Hack a Day » cracking

Security Audit Kit in a Mouse

James Munns — Sat, 29 Jan 2011 14:00:25 +0000

Sometimes it helps to have an entire set of tools with you to tackle a problem, and sometimes it helps to take the discreet route. [StenoPlasma] took the latter of these approaches, and stuffed a USB hub, a 16 GB flash drive, and an Atheros based USB wireless adapter into a regular looking USB mouse to make a Linux bootable system in a mouse. Because he chose the Atheros adapter, he is also capable of doing packet injection with tools like Aircrack-ng, which can invaluable in a security audit or (white hat) hacking situation.

This is the only photo we have, so it could be possible that the mouse is no more than a mouse, however we know all of what [StenoPlasma] claims is 100% possible, so we’ll give him the benefit of the doubt, and hope this inspires others to hack up your own mouse kits. Be sure to check out the full parts list after the break.

Parts:

Targus USB 2.0 4-Port Bend-a-Hub (Stripped and re-soldered)
Belkin USB 10′ Extension Cord (with the extension USB in place to make it easy for me to change cable lengths)
IOGEAR Atheros Wireless B/G Injectable Cracking Adapter
Corsair Voyager Mini 16 GB Thumb Drive
Logitech MX310 Wired Optical Mouse

Filed under: linux hacks

Firefox master password recovery tool

Matt Schultz — Tue, 01 Sep 2009 20:09:06 +0000

It’s great in this day and age that browsers can remember our passwords for us, allowing us cross-site security without the hassle of memorizing a million different random passwords. It’s great, that is, until we forget our master password. Fret not, though; there is a solution. The folks over at Lifehacker show us how to use FireMaster to recover forgotten or misplaced Firefox master passwords. Perhaps a better solution is to just store those tricky passwords where nobody will find them.

Posted in downloads hacks, pcs hacks, security hacks

New WPA TKIP attack

Eliot — Mon, 10 Nov 2008 03:00:26 +0000

[Martin Beck] and [Erik Tews] have just released a paper covering an improved attack against WEP and a brand new attack against WPA(PDF). For the WEP half, they offer a nice overview of attacks up to this point and the optimizations they made to reduce the number of packets needed to approximately 25K. The only serious threat to WPA so far has been the coWPAtty dictionary attack. This new attack lets you decrypt the last 12 bytes of a WPA packet’s plaintext and then generate arbitrary packets to send to the client. While it doesn’t recover the WPA key, the attacker is still able to send packets directly to the machine they’re attacking and could potentially read back the response via an outbound connection to the internet.

[photo: niallkennedy]

[via SANS]

Posted in news, security hacks, wireless hacks