WPA2 Hole196 Vulnerability

WPA2, perceived as the most solid Wi-Fi security protocol, is widely used by enterprises for securing their Wi-Fi networks. But security researchers at AirTight have uncovered a vulnerability called “Hole196″ in the WPA2 security protocol that exposes WPA2-secured Wi-Fi networks to malicious insiders. Exploiting the vulnerability, an insider can bypass WPA2 private key encryption and authentication to sniff and decrypt data from other authorized users as well as scan their Wi-Fi devices for vulnerabilities, install malware and possibly compromise those Wi-Fi devices. AirTight researcher, Md. Sohail Ahmad, will be demonstrating this vulnerability at the Black Hat Arsenal and at DEFCON18 in a presentation entitled “WPA Too?!” in Las Vegas on July 29th and July 31th respectively.

http://www.thedomz.com/2010/05/generate-invisible-window-boost-pages/

SMobile has released a detailed report on research indicating that smartphone users are just as susceptible to man-in-the-middle (MITM) attacks as PC users. This report details the results of attempts to produce MITM attacks to determine whether it is possible to intercept SSL encrypted communications between various smartphone devices and servers. Of the devices that were tested, each of the major smartphone operating systems appeared to lack the ability to natively detect and defend against MITM attacks, allowing the testing team to intercept sensitive information that should have been encrypted via SSL.

Paper can be downloaded here:
http://threatcenter.smobilesystems.com/?page_id=1331

thanks to MAYANK

This version focus on more effective rainbow table file format. New features:

* New compact rainbow table file format (.rtc) reduce rainbow table size by 50% to 56.25%
* New rt2rtc utility convert rainbow table from raw file format (.rt) to compact file format (.rtc)
* New rtc2rt utility convert rainbow table from compact file format (.rtc) to raw file format (.rt)
* The rcrack/rcrack_cuda program support both .rt and .rtc rainbow table file format
* Conversion from non-perfect to perfect rainbow table is supported by rt2rtc utility

Smaller rainbow table significantly improve table lookup performance!

Links:

phpbb Home Page

Details of Attack

Password Frequency Analysis

Happy Hacking!

HTTP (not possible anymore due to high bandwidth usage)

Torrent

Credits:

HTTP Download from here (Broken Links?)
Church of Wifi
and The Shmoo Group for the previous Hosting of the torrent.

Then visit the site linked at the bottom of the page, or click here

That looks like phishing to me… Very simple attempt…

But could be effective if indeed it IS phishing…

To test it out, someone could perhaps create a “super” jailed ssh account on a system to perhaps see if someone attempts to login using those parameters… Someone wants to attempt it, and report back?

GSM Researcher stopped at Heathrow Airport by UK government officials