Author Archives: Dale

milw0rm is sadly no more

milw0rm1milw-rm

I meant to post this yesterday, but I just couldnt get the time, and today the site has gone from the Intertubes, so I just got the above from the Google Cache.

milw0rm was an excellent site, with all the latest exploits, vids and white papers and it will be surely missed. I wonder if anyone wants to step up and take it over.

Update : July 9th 2009 – milw0rm has risen again, there has been a change of mind 🙂

milw0rm

Schneier backtracks on the no value of masked passwords.

I posted previously about Schneier and Nielsen saying that the masking of passwords had no value, and decreased security.

Bruce has since made a posting on his blog retracting his comments some what.

I was certainly too glib. Like any security countermeasure, password masking has value. But like any countermeasure, password masking is not a panacea. And the costs of password masking need to be balanced with the benefits.

So was I wrong? Maybe. Okay, probably. Password masking definitely improves security; many readers pointed out that they regularly use their computer in crowded environments, and rely on password masking to protect their passwords. On the other hand, password masking reduces accuracy and makes it less likely that users will choose secure and hard-to-remember passwords, I will concede that the password masking trade-off is more beneficial than I thought in my snap reaction, but also that the answer is not nearly as obvious as we have historically assumed.

I think its good he has had time to think about his initial response, and I agree there are pros and cons, but he was wrong to totally dismiss the benefits.

So good one Bruce on posting, what I would call a more realistic opinion.

EnCase Portable… Data Collection on the move

So EnCase are releasing a new USB offering, called EnCase Portable. I am a big fan of the EnCase product, having attending many of their training courses, and using their product in the corporate environment.

EnCase say this new tool makes data gathering in the field a doddle, and I guess it something similar to Microsofts Cofee Offering (I will speak about this more once I get a copy) and allows anyone to plug in, say whats needed and let the software do the data collection.

I think this is the way alot of these tools will be going for data collection, especially as the use of NetBooks is growing and they dont have a CD drive to boot from.

EnCase Portable is a data acquisition solution delivered on a USB drive that leverages the powerful search and acquisition capabilities of EnCase®.  The solution searches a targeted computer and automatically collects data, including documents, Internet history and artifacts, images, other digital evidence, and even entire hard drives.

Unlike other solutions that reside on laptops, EnCase Portable is a pocket-sized tool that saves time and money.  Users can collect forensically-sound data when target systems cannot be transported due to cost or time constraints imposed in field situations.


Key Features

  • Plug in and collect data immediately
  • Enable novice computer users to be data collectors in matter of minutes
  • Acquire data anywhere with EnCase Portable’s pocket-sized kit
  • Search and collect cyber-intelligence without leaving a trace
  • Store collected data in the forensically sound, court-validated EnCase® Logical Evidence File format
  • Capture data from running or powered-off systems
  • Customize search and collection jobs to create and configure more complex search criteria
  • Easily install EnCase Portable on any USB drive

Exotic Liability Podcasting… Listen to it, you know it makes sense.

Exotic Liability is an excellent InfoSec podcast. I know there are lots around, and I enjoy them to. Chris Nickerson, Ryan Jones and Karen Maeda (aka Jackalope) provide an informative and entertaining show, with great guests and topics of discussions. Also check out the site and the live chat room. Also they are looking for people to call in and say hi, I did on EP#24.

Sick of the podcasts that are telling you stuff you already know? Tired of the same old “read the sheet” presentation skills of most podcasts? Looking for fresh content and expert outlook? Bleeding edge and beyond…. Exotic Liability will push you into the new generation of Security. On your own or by force, we will be bringing you the best content from the TOP of the Security industry. No more firewall admins speculating about how attacks happen, these are the pros. These are the people that make Security tick. If you are tired of the old solutions and rhetoric, join in.

Here’s an Idea of the guests and talent past and future joining us:

HD Moore (http://en.wikipedia.org/wiki/H_D_Moore)
Chris Roberts (http://www.cyopsis.com/company/executive-team/15)
Eric Cole (http://www.oreillynet.com/pub/au/2038)
Dark Tangent (http://en.wikipedia.org/wiki/Jeff_Moss_(hacker))
Chris Wysopal (http://www.veracode.com)
Christien Rioux (http://en.wikipedia.org/wiki/Dildog)
Frank Thornton (http://www.oreillynet.com/pub/au/1383)
Mubix (http://www.room362.com)
Alex Horan (http://blog.coresecurity.com/?author=3)
Mike Kershaw: ((http://www.kismetwireless.net))
Nick Farr (http://hacdc.org)
Don Bailey
ValSmith (http://www.attackresearch.com/)
Chris Gates (http://carnal0wnage.blogspot.com/)
Max Caceres (http://www.matasano.com/)
Delchi (http://video.google.com/videoplay?docid=-4771262945479844976)
Mike Murray (http://episteme.ca/)

LinkedIn Certificate Expires…. Someone forgot to pay the bill.

Those of you that use LinkedIn may have noticed that your getting a certificate verification issue with trying to authenticate yourself. Seems someone at LinkedIn forgot to set a reminder and pay the bill as the cert expired 06/07/2009 @ 17:14:16 PM GMT.

So all aboard the Fail bus for those guys today. Its an easy mistake to make I guess, but you would have hoped for something abit better.

LinkedIn

WPA Cracking Dictionarys… Bigger can be better

I have finally made some time to have a look at the BackTrack 4 pre release, and one of the things I decided to test out first was the new version of kismet, and this obviously lead onto to some WEP and WPA cracking.

We dont need to go into the WEP issues, you only have to look at it and it rolls over, but WPA is a different animal.

So we set airodump running, then deauth a connected client (we need this with WPA, I am not aware of a clientless attack), once this is successful we should of captured the 4 way handshake, so now let the cracking commence.

*I have not done any tutorials on this as there are just millions of guides around on the intertubes, but if enough people ask I would be happy to put something together at some point.

So, what this post was about to start with, getting the crack on. So for WPA you need brute force, so you need some good dictionarys and / or rainbow tables. I have a few already, but its always good to have a few more so I had a search about and came across a couple of sites that I thought I would share. It is worth noting these files can be BIG, and when you use something like aircrack you going to have issues reading the files so your going to need to split them up into files of 500Mb or less in my experiance.

This is simple enough to do in Linux witht he split command
split –bytes=50m “filename.txt” “outputfilename”

Torrent Download for Purehates Worldlist – 2.5GB worth

Offensive Security WPA Tables

wifi0wn Blog – Links to about 20 dictionarys including different languages

Image of Cracked WPA provided by Click Death Squad

Image of Cracked WPA provided by Click Death Squad