May 17, 2012

You are here: Home / Archives for Ethical Hacking

Amazon EC2 Used to Hack Wi-Fi – WPA Now Redundant?

January 11, 2011 By

Wi-FiGerman researcher Thomas Roth has announced that he has successfully been able to break into a Wi-Fi network encrypted with the Wi-Fi Protected Access (WPA) protocols in under 6 minutes by using Amazon EC2 cloud computing.

Roth uses a brute force approach to try to gain entry to the network. Using Amazon’s cloud based computing, which can be used for just 28 cents per minute, his technique is to try and decrypt WPA by forceable trying up to 400,000 password per second. This means that in 6 minutes Roth’s software tries 144,000,000 password.

When speaking to Reuters Roth said “People tell me there is no possible way to break WPA, or, if it were possible, it would cost you a ton of money to do so. But it is easy to brute force them.”

Roth will present his software to the public and teach people how to use it later this month at the Black Hat hacking conference in Washington, D.C.

Amazon have been quick to point out that using Amazon Web Services (AWS) and its Elastic Compute Cloud (EC2) computing service violates their terms and conditions (and is illegal in many places around the world) without the permission of the Wi-Fi network owner.

Filed Under: Amazon, Ethical Hacking, Wire-less Tagged With: , ,

Second Live Hacking Workshop in South Africa an Overwhelming Success

December 2, 2010 By

Dr. Ali Jahangiri has just finished the second Live Hacking 2010 South Africa workshop and it has been hailed as a resounding success by all involved. Based on his book ‘Live Hacking: The Ultimate Guide to Hacking Techniques and Countermeasures for Ethical Hackers and IT Security Experts’ participants are introduced to the world of ethical hacking and information security.

Dr. Ali Jahangiri, international author and information security expert, is pleased to report that the second Live Hacking 2010 South Africa workshop was a great success. Due to the great success of these workshops Dr. Jahangiri is also pleased to announce that the Live Hacking workshop will be back in South Africa on 7 – 10 March 2011.

The second Live Hacking 2010 South Africa ethical hacking workshop was held in Pretoria, the capital of South Africa, in association with InfoCure the exclusive organizer of Live Hacking workshop series in South Africa.

During the workshop attendees are introduced to the world of hacking and information security and given the knowledge they need to thwart the criminal elements in cyberspace. The South African attendees learnt how to hack and crack using the techniques and tools of real hackers.

“The second Live Hacking 2010 South Africa workshop was a great success and we had participants from so many different areas of information technology” said Dr. Jahangiri at the end of the workshop. “I am pleased to announce that there will be another Live Hacking South Africa Workshop in March next year.” Dr. Jahangiri went on to thank InfoCure for making this workshop a success.

Places are limited for the next Live Hacking South Africa Workshop so it is recommended that potential attendees book soon. Any IT professionals interested in attending should visit the live hacking website: livehacking.com for more details.

During these workshops Dr Jahangiri reveals the “tricks of the trade” while drawing on his many years of academic, professional and practical experience to equip you and your organization with the know-how you need to defend your data against the rising tide of ubiquitous and persistent cyber criminals.

Filed Under: Ethical Hacking, Live Hacking Tagged With: , , , ,

Damage limitation: Mitigating exploits with Microsoft’s EMET

October 15, 2010 By

Security vulnerabilities in applications have become an everyday problem. Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) activates extra protection mechanisms included in recent versions of Windows, which are able to frustrate many attacks. However, getting the configuration right can sometimes be harder than you might think.

Source: [TheHSecurity]

Read the full article here.

Filed Under: Ethical Hacking, Windows Tagged With: , ,

Live Hacking V1.2 Released

August 25, 2010 By

Dr. Ali Jahangiri, the respected security expert and author, is pleased to announce an update to the Live Hacking CD, a Linux distribution designed for ethical computer hacking. The updated Live CD contains the tools and utilities you need to test and hack your own network in the same way a malicious hacker would. New in this version is the metasploit penetration testing framework and a range of IPv6 foot-printing tools.

The metasploit framework, one of the new tools included with this release, can be used to test your network using the frameworks internal database of known weaknesses and exploits.

As the number of available IPv4 addresses decreases more and more organizations are deploying IPv6. Also included in this new release of the Live Hacking CD is the THC-IPV6 tool, a set of tools to attack the inherent protocol weaknesses of IPv6 and ICMP6.

‘The Live Hacking CD has been an outstanding success’ said Dr. Ali Jahangiri. ‘Now with this new updated version we are putting more tools into the hands of IT professionals so they can defend against the malicious activities of cyber criminals.’

Download Live Hacking V1.2 Here.

Filed Under: Ethical Hacking, Live Hacking Tagged With: , , ,

Capsicum: New Sandbox Framework with OS Capability

August 12, 2010 By

Security researchers at University of Cambridge Computer Laboratory released a new sandbox framework.

According to the project website, Capsicum is a lightweight OS capability and sandbox framework developed at the University of Cambridge Computer Laboratory, supported by a grant from Google. Capsicum extends the POSIX API, providing several new OS primitives to support object-capability security on UNIX-like operating systems:

  • capabilities – refined file descriptors with fine-grained rights
  • capability mode – process sandboxes that deny access to global namespaces
  • process descriptors – capability-centric process ID replacement
  • anonymous shared memory objects – an extension to the POSIX shared memory API to support anonymous swap objects associated with file descriptors (capabilities)
  • rtld-elf-cap – modified ELF run-time linker to construct sandboxed applications
  • libcapsicum – library to create and use capabilities and sandboxed components
  • libuserangel – library allowing sandboxed applications or components to interact with user angels, such as Power Boxes.
  • chromium-capsicum – a version of Google’s Chromium web browser that uses capability mode and capabilities to provide effective sandboxing of high-risk web page rendering.

Capsicum has been prototyped on FreeBSD 8.x, and its experimental code is BSD-licensed to encourage open source, research, and commercial deployment.

Find more information about Capsicum here.

Filed Under: Ethical Hacking, Linux, Malware Tagged With: , ,

Mobile Phone Interception at Defcon 18

August 1, 2010 By

Hacker Chris Paget made a live demonstration of mobile phone interception at Defcon 18, hacking conference Saturday at Las Vegas.

In a few minutes of activating Chris Paget IMSI catcher had 30 phones connected to his system. Then, with a few keystrokes, he quickly configured the device to spoof an AT&T cell tower.

With reference to Computerworld report, Paget didn’t record or play back any calls, but he could have. His IMSI catcher can get around cell phone encryption by simply telling the connecting phones to drop encryption.

Cell phone interception is illegal in the U.S. And the U.S. Federal Communications Commission had concern about Paget speak at the conference.

Filed Under: Defcon, Ethical Hacking, Interception, Vulnerability

Black Hat Video Feed Got Hacked

July 30, 2010 By

IBlack Hat ConferenceDG News services reported on July 30 about a security issue in the video streaming service used by the security conference, Black Hat.

Michael Coates, the head of Web security for Mozilla, discovered that he could register an account without providing anything more than an e-mail address, and then use that account on a test login page to access the videos for free.

Read more about this news at Computerworld.

Filed Under: Ethical Hacking, Video, Vulnerability

Critical Vulnerabilities in Chrome 5

July 27, 2010 By

High risk vulnerabilities in Google Chrome forced Google to release a new version.

Google ChromeGoogle just released version 5.0.375.125 of its Internet browser, Chrome. In this version, Google addresses three “high” risk vulnerabilities in its WebKit-based browser. The two of the high risk issues could lead to memory corruption and buffer overflow while SVG handling or rendering code.

Google did not release further information about these vulnerabilities as a security measure to protect Google Chrome users with un-patched browser. All users are encouraged to update to the latest release as soon as possible.

More details about the Chrome 5.0 security update and this release can be found at Google Chrome releases blog.

Filed Under: Chrome, Ethical Hacking, Security, Vulnerability

WPA2 Vulnerability: Hole 196

July 26, 2010 By

AirTight Networks discovered vulnerability in WPA2 protocol. WPA2 protocol uses two keys, the PTK (Pairwise Transient Key), which is unique for every Wi-Fi client and used for unicast traffic, and the GTK (Group Temporal Key) used for broadcasts. The fake and injected data and spoofed MAC addresses can be detected with the PTK, the GTK does not offer this functionality. The security hole was named as Hole 196 after the number of the relevant page in the IEEE 802.11 (2007) standard document.

With reference to AirTight Network website, this vulnerability could be used by an intruder to bypass WPA2 private key encryption and authentication to sniff and decrypt data.

This vulnerability will be demonstrating at the Black Hat Arsenal and at DEFCON18 in a presentation entitled “WPA Too?!” in Las Vegas on July 29th and July 31, 2010 respectively.

This vulnerability is due to a weakness in the standard and it cannot be fixed by an update patch.

Filed Under: Ethical Hacking, Security, Vulnerability, Wireless

Popular Ethical Hacking Book ‘Live Hacking’ Now Available in India With a Special Price

April 3, 2010 By

Live Hacking: The Ultimate Guide to Hacking Techniques & Countermeasures for Ethical Hackers & IT Security Experts is now available in India from ETA NET Serve Pvt. Ltd at half of the international sales price.

Dr. Ali Jahangiri, a world-renowned information security expert, is pleased to announce that his popular ethical hacking book ‘Live Hacking: The Ultimate Guide to Hacking Techniques & Countermeasures for Ethical Hackers & IT Security Experts’ has a new dedicated distributor in India. The book is now available from ETA NET Serve Pvt. Ltd, the publisher of Hakin9 Magazine for India, for only $25 which is half the international sales price.

Live Hacking is a complete guide to the techniques of hacking and is written to instruct and educate IT professionals. It has been a great success via the online store Amazon.com. Although Amazon.com ships world wide, it is primarily targeted to the North America market. To make Live Hacking available to a wider audience in India Dr. Ali Jahangiri has partnered with  ETA NET Serve Pvt. Ltd and lowered the price.

Dr. Jahangiri’s book looks at the principles, theories and practices of hacking and empowers readers to protect themselves from potential threats. The book is truly comprehensive and starts with Basic Hacking Terminology and progresses to look at the different areas of hacking and security including Google Hacking, Password Cracking,  Malware and hacking on Wireless Networks.

‘India has a vibrant and strong community of IT professionals and network administrators with an interest in information security’ said Dr. Jahangiri. ‘I am very pleased to be able to offer this new distribution channel there and cut the price.’

The Live Hacking book also has an accompanying website livehacking.com where you can find a sample chapter on Wireless Networking Hacking and other information about the book including the table of contents and index. Livehacking.com also contains information about other projects in the ‘Live Hacking’ brand including details of the Live Hacking Workshops and the Live Hacking Linux distribution.

Dr Jahangiri runs the Live Hacking Workshops internationally to introduce IT professionals to the world of hacking, while the Live Hacking Linux distribution provides the tools needed to perform penetration tests and ethically hack on your own network to ensure that it is secure from outside intruders.

Filed Under: Book, Ethical Hacking, India, Live Hacking
« Older Posts
Newer Posts »