Erik Tews and Martin Beck of TU-Darmstadt, Germany (Both contributors to aircrack-ng)
yesterday released the first published work on cracking WPA encryption in less then 15
minutes without the use of brute-force or dictionary based attacks in a paper titled
Practical attacks against WEP and WPA

From: dl.aircrack-ng.org

In this paper, we describe two attacks on IEEE 802.11 based wireless
LANs[2]. The first attack is an improved key recovery attack on WEP,
which reduces the average number of packets an attacker has to intercept
to recover the secret key. The second attack is (according to our know-
ledge) the first practical attack on WPA secured wireless networks, besides
launching a dictionary attack when a weak pre shared key (PSK) is used.
The attack works if the network is using TKIP to encrypt the traffic. An
attacker, who has about 12-15 minutes access to the network is then able
to decrypt an ARP request or response and send 7 packets with custom
content to network.

See the full paper at dl.aircrack-ng.org

LanTopolog is a freeware application that provides physical network topology discovery, visualization and monitoring.

- Automatic physical network topology discovery based on SNMP
- Provide detailed and searchable physical network topology map so
you can quickly isolate network connectivity failures
- Topology views show which network devices are connected to each
switch port; port connections are labeled with port numbers
- Ability to auto-discovery new devices at they are added to your network
- LanTopolog also includes network monitoring tools
- Monitoring device's state (active/inactive) in real-time using ICMP
- Generating alarms when there are failures in the network.
- E-mail alerts notifying
- Web browser-based access from anywhere in the network

See more at http://lantopolog.googlepages.com/

I'll be hosting a public wireless security discussion and demo OCT 18th at 3PM at 61 East Main St in bristol,ct (old clock factory). Any one interested is welcome to attend:

The wireless security forum will attempt to foster discussion surrounding wireless security attack vectors, security methodology, and tools. The goal of the forum is to facilitate the open exchange of knowledge related to wireless security between attendees. During the forum the following methods, vectors, and tools may be discussed.

An issue with ESX/ESXi 3.5 Update 2 causes the product license to expire on August 12, 2008. VMware engineering has isolated the root cause of this issue and will reissue the various upgrade media including the ESX 3.5 Update 2 ISO, ESXi 3.5 Update 2 ISO, ESX 3.5 Update 2 upgrade tar and zip files by noon, PST on August 13. These will be available from the page: http://www.vmware.com/download/vi. Until then, VMware advises against upgrading to ESX/ESXi 3.5 Update 2.

For more information see: http://kb2.vmware.com/kb/1006716.html

Steve Friedl at Unixwiz.net has done a fantastic job designing a full explanation of how DNS works and why it's vulnerable to kaminsky's flaw

From unixwiz.net:
"The big security news of Summer 2008 has been Dan Kaminsky's discovery of a serious vulnerability in DNS. This vulnerability could allow an attacker to redirect network clients to alternate servers of his own choosing, presumably for ill ends.

This all led to a mad dash to patch DNS servers worldwide, and though there have been many writeups of just how the vulnerability manifests itself, we felt the need for one in far more detail. Hence, one of our Illustrated Guides. This paper covers how DNS works: first at a high level, then by picking apart an individual packet exchange field by field. Next, we'll use this knowledge to see how weaknesses in common implementations can lead to cache poisoning. By fully understanding the issues at play, the reader may be better equipped to mitigate the risks in his or her own environment. We hope everybody who runs a DNS server patches soon. "

See the whole article at: http://www.unixwiz.net

Note: The following article is a repost from the Matasano Blog from google cache (http://tinyurl.com/5qkjco) which was apparently pulled.

While recently remotely troubleshooting an email problem, I found messages being rejected due to a 452 insufficient system storage error. When I examined the email server I found no such storage issue existed, and eventually involved Microsoft (Exchange) to help diagnose the issue. After hours of work MS gave up. Eventually, I found that if telnet’d locally into the mail server I didn’t get the error, but did if I was connecting in from the net. After quizzing the client as to what’s plugged into what, regarding there infrastructure, The client explained that there previous vendor had left a mysterious white box connected between there network and the internet. Ah Ha, a Linux based firewall was setup in line and just happened to be performing transparent spam filtering, when the device ran out of hard drive space the error manifested.

After going though these steps I realize transparent filtering devices are becoming more and more common, and so searched and found a great tool to quickly detect and trace out TCP connections. Welcome to tracetcp

Think Vista's secure? Think again.

According to a recent computer world article "...58,000 PCs running Vista were compromised by at least one piece of malware over the six months to May 2008, equivalent to 27 percent of all Vista machines probed. Vista made up 12.6 percent, or 190,692, of the 1,513,502 machines running Windows in the user base."

For more info see: computerworld.com.au

iPhone modifcations - This list will be updated as new mods are made public

---

1. Install SSHD & Apache: See natetrue.com, or ifastnet.com (easier)

2. Laptop Tethering: From cre.ations.net

3. Custom Ring Tones: Easy Mac instructions or harder windows instructions

4. Change the iPhone's icons: From:hacktheiphone.com

5. Use the iPhone without activation: DVD Jon's activation crack

6. VNC from your iPhone:WinVNC/WebVNC for windows or AjaxVNC for OSX

7. Access Field Test Mode: Enter *3001#12345#* then hit call.

8. Nintendo emulator for Apple's iPhone

9. Instructions to unlock the phone and use it with a provider other then at&t here or here

10. Simple gui app to unlock the iPhone anySIM from the Iphone Dev Team

11. Installer.app is a UIKit based package manager for the iPhone. It works by downloading packages over WiFi (wireless networking) or EDGE. It supports installing, updating and uninstalling applications from multiple sources.

12. SummerBoard is an extension to the iPhone's SpringBoard user experience. SummerBoard adds a variety of useful and fun features to your iPhone, including scrolling icons, wallpaper and themes.

13. HD Moore to develop Metasploit frame work for the iPhone. .

According to various sources, ebay was compromised at 6am PDT. The attacker or attackers began posting user information directly to eBay forums including users name, address, phone, and complete credit card info. For more information see: PLMK.COM. To check and see if your information was disclosed see shenemanfamily.com which has posted a list of all the ID's of the accounts that were listed.

---

As PLMK authors note It beggars belief that eBay took over an hour and a half to close down the board completely!