Geekhacks

gallery/logo 2

How to hack facebook account

How to find others IP address


Wi-Fi Pineapple/Karma attack

There is a twist on standard rogue access points. Now an attacker can just answer yes to these probe requests and any devices nearby will automatically connect if there is no encryption. So if you leave open Wi-Fi networks saved on your device you are susceptible to this attack.


WPA2-Personal problems

Pre shared keys are fine for home use if only you know the password, however the security of the network depends on the privacy of that password so should be considered unencrypted if it is widely known.

The hash of the key can be recovered from every authentication to the network, and taken away for offline attack. This can be achieved using brute force with a password list. Your average gaming PC can try over 100 thousand combinations per second.

Rainbow tables are large lists of hashes which can be generated and used by an attacker to make password cracking faster. But the hashes are salted, which is the process of adding extra information to the password so that once cracked that hash isn’t known on all systems.

In this case the extra information is theService Set Identifier (SSID) so you’ll need one table for each network name. There are sets which are freely downloadable for the most popular ones, so leaving your Wi-Fi name as the manufacturer’s name probably isn’t the best idea.

But then if you make your network name unique then an attacker can find out the location if it’s in a database. So something rare but not unique might be best.


WPA2-Enterprise problems

 

 

 

 

 

 

 

 

 



 

 

 

 

Diagram showing the conversation between a laptop and a wireless access point. First the laptop asks to connect, the access point then sends a certificate, finally the laptop sends the user's password to the access point. The attacker says thanks!

As well as the ‘man in the middle’ attacks there’s an attack that is specific to enterprise Wi-Fi. The attacker can pretend to be the legitimate access point and authentication server. If the user or device doesn’t check the certificate properly then the user’s credentials can be stolen.

When an organisation is implementing a WPA2-Enterprise Wi-Fi network it can be tempting to use their existing credential store such as active directory. This can be a real problem as an attacker could use those stolen credentials to get into any services that use that same credential store. External services such as webmail and VPN are especially vulnerable or those credentials could be used as part of a more sophisticated attack.

Although it is only the hash that is stolen there are cloud services that will break any hash in less than 24 hours for a small fee.

Privileged network access using credentials should be avoided where possible as if they get stolen the attacker has an easy way to connect to the inside network.

gallery/wpa2-enterprise-problems-gov.uk-size-image-e1465307811630-620x273
gallery/1200px-tor-logo-2011-flat.svg_-300x181
The Tor Project develops the Tor browser, a multi-platform Web viewer that relies on passing through a series of encrypted tunnels to and between Tor routers that are run by volunteers and organizations around the world. Each session, which lasts about 10 minutes, creates a “circuit” through a randomly selected set of routers. No router knows about anything except the immediately previous and successive connections. Encryption established by the originating browser prevents any snooper learning more about the full pathway. It’s effectively a series of anonymized VPN tunnels. PRIVATE I Examining privacy and security in the world of Apple Anonymous browsing with Tor reduces exposure but still has risks In an age of tracking by governments, ad networks, and criminals, trying to break free of observation is a worthy goal. Credit: MIT News Glenn Fleishman Jan 17, 2017 4:00 AM You can be tracked and have your data intercepted from many angles, by legitimate and illegitimate actors alike: governments, criminals, personal enemies, corporate spies, children without moral compasses, you name it. Many techniques let you encrypt and shield your data at rest, on your devices and on remote servers, and in transit. But there’s one problem with all the shields you can put up: when you need to use to use a website, you’re giving yourself away, whether it’s from your current location or via a virtual private network (VPN) service that encrypts your request out to a data server location from whence it issues. Tracking which sites you visit or observing VPN end points can reveal a lot, even if the contents of sessions can’t be determined. And websites and VPNs can be blocked, as activists and average citizens in many countries have discovered. There’s a way around this. Anonymous browsing promises some of the benefits of evading tracking from marketers, criminals, and spies, while also giving you access to information you need. It doesn’t work for every website and comes with a long list of provisos. However, it’s extremely easy to set up and use, and even the workarounds in countries that attempt to block anonymous browsing aren’t yet onerous. (This column is part of an ongoing series on ways to protect yourself as if you suddenly found you were a dissident in the country in which you lived. Previous columns deal with passwords, where data is stored, protecting data in transit, and other topics.) Use the Tor browser IDG Each Tor session creates a “circuit” through intermediate routers, none of which knows the full path. privatei tor network circuit The Tor Project develops the Tor browser, a multi-platform Web viewer that relies on passing through a series of encrypted tunnels to and between Tor routers that are run by volunteers and organizations around the world. Each session, which lasts about 10 minutes, creates a “circuit” through a randomly selected set of routers. No router knows about anything except the immediately previous and successive connections. Encryption established by the originating browser prevents any snooper learning more about the full pathway. It’s effectively a series of anonymized VPN tunnels. DealPosts $10 off TP-Link AC1200 Wi-Fi Range Extender Powerline Edition – Deal Alert 22% off APC Back-UPS 600VA 7-outlet Uninterruptible Power Supply (UPS) with USB Charging Port – Deal Alert 58% off LOOP Worldwide Travel Adapter with Dual USB Charging Ports – Deal Alert The Tor browser, which is built as a modified version of the Mozilla Foundation’s Firefox, enables a number of features by default, including always-on private browsing mode. But it has its own privacy and security settings, reachable via a green onion icon in the toolbar. (Tor’s name once stood for The Onion Router, referring to a technical definition of onion.) In these enhanced settings, the Tor browser’s sets several options by default to make you less easy to track using well-known techniques that can uniquely identify a browser by installed fonts, browser version, platform information, and other data a statistically significant percentage of the time. You can bump up a protection slider higher than the default, reducing the odds of being characterized uniquely, and making it harder for a remote party to have potential pathways for malware. Tor doesn’t solve all problems. The project notes that someone observing both a website’s traffic and your computer could infer that a given session is related to your usage; that’s a government-scale form of activity, which could be pinpointed against an individual or could be a country-wide strategy to track as much Tor use as possible. However, that only works reliably for websites that an observer can monitor to match the timing of requests. And if you log in or enter identifying details at the site you’re browsing, well, you’re maybe defeating the purpose of anonymization, although you still get the general benefits of privacy and a lack of tracking. The browser is free and requires no manual configuration to install and set up. You’re asked the first time you launch the Tor browser whether your Internet service provider (ISP) blocks connections to the Tor network or not. If so, you may need to go through additional hoops, which Tor documents thoroughly. End points identified by their Internet protocol (IP) number exist worldwide and change constantly, and obfuscating protocols allow using these “bridges” to bypass local blocking. Because of how iOS lets apps access networks and settings, there’s no official Tor browser for the iPhone and iPad yet. The Tor Project recommends the third-party Onion Browser, although it’s not as full featured as desktop versions. In a recent blog post, the project described work underway that might improve Tor browsing in iOS.