• Content count

  • Joined

  • Last visited

  • Days Won


Posts posted by chaostic

  1. With both WAP being cracked, and one version of WAP2 cracked as well, wtf is secure anymore? WEP/WAP/WAP2 is security against the inpatient and lazy, or the average freeloader. If someone wants in, etc. etc.

    I have never been able to crack WPA2. If you have a video of you doing it or someone else I would love to see it. :dry:

    The recent WPA crack is a TKIP problem. WPA2 with TKIP has the same exact flaw. So WPA2(TKIP) is cracked. Since half of all WPA2 devices only have TKIP option, it is a big problem.

    WPA2 + AES has not been cracked.



  2. Gentoo on a netbook would be terrible. Compiles of larger things would probably take 24 hours or longer.

    Of course, the first install should be cross-compiled on a better desktop. Everything else wouldn't be a problem.


  3. OK.

    I found it. The why it works and step by step for the 20 WEP pass-phrases in 30 Seconds.

    This can be done on the routers that Verizon gives out when you sign up for FiOS.

    Read the PDF (so anyone can open it), and tell me what you think. :wink:

    Take care,


    FiOS ExP.pdf

    Un-flipping-believeable!!! The uuber-stupidity of this is that there are TWO attack vectors. Since anybody can sniff the BSSID, that's a no-brainer.

    But wait, there's more...the other vector is:

    Are you familiar with OUIDs? The first three octets are assigned by manufacturer by IEEE.

    So if you know (or guess) the maker of the device, you've got the first, second, and third octets as a gimmee.

    For example, if the rocket-scientists at Verizon are using Actiontec, then 00:34:95 is going to be the first half of tens of thousands of pass-phrases.

    From there the rest of the pass-phrase is a simple six character combination of 0-9 and A-F. 470,184,984,576 combinations, or around 70 minutes at 500,000 PPS. In reality you would create a ~600mb rainbow table with the values pre-populated, and it would take less than 20 minutes (since mac addresses are pairs of hex digits, it would be a smaller pool).

    The blinding irony of this is that the keyspace for the AES encryption of WPA2 is gi-normous. Unless you're NASA with a room full of FPGAs, you are not going to ever get within a galaxy of brute-forcing AES. And yet, some Telco leaves the key under the mat..... :)

    With both WAP being cracked, and one version of WAP2 cracked as well, wtf is secure anymore? WEP/WAP/WAP2 is security against the inpatient and lazy, or the average freeloader. If someone wants in, etc. etc.


  4. VOIP accounts are not like POTS Lines. VOIP uses voice codecs optimized for voice, so data connections suffer. Same reason faxing over VOIP was bad until they came out with fax/data specific codecs.

    I assume this is the reason why if you send a file while talking to someone on skype, it sends at a miserably slow speed, i.e. bytes per second, but if you put the call on hold it does a good job of using up all your upload bandwidth?

    No. That is bandwidth throttling, QOS, packet prioritization/queuing. With things like vonage and hardware voice adaptors acting as another router that can ensure that it tries to use the most bandwidth that your network has for voice when you are trying to use voice.

    Also, some dsl connections (Don't know about cable) get degrading upload speeds if you are also downloading alot. Using both up and down is worse than using them individually.


  5. He's obviously talking about a hacked OSx86 installation. It depends, are there any netbook users on their forums? I've heard there's been some success with the Eee PC on previous versions, but I haven't tried it myself. It's a foreign OS to me, and jumping in head first on difficult and limited hardware doesn't seem like the way to go. How well does it actually run on these machines though? Can you get it fully functional and running as fast as Linux or XP?

    OSx86 works fine on some netbooks. The Dell Mini9/VostroA90 where perfect for it.

    The problem with 10.6 is that it is too new for a working x86 hack to be out and about yet. And with the large variety of netbooks, its a crapshoot.


  6. Wouldn't three passwords be better?

    1- Low Level Throw Away Web passwords

    2- High Level Web passwords (banking)

    3- Local passwords (Computer logins)

    Any network password can be found out, leaving your local computers at risk. Three passwords would prevent that.

    A further step would include a high level password for local encrypted files/access.


  7. ...

    But, Freed asked the question in a respectable way, and I assume he's only curious.


    Agreed. Must be something to it, ever notice how junk mail or bills never seem to be post-marked anymore?

    An interesting experiment might be to take some BS mail you get, drop it off in a drop box across town, and see if it makes it's way back to you. If it does, it would have some interesting implications.

    Bulk mail is pre-sorted by the mailer, and essentially pre-paid by contract with the USPS. No need to post-mark digitally scannable mail.


  8. Calm down, calm down. Christ.

    Geez...this is a hacking site right?

    I'm asking if anyone knows anything about them. I figured there would be a wealth of info and security around them BECAUSE they hold the money. I am a White Hat. I just don't know crap about them. Please don't assume my intentions; ask first.

    For instance you mentioned that they hold the info for the machine that it was printed by...well how do you know that? Where did you get that info? What else do you know? Or are you speculating?

    Just giving you a warning. White hat or not, ""hacking"" is hacking, and can land you in jail if an over-zealous prosecutor or cop gets on your ass.

    And just like the chart that PS posted, some of that info is human readable. Just look at some of the mail stamped by that machine at your office, and you will see what the serial number of the machine is.

    Honestly, I thought that info to be pretty common knowledge in regards to barcodes and tracking of postage use.


  9. I noticed that at a lot of the offices that I frequent they have a machine that I guess 'stamps' their mail. I also noticed that they are usually connected to their network directly. I was wondering if anyone has any info on these machines since I also found out that they contain the money inside them from which they deduct per stamped item. I wonder what OS or whatever they run and if you can connect to them like a Remote host. They obviously run the TCP/IP stack.

    Trying to Hack Government property

    Trying to defraud a Government organization

    Messing with the Postal Police

    All federal pmita prison offenses.

    Word to the weary, those machines tend to stamp the unique machine ID as well as the postage paid stamp. They do audit usage. You or the company that owns the machine would be caught eventually.


  10. Though I have had trouble installing it on those newer Linsys WRT models.

    Most newer WRTs have a VXWorks platform instead of just linux, so it is harder to replace. Also, skimping on hardware options like flash and ram made full dd-wrt options impossible, so you get the mini packs. Eh.


  11. Some places use an encrypted cookie or something like that, and make the password box display a mix of stars and the last four of the password. The stars are plaintext asterisks.

    Bank of America does this.

    So it is possible to avoid this problem in normal html.

    That's interesting...I didn't know bank of America does that...I'm probably misunderstanding you but do you realize that that setup is by far even less secure? The fact that it displays anything of the 'real' password has just increased the chances of someone breaking it, literally, exponentially. Even if they were bogus numbers all they are doing is using a substition which is in essence what the star is anyway. BTW...Both my bank and college are vulnerable to this trick.

    I have come across authentication programs that use 'tags.' Is that what you are talking about with the cookie? If you have more information on what they do please post.Also, it isn't hard to do what they are doing...all they are doing is turning on and off the password and text attribute of the Object for the Password Field; however, the variable containing the typed in password is plaintext. The 'stars' are just a 'graphic' to prevent people from literally looking over your shoulder and seeing the password. Like I said in my last post, just experiment and can turn the attribute on and off at will while in the browser.

    Also I didn't mean that HTML is flawed and prevents you from coming up with a solution...HTML with Javascript/VBScript/or any other powerful web scripting language can make HTML jump through hoops...the 'flaw' if it is a flaw (at some point plaintext must be transmitted to the point where it will be encrypted that's why key loggers even though simple are so pernicious) is that an Input field box (I don't know the 'official' designation for this in HTML but I think we all know what I mean) can be toggled to either show or obfuscate the inputted text. My point about third party solution was that you would have to come up with your own inputing program/solution to bring the encryption of the input 'closer' to the keyboard but there will always be a hack here since at some point plaintext is inputed. The point about changing the standard was so that an exclusive password/secure input box would be developed whereby the text is actually never placed onto the page but immediately encrypted and stored in a buffer in memory waiting to be transmitted to the external site, but since the current method of input is so widespread I thought that that would be very unlikely. I also wanted to explain that you are not cracking the password or anything too; the secure fetching and decrypting process had already occured and deposited the decrypted info in the the Object of the Password Field.

    The box is plaintext, not password object. The site uses javascript to live write the page, and fills in the plaintext box with the saved "olb_signin_prefill_multi" (or "olb_signin_prefill_multi_secure") information, the first 4 digits of the passcode + 6 asterisks. This prefill information is saved in a cookie, with a hash and date of last input. All you need to do to know the users passcode (Really, just a user name, you still need to recognize a picture and put in a password on a second page) is copy all the boa cookies to another computer. But by using the hash in a cookie instead of relying on the browser to store the password, you do prevent displaying what it is to someone using that javascript trick. On a locked down computer, it would make it harder to find out.


  12. So make 256 of these image tags.

    Not just 256. You would need alot more than that.




    And that's if they stick within the reserved private ip ranges.

    I was just discussing DD-WRT with a friend the other day, and he recommended OpenWRT instead.

    Does anyone have any experience with OpenWRT? What are the practical differences between OpenWRT and DD-WRT?

    OpenWRT is alot more flexible with hardware mods. OpenWRT on the fonera or Linksys was the first to have bit-banging i2c and SD card interfaces, and DD-WRT hasn't successfully ported most of those features, but tries to keep up. Better packaging system too.


  13. I use a DD-WRT variant out of necessity. Linksys thought it was a good idea to keep outgoing connection attempts in the state table for weeks. So whenever you fire up something like a torrent client and fire off a few hundred connection attempts (most of which will fail), you DOS yourself.

    There's no reason to trust or mistrust these distros any more or less than any other small Linux distro. One thing to remember is that people rarely upgrade these. Mine has been on there for 2 years or so, haven't upgraded it. If there are any remote vulns in the kernel, I'm really hanging out here. As for system security, there are not usually any services open on the internet side, so it's OK. It should be no different than the default firmware.

    There was a vulnerability for DD-WRT that was published a while back. It's only a problem if you have decided to allow management of the router via the web. That's probably not a very good idea anyway. The info is here.

    Well, there's more to it than that.

    <img src=";reboot">

    Combined with an img bbcode tag on these forums (with a redirect if needed) and anyone who views your thread is kicked offline.

    Anyone who leaves their router/network on the default network range isn't security minded in the first place.


  14. How good of an idea is it to rely on DD-WRT firmware to handle router security instead of it's manufacture's firmware?

    How reliable is this firmware? Stable?

    Robust security? No malicious source code? Backdoors?

    What are you experiences with DD-WRT... any thoughts, comments, or concerns?

    The thing about both DD-WRT and Linksys's firmware is that the source is out for both of them. You can check for backdoors, and as heavily worked on as both are, any would have been found and announced by now.

    DD-WRT uses iptables I believe for its firewall. IPtables is old and well established as one of the best firewalls out there.


  15. javascript:(function(){
    var s,F,j,f,i;
    s = "";
    F = document.forms;
    for(j=0; j<F.length; ++j) {
    f = F[j];
    for (i=0; i<f.length; ++i) {
    if (f[i].type.toLowerCase() == "password") s += f[i].value + "\n";
    if (s) alert("Passwords in forms on this page:\n\n" + s);
    else alert("There are no passwords in forms on this page.");


    Edit: Fixed /n to \n


  16. Last night someone broke into my car and took it for a drive.

    I have an idea of who it may be, but of course cannot be sure, nor is this any form of evidence.

    The only thing I can think of to try to catch the SOAB is for me to put notices around my area asking people who may of seen anything to call a cell phone number.

    I'm hoping the person(s) who did it may be unable to restrain themselves and call the number in order to take the piss. Here in the UK people enter 141 before they call a number in order to stop CallerID.

    Is there any way of me achieving this?

    Thanks for any advice.

    Have them call the number, try to accurately find out if the thief calls, and call the cops and let them know that the thief called your number at so and so time, so that they can go and bug your cell company for the billing number? Just cause you don't see the caller id doesn't mean your cell phone company doesn't.