Attending a Conference? There’s an App for That!

Posted July 3, 2010
Filed under: Industry Events, Video | Tags: , , , ,
* Comments (1)

I just published a post on my Computerworld blog about how conferences and tradeshows of the future are incorporating more mobile and wireless technologies to provide attendees more value than ever before.

In that post, you’ll find out how cutting edge events are:

  • Extending the battery life of your mobile devices
  • Using high density Wi-Fi networks to offload bandwidth demands from cellular networks
  • Leveraging video as a way for attendees to connect & share

As a preview to that post, check out the 2 minute video I created about an iPhone app created specifically for one such  event, the Forrester IT Forum:

And the winner is…

Posted July 2, 2010
Filed under: Security, Wireless Security | Tags: , , ,
* Comments (3)

Andrew vonNagy!

If you haven’t been following along, I ran a contest over the past week for the best wireless pen testing tip or trick.

As promised, I will be pre-ordering a copy of “Wireless Hacking Exposed” for Andrew.

Here was Andrews submission for the contest:

To PenTest WPA2 secured wireless networks, setup a honeypot AP and a Free-RADIUS WPE (wifi pwnage edition by Josh Wright) to harvest EAP/MS-CHAP credential hashes from improperly secured client devices which are not validating the RADIUS server. Then use John the Ripper or similar password cracking tool to crack the user password using a dictionary attack.

If you want more of Andrew’s wisdom, you can also check out his blog, “Revolution Wi-Fi” – It has some quality content.

Related Posts:

Just a Reminder….

Posted June 30, 2010
Filed under: blogging, Security, WIDS / WIPS, Wireless Security | Tags: , , , ,
* Comments (2)

I am giving away a FREE copy of “Wireless Hacking Exposed”.  All you have to do is submit a comment to the post about the book stating your favorite wireless pen testing tip or trick.  Technical or non-technical.

I am going to choose the best comment at the close of business tomorrow (July 1st).  There are only two submissions right now, so if you enter with less than 24 hours left, I’d say that you have a decent chance of winning.  🙂

Here are even a few ideas to get you started:

  • What’s your favorite wireless card for pen testing?  Why?
  • What’s the best application / piece of software for wireless pen testing?  Why?
  • What a common myth about wireless security that you can dispel through pen testing?
  • Tell me about your favorite pen testing experience.  (Mine is below….)

Personally, my favorite part of wireless pen testing is social engineering.  For example, one time I was assigned to do a security assessment for an oil & gas company.  I targeted the IT department of the company, figuring the report would hit home if it contained *their* passwords, sensitive data, etc.

The IT department of this company was on the 5th and 6th floors of a multistory building.  Part of the social engineering I utilized was implemented when I checked into my hotel for the project.  You see, the hotel I checked into was in a building adjacent to my customer / target.  When I checked in, I specifically requested a room on the side of the building closest to “ABC Company”, that had a balcony, and was on either the 5th or 6th floor.  Do you think the hotel clerk hesitated one second before they fulfilled my request?  Of course not.

On top of that, when I checked into my room, I set up 2 different computers, each with multiple wireless cards, spectrum analyzers, and external antenna connected to them.  Even to the point where I had a tripod mounted -13.5 dB Yagi antenna with a laser pointer on the balcony pointed at my customer / target company.  The maids came in and out of my room, and if anyone ever said anything, it certainly wasn’t filtered back to me.

Could I still have done the pen test without this?  Yes.  But did having this location make it more convenient to collect packets, circumvent authentication & encryption, redirect/attack wireless clients, etc.?  Of course it did.

FREE Copy of “Wireless Hacking Exposed”

Posted June 24, 2010
Filed under: Book Review, Penetration Testing, Security, Wireless Security | Tags: , , , , , ,
* Comments (5)

There has been a thread going on the WiFiSec mailing list at SecurityFocus the past couple days about Wi-Fi testing on a Mac.

My friend and colleague, Joshua Wright weighed in with his tremendous expertise with the following post:

Johnny Cache, Vinnie Liu and I are just putting the finishing touches on

Hacking Exposed Wireless, 2nd Edition. It’s available for pre-order on

Amazon, and should be shipping in the middle of July (http://amzn.to/d4D2SU). In this fully-revised book we present step-by-step help for implementing multiple attacks against 802.11, Bluetooth, ZigBee and DECT, with countermeasures for each attack.

Pertinent to this discussion is Johnny’s chapter “Bridging the Airgap on

OS X” where he illustrated an example of compromising a remote OS X box

and leveraging it to attack local wireless networks. In this discussion

he talks about the OS X “airport” utility.

The airport utility is located at

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport.

In 10.6 systems, you can use this tool to initiate a monitor-mode

packet capture saving to a libpcap file, as well as active scanning and

other interesting functions. During a packet capture with the airport

utility, the Airport icon on the task bar will turn into what we decided

is the “Eye of Sauron”.

While Windows Vista and 7 have native monitor-mode support in drivers,

there are no native tools, forcing us to rely on the NetMon package.

Fortunately with OS X, we have the native airport utility.

Some of Johnny’s scripts and tools from this chapter have been put

online at www.hackingexposedwireless.com. I’ll continue to post

materials there this week, as well as the free online chapters providing

in-depth analysis of 802.11, Bluetooth (including attacks against

Simple, Secure Pairing) and RF fundamentals.

–Josh

I can tell you from taking Josh’s Wireless Ethical Hacking, Penetration Testing, and Defenses course through the SANS Institute, that he *definitely* knows his stuff, and therefore, this book is a must read.

I think this book is such a must read, that I am giving away a copy for FREE.  Leave a comment with your best Wi-Fi Pentesting Tip. I’ll choose the best one a week from today (July 1st) and I’ll pre-order this book on your behalf.

2010 GAWN Job Task Analysis Survey‏

Posted June 18, 2010
Filed under: Professional Development, Security, Wireless Security | Tags: , , ,
* Leave a Comment

WiFiJedi: The note below was emailed to me today.  This is a great vendor-neutral certification.  I filled out the survey.  If you think you fit the requirements, take a few minutes to fill out the survey yourself!

The GIAC Wireless Penetration Testing and Ethical Hacking (GAWN) JTA committee has recommended an updated set of certification objectives, and we are conducting a formal Job Task Analysis. We are seeking Wireless Security subject matter experts to vote on proposed changes and rate the relevance of each certification objective. If you have wireless security background and experience, especially if the experience involves penetration testing your input will be valuable in shaping this certification. Please note that if your background does not include experience with wireless security, we are unable to use your input for the survey at this time. Your name may be listed in the validation report if this certification is submitted for ANSI accreditation. This survey will take an estimated 15 minutes of your time and can be accessed at the link below. The survey will be available through 12:01 AM on 7/1.

https://www.surveymonkey.com/s/GAWN2010JTA

Thank You.

Chris Carboni

GIAC Technical Director

GCIH, GSNA, GCWN, GCFA

Subscribe to WiFiJedi.com Today!

Posted June 14, 2010
Filed under: blogging, General | Tags: , , ,
* Leave a Comment

Can’t get enough information about wireless networking & security?  Instead of searching for the right information, how would you like it to come to you?

I recently added a new widget to my blog site that allows you to subscribe by e-mail, which means that new posts would automatically show up in your inbox.  How cool is that?

Simply type your email addy into the box along the left hand side of the page.  As an example, I highlighted the applicable section with a red box in the graphic associated with this post.

Alternatively, if you like to follow lots of blogs, you can subscribe to WiFiJedi.com through RSS.    RSS stands for Really Simple Syndication, which places a “feed” of updates from a particular website into your RSS reader.

Xirrus Adds Senior Sales Executive From Juniper Networks

Posted June 10, 2010
Filed under: WLAN Vendors, Xirrus | Tags: , , , ,
* Leave a Comment

Hayley Tabor Joins Xirrus to Rapidly Expand Global Footprint and Open New Routes to the Enterprise

Xirrus®, the leader in high performance Wi-Fi, announced today that Hayley Tabor, former senior vice president of U.S. enterprise sales at Juniper Networks®, has joined the Xirrus team as vice president of the company’s worldwide sales. Tabor brings to Xirrus an extensive global network of CIOs and major system integrators with whom she has been doing business for more than 20 years. She will be responsible for adding new professionals to the Xirrus sales team to open up new geographies and routes for the company into the enterprise.

While at Juniper, Tabor built out a highly effective sales coverage and vertical market model to drive aggressive growth through the channel and increased market share across the enterprise.

“From day one, my vision for Xirrus has been to become the ‘Juniper Networks of Wi-Fi,’ delivering the highest performing, highest capacity Wi-Fi architecture to the enterprise and to stake out the high ground against Cisco® and other legacy overlay architectures,” said Dirk Gates, CEO and founder of Xirrus, Inc. “By adding a seasoned executive like Hayley to the team – who knows how to sell performance and build high performance teams – we will supercharge our already remarkable growth rate by leveraging her skills, network, and her proven ability to deliver high growth, open new markets, and find innovative routes to the enterprise.”

“It is a remarkable opportunity to join a company that has grown as fast as Xirrus in recent years and has achieved such an intense and passionate customer following,” said Tabor. “It’s clear to me that only Xirrus was focused on solving the Wi-Fi performance problem for the enterprise. Coming from the switching world, as I looked at the competitors in the Wi-Fi market, I saw that only the Xirrus architecture puts both intelligence and more radios at the edge, closer to the user, thereby closing the gap between Wi-Fi and enterprise switching. When you have an innovative architecture like Xirrus with power and value 3X to 5X greater than anything else in the industry, I truly believe we’re in a great position to make substantial gains on the industry and in our own revenue.”

Previously, Tabor held progressively senior positions at CA focused on the large enterprise including; Canadian country manager, senior vice president of sales for the western U.S., and senior vice president & general manager of Europe, Middle East and Africa.

Wi-Fi is Only For the Young! (Wi-Fi Busters)

Posted June 8, 2010
Filed under: Social Media, Wi-Fi Busters, Xirrus | Tags: , , , ,
* Comments (2)

Only young people use Wi-Fi.  It certainly isn’t a technology that older people use.  Or is it?!?

This is the topic that is explored in this short, yet informative & fun video about wireless.  Enjoy!

Related Posts:

Do you need a job?

Posted June 6, 2010
Filed under: WLAN Vendors, Xirrus | Tags: , , , , , ,
* Leave a Comment

Xirrus is hiring! We are always looking for talented people to join our team.  In this particular case, our Chief Development Officer reached out to a few of us within the company asking for our help finding the right candidate for a Test Engineer position within our SQA department.  I thought it would be awesome to reach out through my blog to see if there were any readers that were interested!

Here are the job details as far as I know them:

Senior SQA Engineer

The Senior SQA Engineer is responsible for testing and qualifying the Xirrus Array software product line. This person should be proficient in wired and wireless network related protocols as well as extensive knowledge of the SQA process. They should also have extensive knowledge and experience with Linux and Windows environments.

Responsibilities:

  • Responsible for system testing of the software as it relates to particular Array platforms.
  • Responsible to execute test plans based on developing and changing product specifications
  • Responsible for working with design and development teams to debug complex problems
  • Responsible for Regression test and test automation
  • Responsible for establishing and building test beds
  • Responsible for working with cross-functional teams

Requirements:

  • Must have 5+ years of hands on experience in testing networking products
  • Must have some scripting experience
  • Must have strong experience in testing L2/L3 protocols
  • Must have strong experience in testing of 802.11a/b/g/n, 802.11i, 802.11d+h
  • Must have ability to be a productive and flexible team member in an extremely fast paced engineering environment
  • Must have strong troubleshooting skills
  • Must be able to work independently without significant guidance
  • Must have good communication skills
  • Must have extensive experience with Linux and Windows based operating systems

Desired Skills:

  • Knowledge of Veriwave
  • Knowledge of packet generation tools
  • Knowledge of Wireshark and Wildpackets (Omnipeek)
  • Knowledge of Spectrum Analysis tools such as Airmagnet and Wi-Spy

Education:

  • BSEE, BSCS or equivalent required

If you are interested, you should definitely send your resume to resumes <at> xirrus <dot> com.   Please also send me a head’s up at douglas <dot> haider <at> xirrus <dot> com.

You can find information about all of Xirrus’ job listings on their Careers page at http://www.xirrus.com/company/careers.php

Mojo – Book Review

Posted June 3, 2010
Filed under: Book Review | Tags: , , , , , ,
* Comments (1)

Fundamentally, this book was about living a life with happiness and purpose.

There were a couple powerful ideas that I took away from this book.  One was that “we continue doing what we’re doing even when we no longer want to do it”.

This is slightly different, although roughly similar to the theme of Marshall’s other book “What Got You Here Won’t Get You There”.  What we need to STOP doing is just as important as what we need to START doing.  Similar theories have been espoused in business articles from Jim Collins and by Seth Godin in his book, “The Dip”.

In “Mojo”, this particular point is best illustrated by one key sentence: “The most reliable predictor of what you will be doing five minutes from now is what you are doing now“.  Simple, yet extremely insightful, in my opinion.

This book is more than theory though.  It goes on to show how to practically evaluate all your daily activities to figure out which ones are worth continuing and which ones you should stop.  The framework is a “Mojo Scorecard” and there are example cards in both the book and on the accompanying website.

I don’t want to spoil it here, but my other key take away (and favorite part of the book) was the Coda.  It is at the end (starting on page 183 of the hardcover edition).  It is only two pages long.  It’s titled “You Go First” and has one of the most important life lessons I have ever read, especially for parents.  If I could urge you do one thing, it would be to go to your local library or bookstore and read the Coda.

« Older Entries
Newer Entries »