This looks awesome! Most “hacking” documentaries tend to bore me a bit. This one looks both informative and exciting! Here’s the teaser:
More info can be found at code2600.com
Nov 202009
Hi Everone! I have been visiting a coffee shop a lot lately that offers free WiFi. I have been using the connection to work on various things. I wanted to make sure that my browsing had some encryption to avoid sending out plain text data, so I figured out how to route my browser traffic through an SSH connection! The method basically uses an SSH connection as a proxy for the browser.
You will need:
- An SSH server that you can log into.
- An SSH Client on the computer you are using.
- A web browser.
The first thing we will need to do is connect to the SSH server. We will be using a special command flag when logging in in order to set a port and to avoid opening up an interactive shell. The command you will run is:
ssh -ND 9999 you@example.com
Replace “you” with your login name for the server and “example.com” with the address of the server. You will notice that after you enter your password, nothing will happen. It will just sit there. That is exactly what we want. Now, minimize the SSH client or Terminal window. Next, open your browser. I will show you the settings for Firefox, but the setup is more or less the same for other browsers.
In Firefox
Open your Firefox settings. In Windows, it’s in the “Tools” menu. In Linux, it’s in the “Edit” menu. In Apple, it’s in the “Firefox” menu. Once you have the settings window open, click on the “Advanced” section and then the “Network” tab. Next, click the “Settings” button next to where it says, “Configure how Firefox connects to the internet”. Select the option that says “Manual Proxy Configuration”. The only thing we change here is the SOCKS Host and the Port. For the SOCKS Host, enter “localhost” and 9999 for the port number. It should look like this:
This is a very old method for setting up a SOCKS Proxy, but it works quite well. Please feel free to comment!
Mar 292009
Stumbling around the internet today and I came across this awesome little comic strip! It made me laugh, so I felt like sharing it here. Enjoy!
Source: http://www.linuxhaxor.net/2009/03/29/lh-strip-2-getting-priorities-right/
by Tom Duffy
Okay, this is a subject that gets me going! I am a bit obsessive about my network security and when WEP first became popular I began using it right away. Then, as soon as I started hearing rumors about wireless sniffing, packet injection, and WEP cracking I immediately changed the way I look at wireless security. Obviously, it is important to keep your network secure. But at what cost? Some of the security options out there are seriously more effort than they are worth! Even setting up WPA on my home network was a hassle because I have 5 computers on the network. Three are various Linux distros, 1 Mac PowerBook, and 1 Windows XP laptop. I also have an Xbox 360 with a wireless adapter. In order to get all of these devices connected with WPA, I had to jump through several hoops. So what is a simple and safe way to secure my wireless network? Well, in order to answer this, I decided to learn how to crack a WEP key and try to hack my network in various states with different security features. Here are the results:
1. 64 Bit WEP Without MAC Filtering
This was scary…took me about 3 or 4 minutes to collect enough IV’s to crack the wep key. If you don’t know what IV’s are, please read about cracking wep here.
2. 128 Bit WEP Without MAC Filtering
This one took a little bit more time, but once there was ARP requests from the router to my wireless adapter, the IV’s started pouring in. Total crack time was 12 minutes.
3. WPA Personal TKIP with a 6 character passphrase
Had to relearn the process a little for WPA, but once I got the hang of it this took me about 15 to 20 minutes.
4. WPA Personal TKIP with a 20 character passphrase
I know that there are people who can crack this…but I simply couldn’t.
5. WPA AES/TKIP With RADIUS
Couldn’t crack this either.
Okay, so my findings are that WEP is useless right? Well, not entirely. I found that by not broadcasting the ESSID and filtering MAC addresses, 128 Bit WEP was enough to make me feel kinda safe. WPA Personal with a long passphrase was the best option for me. This is because of the combination of ease of setup and good security. The reason for the long passphrase is to avoid rainbow table cracking.
So what is the truth about WEP cracking? Well, the truth is that there aren’t a whole lot of people out there who are any good at it. A lot of people download BackTrack or another liveCD linux distro with wep cracking tools and they assume that the tools just crack wep for them. The reality is that the tools that are used for WEP cracking are quite complex. I personally am not concerned about someone trying to crack my wireless network. However, I am concerned about my client’s networks. Business networks should be as secure as possible. Always.
So, if you just bought a new wireless router and are thinking that you’ve done the right thing by securing it with WEP, please reconsider, but let’s not get paranoid…there isn’t an army of hackers trying to crack your wep key. I hope that this helps someone!
Jun 022008
by Tom Duffy
I have had a lot of experience trying to get clients to use secure passwords and the common problem that comes up is that secure passwords are often difficult to remember. So, I came up with a simple solution to this. Let’s get started:
First, we should pick our favorite song. For the sake of this tutorial, I will use Stairway To Heaven by Led Zeppelin. Now, pick a line from the song that is 7 or more words long. I will use the line “And she’s buying a stairway to heaven”.
Next, take the first letter of each word in that line of the song. Mine would be:
ASBASTH
Now, alternate between lower case and upper case:
aSbAsTh
Next we will choose a letter in this that can also be represented by a number. Some examples of this would be to use a 5 instead of an S or a 1 instead of an I. So, I will use a 5 instead of the capital S:
a5bAsTh
Next, we will add a character that is not alpha-numeric such as a $ or a # and add it to the beginning and end of the string. I will use a $:
$a5bAsTh$
“$a5bAsTh$” is a very secure password. A brute-force attack would take a LONG time to break this and a dictionary attack would simply fail. The best part is that even though this password is very secure, all I have to remember is that line from the song with a “$” on either side of it and a “5″ instead of an “S”. I recommend this to all of my clients now and it has convinced a lot of computer novices that they can have secure passwords without the worry of forgetting what they are! I sure hope that this helps some people!
Recent Discussion