I’m working now in software branch for construction industry. After years of working together with my customers, I have found out that the IT security at the construction area is not getting enough attention. The world is moving on mobility and automation, people are trying to remotely control all equipment, to make everything working automatically or just to control the work progress. Same things happen to construction field too. We’re planning, developing many products so that we could optimize the workflow, centralize data, minimize risk… at best to save time and money for our customers.
Last week I’ve read small news on c’t magazine saying that the default password of EasyBox router used for Vodafone, Telecom, Arcor in Germany … was hacked by Sebastian Petters. That means if someone is using default settings of EasyBox, you can get his WLAN password easily and then access his network. This default password was generated by a algorithm and this algorithm was patented. Therefore like other patents, the complete description of algorithm was simply exposed on internet (http://www.patent-de.com/20081120/DE102007047320A1.html if you can read German). As you can see the algorithm is pretty simple, it just takes the MAC address of router, makes some computations with base changing, xor,plus… Therefore all we have to do is get the MAC address of victim, make a copy of the algorithm ourselves and then generate the default WLAN password.
On Saturday 06.08 I received an email of Twitter saying that my account was maybe hacked by someone. The content of email starts as below
Twitter believes that your account may have been compromised by a website or service
not associated with Twitter. We’ve reset your password to prevent others from
accessing your account….
I think that is again a spam trying to get my Twitter password. As usual I’ll delete it immediately but fortunately I look at the sender of the email and I’m pretty nervous because it’s real Twitter
From: "Twitter" <email@example.com>;
Some days ago, I heard about a Root CA was attacked and some CAs was faked up which leads to a serious security vulnerabilities that internet users lose their sensible data although they used https:// for communicating to web server. This issue made me think about a case study that “What would happen if a Root CA was controlled by a government ? Will I be attacked by Man-In-The-Middle in https:// ? Can I protect myself from being attacked like that ? Is SSL really secure at all ?”. So I try myself to find the answers for these questions and think that it can be interesting for you.
A normal user may be does not know anything about https:// or HTTP Secure, for example my wife says simply there is one more “s” in compare to http:// and that’s all. My friend says it’s address of website. We must enter correctly with the “s” at the end otherwise we’ll be prompted for wrong URL. They are perfect, innocent answers, aren’t they? As advanced users, we all know that there is a term of “Man-In-The-Middle” attack in which an attacker acts as a repeater and sniffs all transferred data between user and web server. So if we send and receive data in clear text, he can read our sensible data (username, password) and what he would do with this data, only God knows. Therefore a requirement as well as a solution for encrypting data before sending out of internet world was born, that is HTTP Secure.
Hacking WEP Password is not a new topic anymore since aircrack was first released in 2006. This software suite consists of many tools for detecting, analyzing, monitoring network, sniffing packing and hacking WEP / WPA (Dictionary attack) password. It only supports protocol 802.11x Wireless and network adapter with allows raw monitoring mode (a example list of this type of adapter you can find at following link http://www.aircrack-ng.org/doku.php?id=compatibility_drivers#list_of_compatible_adapters).
Monitor mode is one of 6 modes which a 802.11 wireless card can operate in: Ad-hoc, Master (acting as access point) , Mesh, Monitor, Repeater. Unlike promiscuous mode, which is also used for packet sniffing and can be used on both wired and wireless networks, monitor mode allows packets to be captured without having to associate with an access point or ad-hoc network first and only applies to wireless networks. Therefore be careful when choosing network adapter, you must choose the correct one which stands on the support list otherwise you can not sniff packet from victim network. When I mean “correct”, I mean that it must be exactly same as stated in list. In my demo, I’ll use the USB Wireless Network Adapter “Netgear Wg111v2” which costs about 6 Euro on Ebay. You can find the version of this series on the side of USB stick like the image below.
When I was wandering on HVA, I found a thread introducing a guessing game which I discussed on this blog Rx and permutation. If you want to play, you can try it here http://jotto.ciphertechs.com/ . From my side, after 14 times trying to brute force the characters of password, I found out they are “a”, “j”, “m”, “o”, “r” as image below
After calculating all permutations, I found the meaningful permutation is “major” and was greeted with message “Congratulations – you guessed major in 15 attempts” . I look accidentally on the URL of this page http://jotto.ciphertechs.com/cgi-bin/jotto2.pl and saw that the game was written in Perl and a bad thought passed through my head to hack this game to get a better result.