It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
WiFi threat: Attention ATS wireless users
page: 3share:
A question? So whats the best aand safest way to access the internet with a portable laptop? I dont mean in wi-fi spots. In general, is a mobile
broadband any better? Thanks in advance.
Originally posted by benrl
Not scared, Im no internet n00b, Ive been selling and building PC's since windows 95, worked for Microsoft for a while (not bragging cause trust me that means jack and squat).
*throws handfuls of ketchup packets at you* PACKETSTORM! LOL I had to do it. I got you beat, I started on a mainframe vax/vms at work, and pre internet or even windows at home for fun. I like your Microsoft comment, I one time very early on in Win 95 called them for assistance on a repeating BSOD I was experiencing, they could not help me, I figured the issue out myself and called them back.
Originally posted by benrl
When ever I encounter internet users who know almost nothing about the machines they are using it always reminds me of the stereotypical women driver who does not know anything about the vehicle shes using (stereo type, not serious)
OHHHH NOIOOOO! Not the SHE thing NOOO LOL. I will never forget my first Linux install I was having difficulties getting optimal performance with my connection so I joined a Linux help channel on IRC to ask about it, with a sorta female nick and this guy kept calling me PHIL. Finally I asked him wtf was up with the PHIL stuff and was informed that females did not IRC and absolutely would not know anything about Linux.
I pwned him dammit. I be 0ld Sch00l
Someone posted on another website, a custom built "PC in a briefcase" with 10 mid-range graphics cards and 2 nettwork cards, that could crunch
through wpa2-psk personal in less than 30 minutes, using the graphics cards to do the number crunching.
Theres no such thing as a secure wifi, at all. They can all be broken into by someone willing to put the time, money and resources into it.
Yes the "briefcase" was more the size of a small packing crate, but it was portable, if you had a car.
All you can do is make it as hard as possible. Unless I have something someone wants badly, they aren't going to spend 10hrs cracking my wpa2-psk key, they will move on to the guy down the road who is still using WEP64 (idiot).
Theres no such thing as a secure wifi, at all. They can all be broken into by someone willing to put the time, money and resources into it.
Yes the "briefcase" was more the size of a small packing crate, but it was portable, if you had a car.
All you can do is make it as hard as possible. Unless I have something someone wants badly, they aren't going to spend 10hrs cracking my wpa2-psk key, they will move on to the guy down the road who is still using WEP64 (idiot).
reply to post by brill
I'm actually basing my final year dissertation in uni on basic home router security and I agree with you. There are a few basic steps to take that a majority of people don't do with their home routers such as;
- Switch router off when not used e.g. going to bed, work etc
- Turn off unused ports e.g. torrent ports
- Have separate passwords for connecting to router and router admin
- Change passwords frequently
- Check security logs every time you notice your internet running slow
- Keep updated on wireless security
- Run anti-virus frequently
I walked around a few streets with my iPhone testing how many networks I could connect to without having to put in a password and honestly, a majority of people don't even bother to password their routers.
I honestly don't think that the basic quick set up of a router is sufficient enough for a majority of users. Things like passwords should not be optional during the first set up, the user should have to enter a password and then if they don't want to use it, they should have to go into the advanced settings to disable it.
I'm actually basing my final year dissertation in uni on basic home router security and I agree with you. There are a few basic steps to take that a majority of people don't do with their home routers such as;
- Switch router off when not used e.g. going to bed, work etc
- Turn off unused ports e.g. torrent ports
- Have separate passwords for connecting to router and router admin
- Change passwords frequently
- Check security logs every time you notice your internet running slow
- Keep updated on wireless security
- Run anti-virus frequently
I walked around a few streets with my iPhone testing how many networks I could connect to without having to put in a password and honestly, a majority of people don't even bother to password their routers.
I honestly don't think that the basic quick set up of a router is sufficient enough for a majority of users. Things like passwords should not be optional during the first set up, the user should have to enter a password and then if they don't want to use it, they should have to go into the advanced settings to disable it.
reply to post by brill
if you're willing to spend 10 hours brute forcing my wireless key, then i guess you deserve access to my copy of Starcraft 2 and Microsoft Office.
Warning heeded but if you have nothing worth stealing, you shouldn't be spending too many late nights awake worrying about this.
if you're willing to spend 10 hours brute forcing my wireless key, then i guess you deserve access to my copy of Starcraft 2 and Microsoft Office.
Warning heeded but if you have nothing worth stealing, you shouldn't be spending too many late nights awake worrying about this.
reply to post by Beavers
Brute forcing can be more or less a case of running the program to brute force the password for you. A program that just processes a huge list of passwords and enters them into the password field for you. I'm sure a similar thing happened to TK Max which ended up costing them around $500m in theft and then compensation to their customers who had their credit card details stolen. If I remember rightly it was the chip and pin service that was running to a remote computer and was accessed by hackers.
news.bbc.co.uk...
Brute forcing can be more or less a case of running the program to brute force the password for you. A program that just processes a huge list of passwords and enters them into the password field for you. I'm sure a similar thing happened to TK Max which ended up costing them around $500m in theft and then compensation to their customers who had their credit card details stolen. If I remember rightly it was the chip and pin service that was running to a remote computer and was accessed by hackers.
news.bbc.co.uk...
a single wep can be cracked in 10 to 20 mins.
a whole neighborhood could be cracked in less than 10 hrs
the fbi has demonstrated 10 min wep cracking, video is available. i remember watching it not too long ago
a whole neighborhood could be cracked in less than 10 hrs
the fbi has demonstrated 10 min wep cracking, video is available. i remember watching it not too long ago
edit on 30-12-2011 by spaceg0at because: woof
reply to post by spaceg0at
It wasn't about WEP cracking, WEP cracking is trivial and any good geek can crack a WEP protected WIFI very rapidly. It was about the more secure WPA-PSK and WPA2-PSK, which are considerably more secure, but still not totally secure.
It wasn't about WEP cracking, WEP cracking is trivial and any good geek can crack a WEP protected WIFI very rapidly. It was about the more secure WPA-PSK and WPA2-PSK, which are considerably more secure, but still not totally secure.
At a recent ISSA (Information Systems Security Association) meeting in Los Angeles, a team of FBI agents demonstrated current WEP-cracking techniques
and broke a 128 bit WEP key in about three minutes.
www.informationweek.com...
most homes still have wep networks
www.informationweek.com...
most homes still have wep networks
edit on 30-12-2011 by spaceg0at because: (no reason given)
Originally posted by Beavers
reply to post by brill
if you're willing to spend 10 hours brute forcing my wireless key, then i guess you deserve access to my copy of Starcraft 2 and Microsoft Office.
Warning heeded but if you have nothing worth stealing, you shouldn't be spending too many late nights awake worrying about this.
Right. So when and if an end user is compromised in this fashion, then the fun starts. One starts to monitor all traffic leaving said PC, including banking, e-commerce, perhaps business emails. Then start siphoning bank accounts to a mule service, blackmail the user, intercept VoIP traffic, etc. The point here is that although you specifically may not be at risk, thousands are.
On another note a few folks need to re-read the OP. Again this is not about using BackTrack for cracking WPA/WPA2 keys, not at all what has been said. WEP is another issue entirely. Some of the knee jerk responses are clearly showing that people suffer basic reading comprehension.
The time frame for this attack is because there are 8 digits involved. All possibilities are used, you are not capturing and cracking traffic, this is just pound the access point until the WSP is known, and with 8 random digits that time frame works out to approx 10 hours, or less of course.
brill
edit on 30-12-2011 by brill because: (no reason given)
Originally posted by spaceg0at
a single wep can be cracked in 10 to 20 mins.
a whole neighborhood could be cracked in less than 10 hrs
the fbi has demonstrated 10 min wep cracking, video is available. i remember watching it not too long ago
edit on 30-12-2011 by spaceg0at because: woof
Re-read the OP, a few times. This is not about WEP..
brill
Being in the Network/IT/Security industry, I gotta say that this should be pinned and flagged for every internet user.
There are measures that really need to be taken to increase security of WiFi home networks.
Change to a WPA2 security setup.
Go to a 16 digit password, using uppercase, lowercase, letters, numbers and special characters.
Turn off the SSID broadcast.
Turn on hour setting for usage. If everyone will be asleep from 10 at night to 6 in the morning, most home WiFi routers have this setting.
Set it up to only allow certain MAC addresses. And I know that you can spoof them, but by deploying all of these measures, it makes it that much harder and the person war driving might just move on to the next person.
Hope this helps.
There are measures that really need to be taken to increase security of WiFi home networks.
Change to a WPA2 security setup.
Go to a 16 digit password, using uppercase, lowercase, letters, numbers and special characters.
Turn off the SSID broadcast.
Turn on hour setting for usage. If everyone will be asleep from 10 at night to 6 in the morning, most home WiFi routers have this setting.
Set it up to only allow certain MAC addresses. And I know that you can spoof them, but by deploying all of these measures, it makes it that much harder and the person war driving might just move on to the next person.
Hope this helps.
Apparently there is a commercial version of this attack with a convenient gui.
More ammunition for script kiddies.
brill
More ammunition for script kiddies.
brill
Originally posted by brill
Apparently there is a commercial version of this attack with a convenient gui.
More ammunition for script kiddies.
brill
Yep. Nothing like not learning anything, not knowing how it works or why, just pushing a button and *Poof* there is is.
Next step would be using an RSA for your home network.
Or, keep WiFi use to a minimum.
Originally posted by BMorris
Someone posted on another website, a custom built "PC in a briefcase" with 10 mid-range graphics cards and 2 nettwork cards, that could crunch through wpa2-psk personal in less than 30 minutes, using the graphics cards to do the number crunching.
Theres no such thing as a secure wifi, at all. They can all be broken into by someone willing to put the time, money and resources into it.
Yes the "briefcase" was more the size of a small packing crate, but it was portable, if you had a car.
All you can do is make it as hard as possible. Unless I have something someone wants badly, they aren't going to spend 10hrs cracking my wpa2-psk key, they will move on to the guy down the road who is still using WEP64 (idiot).
Yep, and the Graphics cards are used for the Cointel crunching as well.
reply to post by brill
How do you disable anonymous? Seems they take information we have on our computers or elsewhere and share it. Why should I worry about my modem and not anon?
How do you disable anonymous? Seems they take information we have on our computers or elsewhere and share it. Why should I worry about my modem and not anon?
Simply setup password which will look something like that:
"This Is My Super S3cret P4ssword 4nd No 1 Will Ever H4ck It"
Good look brute forcing it.... 100 000 years.
"This Is My Super S3cret P4ssword 4nd No 1 Will Ever H4ck It"
Good look brute forcing it.... 100 000 years.
Originally posted by GunzCoty
10 hours? i did it in 15 mins using backtrack to hack mine. And lets face it Wi-Fi is not really secure at all.
And to think of all the people i see in coffee shops with there laptops open typing away without thinking about the security or lack there of. Hacking a "hot spot" is easier then hacking the laptops using it. Think about that next time your out and about. Be smart be safe.edit on 12/29/2011 by GunzCoty because:
Or setting up a fake hotspot in the same area, having the unknown user sign in and they have full access to the users device.
WiFi is a very scary thing, when examined.
To the untrained everyday user, it seems easy and useful.
A double edged sword in the Network Community if I ever saw one.
Originally posted by ophis
Simply setup password which will look something like that:
"This Is My Super S3cret P4ssword 4nd No 1 Will Ever H4ck It"
Good look brute forcing it.... 100 000 years.
No Special Characters????
A good old packet capture as you first sign on could negate that.
Given you have the right tools and training.
reply to post by brill
This is assuming you use WPS.
I never use it.
And assuming also that it gets turned off when you use manual mode.
This isn't a problem.
Just go into the router and use the manual setting.
Make sure to use wpa since wep is insecure and can be hacked.
Password should be at least 8 characters with 1 uppercase, 1 lowercase, 1 number and a special character. And make sure it's not a dictionary word.
Something along these lines.
G8f1n0h?
Remember that it's been shown that hackers can crack a simple password in about 8 seconds. Using the right setup of course.
This is assuming you use WPS.
I never use it.
And assuming also that it gets turned off when you use manual mode.
This isn't a problem.
Just go into the router and use the manual setting.
Make sure to use wpa since wep is insecure and can be hacked.
Password should be at least 8 characters with 1 uppercase, 1 lowercase, 1 number and a special character. And make sure it's not a dictionary word.
Something along these lines.
G8f1n0h?
Remember that it's been shown that hackers can crack a simple password in about 8 seconds. Using the right setup of course.
new topics
-
WF Killer Patents & Secret Science Vol. 1 | Free Energy & Anti-Gravity Cover-Ups
General Conspiracies: 1 hours ago -
Hurt my hip; should I go see a Doctor
General Chit Chat: 1 hours ago -
Israel attacking Iran again.
Middle East Issues: 3 hours ago -
Michigan school district cancels lesson on gender identity and pronouns after backlash
Education and Media: 3 hours ago -
When an Angel gets his or her wings
Religion, Faith, And Theology: 4 hours ago -
Comparing the theology of Paul and Hebrews
Religion, Faith, And Theology: 4 hours ago -
Pentagon acknowledges secret UFO project, the Kona Blue program | Vargas Reports
Aliens and UFOs: 5 hours ago -
Boston Dynamics say Farewell to Atlas
Science & Technology: 5 hours ago -
I hate dreaming
Rant: 6 hours ago -
Man sets himself on fire outside Donald Trump trial
Mainstream News: 8 hours ago
top topics
-
The Democrats Take Control the House - Look what happened while you were sleeping
US Political Madness: 9 hours ago, 18 flags -
In an Historic First, In N Out Burger Permanently Closes a Location
Mainstream News: 11 hours ago, 16 flags -
A man of the people
Medical Issues & Conspiracies: 16 hours ago, 11 flags -
Biden says little kids flip him the bird all the time.
Politicians & People: 8 hours ago, 9 flags -
Man sets himself on fire outside Donald Trump trial
Mainstream News: 8 hours ago, 8 flags -
Pentagon acknowledges secret UFO project, the Kona Blue program | Vargas Reports
Aliens and UFOs: 5 hours ago, 6 flags -
Israel attacking Iran again.
Middle East Issues: 3 hours ago, 5 flags -
Michigan school district cancels lesson on gender identity and pronouns after backlash
Education and Media: 3 hours ago, 5 flags -
Boston Dynamics say Farewell to Atlas
Science & Technology: 5 hours ago, 4 flags -
WF Killer Patents & Secret Science Vol. 1 | Free Energy & Anti-Gravity Cover-Ups
General Conspiracies: 1 hours ago, 3 flags
active topics
-
When an Angel gets his or her wings
Religion, Faith, And Theology • 4 • : randomuser2034 -
Man sets himself on fire outside Donald Trump trial
Mainstream News • 34 • : WeMustCare -
In an Historic First, In N Out Burger Permanently Closes a Location
Mainstream News • 10 • : Degradation33 -
SC Jack Smith is Using Subterfuge Tricks with Donald Trumps Upcoming Documents Trial.
Dissecting Disinformation • 100 • : WeMustCare -
Israel attacking Iran again.
Middle East Issues • 23 • : KrustyKrab -
So I saw about 30 UFOs in formation last night.
Aliens and UFOs • 37 • : charlyv -
Hurt my hip; should I go see a Doctor
General Chit Chat • 11 • : TheLieWeLive -
Sheetz facing racial discrimination lawsuit for considering criminal history in hiring
Social Issues and Civil Unrest • 7 • : Caver78 -
Silent Moments --In Memory of Beloved Member TDDA
Short Stories • 48 • : Encia22 -
MULTIPLE SKYMASTER MESSAGES GOING OUT
World War Three • 52 • : cherokeetroy