Forming Voltron’s Blazing Sword For Real

Activate interlock! Dynotherms connected! Infracells up! Mega thrusters are go! If you grew up in the 80’s you undoubtedly know that quote means it’s time to form Voltron. The 1984 Lion Force Voltron series has shown an incredible amount of staying power. These 5 lions have come together to form no less than 3 reboot series, the most recent coming out just this month from Dreamworks and Netflix.

[Matt and Kerry Stagmer], blacksmiths for the Man at Arms web series haven’t forgotten Voltron either. Every episode of the original series ended with the mighty robot defeating enemies using an iconic blazing sword. While they might not be able to bring us 5 robot lions which join together to form one mega robot, [Matt and Kerry] can bring us a human sized version of Voltron’s sword (YouTube).

Starting with a high-resolution image of a toy version of the sword, [Matt] traced the outline. The shape was sent over to a plasma cutter. Rather than cut one sword, two outlines were cut. One in 1/4″ steel, the other in 3/16″. A CNC was used to cut grooves in the 1/4″ section. These grooves became the manifold for propane gas jets. Separate jets were cut around the perimeter of the sword. With this complete, the two pieces were carefully TIG welded together.

This sword isn’t all prop and no chop. The upper sections were heat-treated and sharpened to a razor edge. We won’t go so far as to call this practical. It wields more like an ax than a sword. At the end of the day it doesn’t really matter though – this blazing sword is completely awesome.

An interesting take on WEP cracking

[Ben Kurtz] is doing a little WEP cracking but in a bit of a different way than we’re used to. WEP cracking makes us think of war driving; driving around with your laptop open, looking for WiFi access points, and stopping to run some software when you find them. [Ben’s] way is similar but different in one key way, he’s using an iPhone as the frontend.

This started as a way to find a use for some leftover equipment. He threw together a Linux box and loaded up Aircrack-ng, the software we often see used in penetration testing. To remove himself from shady-looking activities in public he coded a web interface using the Python package Turbogears. It uses screen, a program often used with SSH to run services concurrently in different terminals, with the option to disconnect without stopping the processes. Now it’s just a matter of parking the hardware near an AP, and doing the work in a browser on your mobile device. You can check out the script he wrote, as well as installation instructions, in his post linked above.

[Thanks Tech B.]

[Note: Banner image not directly related to this post]

Crack WEP using BackTrack


Lifehacker wrote a guide for cracking a WiFi network’s WEP password using BackTrack. BackTrack is a Linux live CD used for security testing and comes with the tools needed to break WEP. Not just any wireless card will work for this; you need one that supports packet injection. The crack works by collecting legitimate packets then replaying them several times in order to generate data. They point out that this method can be hit-or-miss, especially if there are few other users on the network, as the crack requires authenticated packets. We covered cracking WEP before, but using BackTrack should smooth out compatibility issues.

New WPA TKIP attack


[Martin Beck] and [Erik Tews] have just released a paper covering an improved attack against WEP and a brand new attack against WPA(PDF). For the WEP half, they offer a nice overview of attacks up to this point and the optimizations they made to reduce the number of packets needed to approximately 25K. The only serious threat to WPA so far has been the coWPAtty dictionary attack. This new attack lets you decrypt the last 12 bytes of a WPA packet’s plaintext and then generate arbitrary packets to send to the client. While it doesn’t recover the WPA key, the attacker is still able to send packets directly to the machine they’re attacking and could potentially read back the response via an outbound connection to the internet.

[photo: niallkennedy]

[via SANS]

Criminals steal credit card data just by wardriving

Anime doll holding VISA card
A federal grand jury in Boston has charged eleven people with the theft of more than 41 million credit and debit card numbers from retail stores. What makes this case interesting is that, although the defendants stole the data from retail establishments, they did so without ever having to leave their cars; they stole the numbers while wardriving. While the report doesn’t make it clear whether the targeted networks used weak encryption or were simply unsecured, it’s obvious that the security of your data is still not a top priority for many companies.

[photo: Mujitra]

ToorCon 9: Retrieving WEP keys from road warriors

[Vivek Ramachandran]’s Cafe Latte attack was one of the last talks we caught at ToorCon. I’ve found quite a few articles about it, but none really get it right. It’s fairly simple and deals with cracking WEP keys from unassociated laptops. First your WEP honeypot tells the client that it has successfully associated. The next thing the client does is broadcast a WEP encrypted ARP packet. By flipping the bits in the ARP packet you can replay the WEP packet and it will appear to the client to be coming from an IP MAC combo of another host on the network. All of the replies will have unique IVs and once you get ~60K you can crack it using PTW. The bit flipping is the same technique used in the fragmentation attack we covered earlier, but Cafe Latte requires generation of far fewer packets. You can read about the Cafe Latte attack on AirTight Networks.