Jonathan Arbib

Source: http://www.airtightnetworks.com/WPA2-Hole196

WPA2 Hole196 Vulnerability

WPA2, perceived as the most solid Wi-Fi security protocol, is widely used by enterprises for securing their Wi-Fi networks. But security researchers at AirTight have uncovered a vulnerability called “Hole196″ in the WPA2 security protocol that exposes WPA2-secured Wi-Fi networks to malicious insiders. Exploiting the vulnerability, an insider can bypass WPA2 private key encryption and authentication to sniff and decrypt data from other authorized users as well as scan their Wi-Fi devices for vulnerabilities, install malware and possibly compromise those Wi-Fi devices. AirTight researcher, Md. Sohail Ahmad, will be demonstrating this vulnerability at the Black Hat Arsenal and at DEFCON18 in a presentation entitled “WPA Too?!” in Las Vegas on July 29th and July 31th respectively.

Interesting article here:

http://www.thedomz.com/2010/05/generate-invisible-window-boost-pages/

From Daily Dave Mailing List

SMobile has released a detailed report on research indicating that smartphone users are just as susceptible to man-in-the-middle (MITM) attacks as PC users. This report details the results of attempts to produce MITM attacks to determine whether it is possible to intercept SSL encrypted communications between various smartphone devices and servers. Of the devices that were tested, each of the major smartphone operating systems appeared to lack the ability to natively detect and defend against MITM attacks, allowing the testing team to intercept sensitive information that should have been encrypted via SSL.

Paper can be downloaded here:
http://threatcenter.smobilesystems.com/?page_id=1331

thanks to MAYANK

From http://project-rainbowcrack.com/

This version focus on more effective rainbow table file format. New features:

* New compact rainbow table file format (.rtc) reduce rainbow table size by 50% to 56.25%
* New rt2rtc utility convert rainbow table from raw file format (.rt) to compact file format (.rtc)
* New rtc2rt utility convert rainbow table from compact file format (.rtc) to raw file format (.rt)
* The rcrack/rcrack_cuda program support both .rt and .rtc rainbow table file format
* Conversion from non-perfect to perfect rainbow table is supported by rt2rtc utility

Smaller rainbow table significantly improve table lookup performance!

phpbb.com was hacked. Sites get “broken into” every day, but in this case a very thorough description was published here on how the attack was carried out. There is a lot to learn form there, even if techniques used are mostly straight forward. After the attack, someone else then ran the list of recovered passwords through an analysis program, and here is what he came out with.

Links:

phpbb Home Page

Details of Attack

Password Frequency Analysis

Happy Hacking!

Since link was broken on the Church of wifi website I got a copy though tbhost.eu. Now their link is broken. Here is an http copy and a torrent file (Please use torrent where possible…)

HTTP (not possible anymore due to high bandwidth usage)

Torrent

Credits:

HTTP Download from here (Broken Links?)
Church of Wifi
and The Shmoo Group for the previous Hosting of the torrent.

Read the posts on this forum

Then visit the site linked at the bottom of the page, or click here

That looks like phishing to me… Very simple attempt…

But could be effective if indeed it IS phishing…

To test it out, someone could perhaps create a “super” jailed ssh account on a system to perhaps see if someone attempts to login using those parameters… Someone wants to attempt it, and report back?

Shocking news… I wonder what they will do with an Open Source Device…

GSM Researcher stopped at Heathrow Airport by UK government officials