Archive for the ‘Security’ Category

WiFi Jedi to Speak This Wednesday at SDSUG in Phoenix

I know that everyone is awaiting the results of my latest contest, where I am giving away a FREE Copy of the Certified Wireless Technology Specialist (CWTS) Study Guide.  I promise that I will comb through the entries in the next couple of days and post the results.

In the meantime, I did want to publish some time sensitive material.  I will be speaking this Wednesday (#WirelessWednesday) at the Sonoran Desert Security Users Group meeting in Phoenix, Arizona.  I will be presenting on “High Density Wi-Fi – Lessons Learned From Apple’s iPhone Demo”.

The meeting details are below (my presentation is from approximately(9:15 – 10:30 AM).  Feel free to reach out directly if you need additional information.  If you are in the Phoenix area, I hope to see you on Wednesday!

WHAT: SONORAN DESERT SECURITY USERS GROUP
WHEN: WEDNESDAY, AUGUST 18, 2010
TIME: 08:00-16:00
WHERE: JOBING.COM Phoenix Office
4747 N. 22nd Street, Suite 100
Phoenix, AZ 85016

Advertisements

Shmoocon 2011 Announced

The dates for Shmoocon 2011 were recently announced.  The annual East-coast hackers convention will be held January 28th – 30th (Friday, Saturday, Sunday)  2011.

It appears that the convention will take place at a different venue this year, the Washington Hilton Hotel.  As a Platinum Marriott member, I am a little disappointed that it won’t take place at the Wardman Park Marriott as it had in years past.

If I could tell you one thing, it’s that attendance to this event sells out FAST (literally, within minutes), so keep watching the Shmoocon website on dates and times to get your tickets.  You will have to jump on them immediately.  That being said, the majority of the weekend passes are usually available for around $75, so it’s not hard to see why they sell out so fast.

One of the best things about Shmoocon is the high quality speakers they bring in each year.  Speakers that have stuck out to me in the past include Joshua Wright and Simple Nomad.

Besides the quality content, another great reason to attend is that it is FUN.  They have lots of ancillary activities to include a “Hack or Halo” contest (hackers compete in a capture the flag contest and gamers participate in a Halo contest on the XBox 360), as well as an off-site party.

Bottom line, Shmoocon is definitely worth both your time and your money.

Super Tuesday Poll – 802.1X authentication

This was a question that I asked the audience during my presentation at today’s Information Systems Security Association (ISSA) meeting in Phoenix:

Related Posts:

And the winner is…

Andrew vonNagy!

If you haven’t been following along, I ran a contest over the past week for the best wireless pen testing tip or trick.

As promised, I will be pre-ordering a copy of “Wireless Hacking Exposed” for Andrew.

Here was Andrews submission for the contest:

To PenTest WPA2 secured wireless networks, setup a honeypot AP and a Free-RADIUS WPE (wifi pwnage edition by Josh Wright) to harvest EAP/MS-CHAP credential hashes from improperly secured client devices which are not validating the RADIUS server. Then use John the Ripper or similar password cracking tool to crack the user password using a dictionary attack.

If you want more of Andrew’s wisdom, you can also check out his blog, “Revolution Wi-Fi” – It has some quality content.

Related Posts:

Just a Reminder….

I am giving away a FREE copy of “Wireless Hacking Exposed”.  All you have to do is submit a comment to the post about the book stating your favorite wireless pen testing tip or trick.  Technical or non-technical.

I am going to choose the best comment at the close of business tomorrow (July 1st).  There are only two submissions right now, so if you enter with less than 24 hours left, I’d say that you have a decent chance of winning.  🙂

Here are even a few ideas to get you started:

  • What’s your favorite wireless card for pen testing?  Why?
  • What’s the best application / piece of software for wireless pen testing?  Why?
  • What a common myth about wireless security that you can dispel through pen testing?
  • Tell me about your favorite pen testing experience.  (Mine is below….)

Personally, my favorite part of wireless pen testing is social engineering.  For example, one time I was assigned to do a security assessment for an oil & gas company.  I targeted the IT department of the company, figuring the report would hit home if it contained *their* passwords, sensitive data, etc.

The IT department of this company was on the 5th and 6th floors of a multistory building.  Part of the social engineering I utilized was implemented when I checked into my hotel for the project.  You see, the hotel I checked into was in a building adjacent to my customer / target.  When I checked in, I specifically requested a room on the side of the building closest to “ABC Company”, that had a balcony, and was on either the 5th or 6th floor.  Do you think the hotel clerk hesitated one second before they fulfilled my request?  Of course not.

On top of that, when I checked into my room, I set up 2 different computers, each with multiple wireless cards, spectrum analyzers, and external antenna connected to them.  Even to the point where I had a tripod mounted -13.5 dB Yagi antenna with a laser pointer on the balcony pointed at my customer / target company.  The maids came in and out of my room, and if anyone ever said anything, it certainly wasn’t filtered back to me.

Could I still have done the pen test without this?  Yes.  But did having this location make it more convenient to collect packets, circumvent authentication & encryption, redirect/attack wireless clients, etc.?  Of course it did.

FREE Copy of “Wireless Hacking Exposed”

There has been a thread going on the WiFiSec mailing list at SecurityFocus the past couple days about Wi-Fi testing on a Mac.

My friend and colleague, Joshua Wright weighed in with his tremendous expertise with the following post:

Johnny Cache, Vinnie Liu and I are just putting the finishing touches on

Hacking Exposed Wireless, 2nd Edition. It’s available for pre-order on

Amazon, and should be shipping in the middle of July (http://amzn.to/d4D2SU). In this fully-revised book we present step-by-step help for implementing multiple attacks against 802.11, Bluetooth, ZigBee and DECT, with countermeasures for each attack.

Pertinent to this discussion is Johnny’s chapter “Bridging the Airgap on

OS X” where he illustrated an example of compromising a remote OS X box

and leveraging it to attack local wireless networks. In this discussion

he talks about the OS X “airport” utility.

The airport utility is located at

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport.

In 10.6 systems, you can use this tool to initiate a monitor-mode

packet capture saving to a libpcap file, as well as active scanning and

other interesting functions. During a packet capture with the airport

utility, the Airport icon on the task bar will turn into what we decided

is the “Eye of Sauron”.

While Windows Vista and 7 have native monitor-mode support in drivers,

there are no native tools, forcing us to rely on the NetMon package.

Fortunately with OS X, we have the native airport utility.

Some of Johnny’s scripts and tools from this chapter have been put

online at www.hackingexposedwireless.com. I’ll continue to post

materials there this week, as well as the free online chapters providing

in-depth analysis of 802.11, Bluetooth (including attacks against

Simple, Secure Pairing) and RF fundamentals.

–Josh

I can tell you from taking Josh’s Wireless Ethical Hacking, Penetration Testing, and Defenses course through the SANS Institute, that he *definitely* knows his stuff, and therefore, this book is a must read.

I think this book is such a must read, that I am giving away a copy for FREE.  Leave a comment with your best Wi-Fi Pentesting Tip. I’ll choose the best one a week from today (July 1st) and I’ll pre-order this book on your behalf.

2010 GAWN Job Task Analysis Survey‏

WiFiJedi: The note below was emailed to me today.  This is a great vendor-neutral certification.  I filled out the survey.  If you think you fit the requirements, take a few minutes to fill out the survey yourself!

The GIAC Wireless Penetration Testing and Ethical Hacking (GAWN) JTA committee has recommended an updated set of certification objectives, and we are conducting a formal Job Task Analysis. We are seeking Wireless Security subject matter experts to vote on proposed changes and rate the relevance of each certification objective. If you have wireless security background and experience, especially if the experience involves penetration testing your input will be valuable in shaping this certification. Please note that if your background does not include experience with wireless security, we are unable to use your input for the survey at this time. Your name may be listed in the validation report if this certification is submitted for ANSI accreditation. This survey will take an estimated 15 minutes of your time and can be accessed at the link below. The survey will be available through 12:01 AM on 7/1.

https://www.surveymonkey.com/s/GAWN2010JTA

Thank You.

Chris Carboni

GIAC Technical Director

GCIH, GSNA, GCWN, GCFA

Speaking Engagement *Tomorrow* Feb 17th at ASIS Phoenix

For those of you that are local to Phoenix, I will be speaking about wireless networking and security to the Phoenix Chapter of ASIS (American Society of Industrial Security) tomorrow, February 17th.

The meeting is being held at the University Club:

39 E Monte Vista Rd
Phoenix, AZ

It is a lunch meeting with registration starting at 10:45 am. Lunch and networking are before the presentation, which starts at approximately 12 noon. There will be a Q & A session to follow.

About ASIS:

ASIS International, formerly known as the American Society of Industrial Security, is the preeminent organization for security professionals with more than 36,000 members worldwide. Founded in 1955, ASIS International is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programs that address broad security interests. The ASIS Phoenix, AZ Chapter was chartered in January 1958 and today has over 400 members who are active security professionals and represent over 300 companies throughout Arizona. ASIS International has a long standing relationship with the International Association of Chiefs of Police (IACP), and the National Sheriffs’ Association (NSA).

ASIS International, and its chartered chapters also advocate the role and value of the security management profession to business, the media, government entities and the public. It provides members and the security community with access to a full range of certification programs and services, and publishing the industry’s number one magazine Security Management. ASIS leads the way for advanced and improved security performance and is the first of its kind to be awarded the Safety Act Designation from the U.S. Department of Homeland Security.

The ASIS International website is: http://www.asisonline.org/

The Phoenix Chapter website is: http://www.asisphoenix.org/index.html

Xirrus Introduces Advanced RF Security Manager (RSM) for 802.11n Networks

Intelligent Security at the Network Edge Minimizes Risk in Wi-Fi Networks

Thousand Oaks, CA – Xirrus, Inc., the only Wi-Fi “Power-Play” in the industry, announced today its advanced RF Security Manager (RSM) for improving security and minimizing the risk in deploying 802.11n wireless networks. Leveraging an integrated 24/7 threat sensor and hardware-based encryption/decryption in each Array, RSM secures the Wi-Fi network from multiple types of threats. The result delivers uncompromised overall network security with greater flexibility and performance compared to traditional centralized Wi-Fi networks.

Today’s Wi-Fi networks face a number of potential security threats in the form of rogue access points, ad-hoc clients, unauthorized clients, wireless-based attacks, eavesdropping, etc. As 802.11n continues its increased adoption in enterprise networks, the importance of defending against these threats is becoming more critical.

The Xirrus Wi-Fi Array enables the efficient deployment of high performance, maximum security 802.11n networks with a multi-radio design that integrates a dedicated 24/7 threat sensor. With this threat sensor radio scanning all channels in the 2.4GHz and 5GHz spectrums, RSM searches for security threats and automatically mitigates them. Traditional Wi-Fi solutions must time-slice a user servicing radio with the security scan function, compromising the performance of the wireless users and the effectiveness of the security scan.

High performance encryption/decryption in the enterprise Wi-Fi network is a MUST. The Wi-Fi network needs to support each client using the highest level of encryption (WPA2 Enterprise/128 bit AES) and without degrading the overall performance of the network. The Xirrus Wi-Fi Array incorporates hardware-based encryption/decryption into each Array, delivering line-rate encryption at the edge of the network instead of at a choke point within the centralized controller of traditional Wi-Fi solutions.

“RSM provides a simple, scalable security solution that enables any organization to proactively mitigate wireless threats, enforce enterprise policies, and prevent performance problems. It offers the visibility and control over the wireless airspace needed to enable an enterprise to reliably deliver the same standards of security performance and compliance for their wireless networks that they expect from their wired networks,” said Dirk Gates, founder and CEO of Xirrus.

The RSM (RF Security Manager) package includes:

• Wireless IDS/IPS

• Wireless stateful firewall

• Line-rate encryption/decryption

• Security alerts and logging

• User group policies

• Authenticated guest access gateway

• NAC integration

• PCI audit compliance enforcement

RSM is part of a family of functionality packages for the Xirrus Wi-Fi Array, which also includes the RF Performance Manager (RPM) and RF Analysis Manager (RAM). RSM is available now in the Xirrus ArrayOS 4.0.6 software release.

Sign up for your free site survey by visiting us at http://www.xirrus.com/sitesurvey or by calling 800-947-7871.

Are you legally liable for running an open wireless network?

Earlier this week, I read an interesting blog post discussing the legal aspects of whether you should secure your home wireless network or leave it unencrypted.  The post was actually written by a good friend of mine, Aamir Lakhani, who blogs at http://www.assassin711.com and micro-blogs on Twitter @Assassin711.

I wrote a blog post about it over at Computerworld, including my opinion on running open wireless networks.

http://blogs.computerworld.com/legal_aspects_of_running_an_open_wireless_network

Read it.  Digg it.  Comment on it.

Or comment on it here… What do YOU think? Should people secure their home wireless networks? Why or why not?  Should people be concerned about their data ?

Advertisements