HackrNews

Cryptographic researchers claim that the security found in most wireless access points can now be cracked in under a minute.

By refining an attack against Wired Equivalent Privacy (Wep) developed by Andreas Klein in 2005, enough packets could be collected to open up a Wep-protected network in around a minute. This is according to Erik Tews, Andrei Pychkine and Ralf-Philipp Weinmann at the cryptography and computer algebra group at the Technical University Darmstadt in Germany.

Cracks used on Wep used to take around 40 minutes as techniques needed far more packets to inspect to find the key used to encrypt the network.

The researchers said that it was possible to recover a 104-bit Wep key with a 50 per cent probability of success using just 40,000 captured packets.

‘For 60,000 available data packets, the success probability is about 80 per cent and for 85,000 data packets about 95 per cent,’ the researchers said. ‘Using active techniques like deauth and ARP re-injection, 40,000 packets can be captured in less than one minute under good conditions.’

They said the computation of the crack took about three seconds using 3MB of memory on a Pentium-M 1.7 GHz machine. ‘The same attack can be used for 40-bit keys too with an even higher success probability,’ they said.

The researchers implemented a proof-of-concept of the attack with the aircrack-ptw tool together with the aircrack-ng toolsuite. The tool is similar to aircrack-ng, which has been used in the past to crack Wep protected networks.

‘We believe that WEP should not be used in sensitive environments. Most wireless equipment vendors provide support for TKIP (as known as WPA1) and CCMP (also known as WPA2) which provides a much higher security level. All users should switch to WPA1 or even better WPA2,’ the researchers said.

The researchers plan to give a talk about the new crack at the Easterhegg 2007 security conference in Hamburg this month.

A paper describing the details and methods used in the attack can be found here.

Source: PcPro

Wep0ff is new tool to crack WEP-key without access to AP by mount fake access point attack against WEP-based wireless clients.

It uses combination of fragmentation and evil twin attacks to generate
traffic which can be used for KoreK-style WEP-key recovery.

This tool can be used to mount fake access point attack against WEP-based wireless clients.

Wep0ff is new tool to crack WEP-key without access to AP by mount fake access point attack against WEP-based wireless clients.

It uses combination of fragmentation and evil twin attacks to generate
traffic which can be used for KoreK-style WEP-key recovery.

This tool can be used to mount fake access point attack against WEP-based wireless clients.

You can download it here:

Wep0ff

Oracle Corp. has published a collection of software patches that address security vulnerabilities in a range of the company’s products, including its database and application server software. As part of this update, it also released a tool designed to ferret out commonly used default passwords that theoretically could be misused by hackers.

Earlier versions of Oracle’s database software included well-known default passwords and user names, for example “scott / tiger”. These accounts are also known to have been created by other software, such as application servers, that interact with the database, said Oracle Security Alerts Manager Darius Wiles

    The password scanner is a SQL (Structured Query Language) script that scans the database and then prints out the names of these well-known accounts if they are unlocked, Wiles said. “This tool is designed to catch those instances and then explain to customers the right thing to do to secure their systems.”The password scanner is a SQL (Structured Query Language) script that scans the database and then prints out the names of these well-known accounts if they are unlocked, Wiles said. “This tool is designed to catch those instances and then explain to customers the right thing to do to secure their systems.”

This page is the home for the Oracle default password list that we have collated. The list can also be thought of as a list of Oracle default password hashes.

The full details of the release can be found from Oracle Here (Oracle Critical Patch Update – April 2006).

The famous Phenoelit Default Password List has been updated

http://www.phenoelit.de/dpl/dpl.html

         eBay users are being targeted by an advanced Trojan that attempts to redirect traffic so it can silently bid on a car from the auction site’s car section, Symantec is warning. It is the latest security headache for eBay, which has faced an onslaught of complaints from some users who say fraud on the site has increased to unacceptable levels over the past few months.

        eBay officials are aware of the Trojan and are working with Symantec to prevent it from affecting buyers and sellers, a spokeswoman said.

        Trojan.Bayrob implements a proxy server so that traffic intended for eBay is instead sent to one of several sites controlled by the attacker. Traffic is redirected by changing settings corresponding to at least six eBay URLs in the victim’s hosts file. Once connected to rogue servers, Bayrob is programmed to download configuration data, including a variety of php scripts.

        At least one of the scripts, Var.php, downloads variables such as tokenized versions of eBay pages designed to dupe a victim into thinking they are legitimate. One such page spoofs eBay’s “Ask a question” section, which allows prospective buyers to – wait for it – ask sellers questions.

Source: The Register