The Political Hackonomist

ramblings about hacktivism, privacy, in/security and open source stuff. oh, and politics sometimes...

Skype Security Problem Allows "Silent Calls" and Links Bittorrent Users to Skype Accounts

Posted by Stefan • Tuesday, November 1. 2011 • Category: InSecurity
As www.torrentfreak.com writes (original research paper included there) researchers proved that it is possible to call Skype users (even those who aren't on your contact list) without those users noticing. By using firewall rules they can initiate a call but the Skype client on the callee's side won't ring or otherwise show any activity. Furthermore they prove, that the obtained IP address can be linked to public data from BitTorrent trackers to link the respective Skype account to downloads via BitTorrent. As the researchers write, they tried to disclose the security hole responsibly and informed Skype about the problem months ago, but Skype did not do anything about it, so they went public.

Rescuing your DSL password from a Beetel 220BX ADSL2+ Modem

Posted by Stefan • Saturday, October 24. 2009 • Category: InSecurity
In case it helps anybody...

If you don't know the DSL password which connects your Beetel 220BX to the ISP network (Airtel in India does never provide it to the customers, they'd rather send a guy to enter it by hand...), but the router still functions, you can get the passwords even though you only see ******** in the web-interface. It's really easy:

1. Connect to the router IP with telnet (user: admin, password is the same as for the web-interface)
2. Go to Management (press 9)
3. Go to Settings (press 1)
3. Dump settings (press 3)
4. Look for the line that starts with: ppp_conId1 userName="***********_dsl@airtelbroadband.in" password="cGFzc3dvcmQ=" ....
5. Copy and paste the value of password into a base64 decoder (locally or i.e. you can use an online decoder, such as here: http://www.opinionatedgeek.com/dotnet/tools/Base64Decode/)
6. Congrats, you now have your DSL password which Airtel wouldn't tell you ;)

Robocop auf russisch

Posted by Stefan • Sunday, March 23. 2008 • Category: InSecurity
Einfach nur lustig, dieses Spiegel-TV Video.

Skandal: China hält sich nicht an deutsches Hackerwerkzeug - Verbot

Posted by Stefan • Sunday, August 26. 2007 • Category: InSecurity
Tja, da haben wir den Salat...

Wie eigentlich alle möglichen deutschen Medien gerade berichten, wurde die deutsche Regierung (inkl. des Kanzleramts) Opfer einer mutmaßlichen Virenattacke von mutmaßlichen Chinesen. Aber SSchäuble sei Dank - Alle Angriffe konnten erfolgreich abgewehrt werden, oder etwa doch nicht?



Continue reading "Skandal: China hält sich nicht an deutsches Hackerwerkzeug - Verbot"

Aircrack-ptw - WEP is deader than dead!

Posted by Stefan • Wednesday, April 18. 2007 • Category: InSecurity
A week ago I ran into a new tool for WEP-cracking that promised to achieve results in a fraction of the time compared to i.e. "aircrack-ng". This - of course - drew my attention... Unfortunately due to time constraints I wasn't able to attend the author's talk at the Easterhegg 2007, but their website provides the program itself and also all the necessary info (and - fortunately - there is also an gentoo ebuild in portage already). So, after emerging aircrack-ptw (which currently is in ~x86), I gave it a shot, and I was deeply impressed: using arp-injection to generate more trafficI was able to sniff about 45.000 packets in 4mins, and as soon as I had those, aircrack-ptw was able to compute the WEP key in a matter of seconds!!!

This is awesome...

Props go out to: Erik Tews, Andrei Pychkine and Ralf-Philipp Weinmann. See their website for more info.
If you understand german, you might also want to check out the latest Chaosradio Express episode where Tim and Erik talk about aircrack-ptw.

Patching hostap drivers for packet-injection

Posted by Stefan • Tuesday, April 17. 2007 • Category: InSecurity
Most of the more advanced techniques to crack wireless networks use packet-injection, either to produce more traffic in case of WEP cracking (replay attacks ) or to de-authenticate a connected client (in order to sniff the re-authentication handshake for WPA-PSK cracking).

In any case, the stock hostap driver doesn't allow you to inject packets, so I had to patch it.
You can get the patches here. Be sure to pick the right one for your card/driver. I used the hostap-kernel-2.6.18.patch which also works on my 2.6.19-beyond2 kernel. After applying the patch to the kernel sources, i did a make && make modules_install and rebooted the box. After that, injection worked great, but my card seemed to pick up much less traffic than before :(

When running kismet before, within seconds i could see dozens of wireless networks, but now only once in a while a new network appeared on the screen. Since the injection itself worked, I was quite sure I applied the patch correctly. After some research, I learnt that the injection patch can lead to problems if you use firmware that is rather old (although no precise version number for what is "too old" was mentioned anywhere).

Read my post here on how to upgrade the firmware on prism2/2.5/3 cards.

BlueSniper

Posted by Stefan • Monday, March 14. 2005 • Category: InSecurity
Hehe, da haben sich ein paar Jungs mal wieder richtig Mühe gegeben und was lustiges gebastelt...

Für Pazifisten wie mich mutet es allerdings seltsam an, dass "Rifle" (dt.: Gewehr) im Titel nicht von ungefährt kommt: haben sie doch tatsächlich den Schaft eines Luger(TM)-Gewehres gekauft und darin einen Mini-Computer (mit Embedded Linux) und als "Lauf" eine Yagi Antenne verbaut.

Dennoch, schießen tut das Ding ja nicht, ob es gefährlich ist oder nicht kommt wohl darauf an was man damit vorhat. Mit einer Reichweite von angeblich 1km kann man damit schon ordentlich Unfug treiben.

Die ganze Story über das BT-Sniper-Rifle (externer Link)
(Page 1 of 1, totaling 7 entries)