I’m not going to reccomend it, but [cameron] modded his Sony Ericsson k800i to tase people as well as take pictures. Apparently, the k800i has a xenon flash – meaning that it’s got a high voltage potential available to drive the flash. He added a pair of 16uf caps and scored a good 300 volts to share with the unlucky.
[Vivek Ramachandran]‘s Cafe Latte attack was one of the last talks we caught at ToorCon. I’ve found quite a few articles about it, but none really get it right. It’s fairly simple and deals with cracking WEP keys from unassociated laptops. First your WEP honeypot tells the client that it has successfully associated. The next thing the client does is broadcast a WEP encrypted ARP packet. By flipping the bits in the ARP packet you can replay the WEP packet and it will appear to the client to be coming from an IP MAC combo of another host on the network. All of the replies will have unique IVs and once you get ~60K you can crack it using PTW. The bit flipping is the same technique used in the fragmentation attack we covered earlier, but Cafe Latte requires generation of far fewer packets. You can read about the Cafe Latte attack on AirTight Networks.