Lifehacker wrote a guide for cracking a WiFi network’s WEP password using BackTrack. BackTrack is a Linux live CD used for security testing and comes with the tools needed to break WEP. Not just any wireless card will work for this; you need one that supports packet injection. The crack works by collecting legitimate packets then replaying them several times in order to generate data. They point out that this method can be hit-or-miss, especially if there are few other users on the network, as the crack requires authenticated packets. We covered cracking WEP before, but using BackTrack should smooth out compatibility issues.
[Kyle McDonald] sent in his latest project, a software keylogger that twitters what you type. He wrote it using C++ and OpenFrameworks. It logs each keystroke, then it posts to twitter 140 characters at a time. To protect himself, he set up a whitelist of private strings like passwords and credit card numbers that would be stripped before posting. If the twypewriter followed him, his keystrokes could be recreated.
Everyone’s favorite packet sniffer has a new stable release. Wireshark 1.2.0 has a slew of new features. They’ve included a 64-bit Windows installer and improved their OSX support. A number of new protocols are recognized and filter selection autocompletes. One of the more interesting additions is the combined GeoIP and OpenStreetMap lookups. We’re excited about this new release as Wireshark has proven an indispensable tool in the past for figure out exactly what was going on on our network.
The term ‘warwalking’ isn’t used very often, but the Ekahau HeatMapper adds a new tool to the pod bound hacker’s arsenal. The tool maps out wireless access points as well as their signal strength within a facility. A test of the HeatMapper on a map made with AutoDesk Dragonfly accurately determined the location of a router within 3 feet and helped tune the angle it needed to be at for maximum range. Ekahau made a fantastically cheesy promotional video for their product, which is viewable after the jump. The program is free of charge, but unfortunately only runs on windows, so mac and *nix users are out of luck, though it might run under wine.
With all the noise about Conficker turning your computer into liquid hot magma on April 1st, there’s actually some positive news. Researchers from the HoneyNet Project have been following the worm since infections started in late 2008. They recently discovered an easy way to identify infected systems remotely. Conficker attempts to patch the MS08-067 vulnerability during infection. A flaw in the patch causes the machine to respond differently than both an unpatched system and an officially patched system. Using this knowledge, the team developed a proof of concept network scanner in python to find infected machines. You can find it in [Rich Mogull]’s initial post. [Dan Kaminisky] has packaged it as an EXE and has instructions for how to build the SVN version of Nmap, which includes the new signature. Other network scanner vendors are adding the code as well.
In conjunction with this detection code, the team has also released the whitepaper Know Your Enemy: Containing Conficker. It discusses ways to detect, contain, and remove Conficker. They’ve combined this with a tool release that covers Conficker’s dynamic domain generation among other things.
AndroidAndMe is running a bounty program for Android applications. Users can request a specific application and pledge money to be awarded to the developer who delivers the functional app. [Alec Holmes] just fulfilled the first request by creating Torrent Droid. You can use the app to scan media barcodes and then download the related torrent. It uses the phone’s camera to capture the product’s UPC barcode (similar to Compare Everywhere’s price lookup) and then searches major torrent sites like The Pirate Bay to find a copy that can be downloaded. After getting the .torrent file, the app can submit it to uTorrent’s web interface for remote downloading. The app will be released later this month and you can see a screenshot tour of it on Alec’s blog. It’s doubtful that an application like this would ever clear Apple’s App Store approval process.
[Tom] wrote in to tell us about his JavaScript project for motion detection. It ties together two ideas we’ve talked about recently. The first is doing image processing in-browser using Canvas(), which we’ve seen employed in captcha breaking. The second is offloading heavy processing to browsers, which we saw recently in the MapReduce implementation. [Tom] is using JavaScript to compare consecutive images to determine if there’s any motion. He did this as part of MJPG-Streamer, a program for streaming images from webcams. It can run on very limited hardware, but image processing can be very intensive. Doing the image processing in-browser makes up for this limitation and means that a custom client program doesn’t have to be written. You can find the code here and a PDF about the proof of concept.
Last week at Black Hat DC, [Moxie Marlinspike] presented a novel way to hijack SSL. You can read about it in this Forbes article, but we highly recommend you watch the video. sslstrip can rewrite all https links as http, but it goes far beyond that. Using unicode characters that look similar to / and ? it can construct URLs with a valid certificate and then redirect the user to the original site after stealing their credentials. The attack can be very difficult for even above average users to notice. This attack requires access to the client’s network, but [Moxie] successfully ran it on a Tor exit node.
[ghostwalker] has put together instructions for running X11 on your Android device. This means you can run a full-blown Linux desktop environment on your phone. It requires you to already have a Debian shell on the phone, which we covered earlier. Instead of having to come up with a custom display driver, it’s hooked to a VNC server. You can connect to it using an Android VNC viewer on the phone or via any other VNC client. The how-to suggests either IceWM or the even lighter-weight LXDE for a window manager. You could potentially install Gnome or KDE, but we’d be surprised if it was any faster than dog slow. Let us know if you have any success with this and what you think the best use is.
The first day of The Pirate Bay’s trial has concluded. The prosecution, representing many large media companies, is attempting to prove that the defendants are directly responsible for copyright infringement. The members of The Pirate Bay are treating the trial as a reality TV farce. From TorrentFreak’s coverage, it sounds like it’s off to a great start: “For several minutes, listeners of the live audio could hear mouse-clicks as Roswall [the prosecutor -Ed.], who earlier claimed to be an expert on computer crimes, tried to get his PowerPoint presentation on the screen.”
Facebook’s internal valuation was revealed this week thanks to shoddy PDF redaction. Court documents from a settlement between Facebook and ConnectU showed that Facebook values itself at $3.7 billion, much less than the $15 billion that was speculated during the Microsoft investment. The AP uncovered this by cutting and pasting from the redacted court document. It’s the same thing we showed in our PDF redaction screencast last summer… and it will never cease to be funny.
The Remote Exploit Development Team has just announced BackTrack 4 Beta. BackTrack is a Linux based LiveCD intended for security testing and we’ve been watching the project since the very early days. They say this new beta is both stable and usable. They’ve moved towards behaving like an actual distribution: it’s based on Debian core, they use Ubuntu software, and they’re running their own BackTrack repositories for future updates. There are a lot of new features, but the one we’re most interested in is the built in Pico card support. You can use the FPGAs to generate rainbow tables and do lookups for things like WPA, GSM, and Bluetooth cracking. BackTrack ISO and VMWare images are available here.
Here’s another video demo of [Eric]’s Besmoke interactive fluid simulation that we covered earlier. It was put together for the BIL Conference last weekend. This time around he’s strapped the iPhone to his head (complying with California’s handsfree laws). To make things interesting, he’s also added OCZ’s Neural Impulse Actuator to provide brainwave input.
Sony recently started to shipping the VAIO Pdon’t-call-it-a-netbook netbook. It comes stock with 2GB of RAM, which means it’s not eligible for Microsoft’s XP ultra low cost pc licensing. Hackers wanting to exorcise Vista have run into a few issues. After doing her unboxing photoshoot, [tnkgrl] wrote a guide for replacing Vista with XP on the Vaio P. She used the Universal Extractor to pop open the driver downloads and remove the Vista check. This got the WWAN radio and GPS working in XP. The only casualty was the volume and mute buttons are no longer working. You can see an annotated image verifying all the components here.
