which is that with a fully generated set of Rainbow Tables, it’s possible to crack any un-salted one-way hashed password in a reasonable amount of time (we’re talking minutes). Their usage includes, but is not limited to WPA-PSK, Poisoned NTLM/LM Challenge/Response, MD4, MD5, SHA-1, LM, MS-CACHE and NTLM cracking.

Free Rainbow Tables is a newly rejuvenated project which uses distributed computing technology in order to compute diverse Rainbow Tables for all to use on-line, and download for offline usage.

Google is a great first stop for many searches, but it doesn’t provide relational links to re-construct a person’s (or organisation’s) entire web-presence, including their relationships with other subjects and resources. This is where Paterva’s Evolution offering comes into play. To assess the power of the engine, there is a simplified web interface, however for graphical representation of association, there’s also a GUI based interface for Windows, *nix, and MacOS.

This is a very powerful and interesting way of manipulating search data via objects. This tool is a social engineer’s and auditor’s gold mine, and will probably also be gracing the desktop of any budding cyber-stalker :-| However, it’s all public information that’s available via searching through a number of online tools. What’s unique here is the ease of the search, and the representation of relationships and data. A great test is to audit just how much data you’ve leaked onto the Internet.

So, today, I took an exam in a product that I’ve never used outside of the classroom environment. I took the exam to certify, so that I can hopefully use the product in my current job. Odd huh?

Anyway, I passed, barely (being naked is proven to aid recall.)

I now have a CCSA NGX, and next friday is the CCSE NGX exam :S

technorati tags:exam, checkpoint, ccsa, ccse, tech

Coined by the Jericho Forum, a group of like-minded FTSE 1000 folk who wish to have a say about the product capabilities that their principals invest in, and rightly so. The customer is always right, or at least, should think they’re always right.

The trouble with most companies, is that they grow. They grow from a system that works, to a system that no longer fits the bill. Constantly concentrating on one single perimeter, and blasting whopping great holes in it everytime an urgent business requirement for a system pops-up. Just because you can do it, doesn’t mean you should do it. Proper change controls, and regular review go some way to mitigating risk, but sometimes management are willing to accept risks, which the rest of us think are more likely to occur once they have been accepted.

Re-perimeterisation has gone some way to defend the core network from justifiably non-compliant networks, but doesn’t really help protect the gooey stuff, because it’s susceptible to the same management methodology and weaknesses of the primary security perimeter.

A combination of all three is need, along with a roadmap for the future, a plan that all resources can work towards. Of course, the right process, and lastly, the right products.

technorati tags: de-perimeterisation, re-perimeterisation, micro-perimeterisation, jericho, information security

I do take precautions, and I used to backup to DVD, but alas, it’s a troublesome process, tedious, and not altogether reliable. Lately I’ve been rsync’ing data to an external USB drive, which is great for a one off snapshot, but not effective against slow data corruption or data-diddlin attacks. It’s mainly for convenience in the restoration of data that’s readily available elsewhere.

My photographs are probably the most important piece of data on my workstation, not my documents, personal correspondance, or any residual trace of on-line transactions. Just my memory-hints. Time for off-site back-ups, and Flickr is just the thing for the job. With some added social networking benefits to boot.

technorati tags: flickr, photography, photograph, backup, dvd, usb

If I was just passively sniffing traffic from a wireless network, I could be there for days, accumulating enough legitimate data (derived from one key) to brute force the key, and the key isn’t that hard to brute force when you do have the data, due to weaknesses in the key scheduling algoritm of RC4. So, ARP is a predictable packet, a few bytes of the header are usually the same, and the size of the packet is recognisable. So we have known plaintext, and the ability to sniff known ciphertext. Great, if we re-inject this ARP packet into the network, something’s going to respond. We’ll receive more cipher text, to compare against known plain text.

Even on a low-traffic network, we can encourage traffic using this re-injection technique, and then sit back and accumulate the data (Initialisation Vectors, or IVs) we need to brute force the WEP key.

Simple, eh? Well, that’s what I was doing last night. Hopefully, I’ll get to test out some exploits against WPA-PSK tonight, or soon, at least.

Oh, and maybe I’ll play with polutting the airwaves, with this little number:

If one access point is good, 53,000 must be better.

Black Alchemy’s Fake AP generates thousands of counterfeit 802.11b access points. Hide in plain sight amongst Fake AP’s cacophony of beacon frames. As part of a honeypot or as an instrument of your site security plan, Fake AP confuses Wardrivers, NetStumblers, Script Kiddies, and other undesirables.

Projects - fakeAP

technorati tags: wlan, wireless, hacking, information security, wep, wpa

It’s also pin-pointed that the SMC2802 V.2 EU cards I’m using in Linux (Fedora Core 4) are just not the cards for any serious wireless auditing, and so I’ve gone on the hunt for tested cards, and stumbled across a UK supplier of Linux tested equipment. Whilst there’s not a great choice of peripherals, I did stumble across a card with a Transmit Power of 16 - 18dBm, which ain’t bad, considering my choice of suppliers is limited. Yes, it does have an external aeriel connector.

technorati tags: wlan, wi-foo, hacking, information security, linux, fedora

Wish me luck!

technorati tags: university, finance, bank, information security