Sunday, March 31, 2013

Black Ubuntu vs. Backtrack

It would seem that there is a debate on whether it is better to use Black Ubuntu installed on a "rooted" Android device rather than use the Kali Linux version of Backtrack Linux.

Friday, March 29, 2013

Backtrack aircrack Android

Install Backtrack/Kali Linux on an Android tablet.

The details are on my website.

Run the Metasploit Framework on an ARM-based device,  or even a TI OMAP 4430 or an Nvidia Tegra 3 processor.

Wednesday, March 27, 2013

A day in the life of the internet hacked and mapped

 Guardian 27 March 2013

This has nothing to do with "Hacking" - it is just the same thing that Google did when it mapped" WiFi hotspots when it was doing its Streetview drive-by.

I think the article is now to do with data-mapping. This is not what the commenters on the blog picked up on.

WiFi hotspots (routers in the article) can be "seen" regardless of whether they are "secured" or not. It is not "easier" just because the passwords were left at the factory default - if this is what the originator of the story is saying.

Monday, March 25, 2013

A review of penetration testing software

I have a review of the current, and recent, "pen" testing software and have posted it on my website

This software is either used by me to audit WiFi networks or it has been evaluated for possible use.

If you have anything add to the review, software that I may have missed or needs consideration, I can add it to the review.

Saturday, March 23, 2013

Installing Ubuntu Touch on an Android Tablet

As a long-time Linux user I am particularly interested in doing this.

My goal is to be able to run a decent editor such as Gedit so that I can author and edit web pages. It would also be nice to be able to upload image files to this blog using a tablet. This is a limitation that the Apple iPad seems to have. I guess that is the lack of access to the file system such that you cannot get Google Blogger to generate a list of images to choose from.

In my experiments with Android I think that the image/blog issue is solved but I can't remember attempting it. In any case the editing of files using the Android operating system was lacking when I experimented last year.

I will attempting, another, Linux install on an Android device in the near future.

Wednesday, March 20, 2013

How to use your standard Windows notebook as a wireless security audit tool

As a "security professional" you may have a requirement to perform an audit on a clients WiFi setup. Instead of purchasing an expensive tool that is supposed to enable you to do this I suggest that you can perform most of what is needed with a Standard Windows notebook.

A basic audit of a wireless network involves the determination of the security settings of that network. This can be done without the use of any special software or hardware. Many so-called "penetration" tools will tell you little more than you can determine with your notebook:

A list of wireless connections showing the SSID and security settings
Your client may not be aware that they have an unsecured network and the simple list that you can see using your Windows computer will show them clearly what connections are protected and those that are not.

The vendors of equipment that purport to offer you a more detailed idea of what your vulnerability is in a given situation are often just "spinning you a line". The tools that they are using merely reveal the same information but possibly on a screen the looks more "important" (as it is from a Linux application):

WiFite v2 is an example

Shown above is a screen from WiFite, a tool that is available on some penetration tools. All this is telling you is that there are 3 wireless devices detected. IT DOES NOT tell you whether the connections are secured or not. In addition, it is suspected that the 3 devices determined above a just the internal devices that the Linux operating system can see AND NOT ones that you potentially want to log-on to or even "hack".

A client will be more concerned if they are operating a system that is unsecured and may require your services to make their system secure, setting the encryption on their routers and wireless access points. Seeing as the marketing of devices that claim to offer "security professionals" tools to enable them to advise their potential clients on how not "To Get Pwnd" surely if is better to use a tool, a PC that they are familiar with, to show them.

As for "hacking" systems you will need far more sophisticated tools to allow the inspection of data traffic and the interpretation of such data. The ability to determine a password or the content of the payload is a VERY complex and time consuming exercise. The level of security also is a feature of the encryption method used, but I am sure that you know all about that!

Tuesday, March 19, 2013

Pwn Pad software download

There is nothing stopping a purchaser of an overpriced Pwnie Express Pwn Pad taking the image and allowing other hackers to install it on their Android device.

While it is likely that Pwnie will attempt to protect their efforts in configuring their device, they will have to contend with the "hacker community". Such individuals are not the sort that will want to pay $600 for free software!

Friday, March 15, 2013

2013. ROGERS Support Team

This looks like a scam to me.

The link is not a link. The .sk domain is is Slovakia, Rogers are in Canada (plus other places - not in the former Eastern Europe as far as I know).

I have seen a couple of emails with the identical text saying that I need to upgrade my Rogers/Yahoo mail all have been from email address nothing to do with Rogers.

Tuesday, March 12, 2013

Lord McAlpine and fact checking

Checking your facts before you Tweet or blog is still a "Chilling Effect".

Often there is no independent way of  checking facts except from other things that you find on the Internet. These "facts" may also be inaccurate so you will never be able to post an opinion as you can never be sure of your facts.

Those with power, such as McApline, will always have the resources to go after anyone that they don't like what they are saying about them regardless of whether it is true or not.

This also reminds me of the Super Injunctions brought by the likes of Wayne Giggs against reports of his affair with Big Brother star, Imogen Thomas.

If looks like that those with the surname McAlpine have a propensity for this sort to activity!

Monday, March 11, 2013

How-to download and install Ubuntu on an Android Smartphone or tablet

This is something that seems to be a popular thing to consider now that more and more Android devices are becoming available in the stores.

Something that needs to be pointed out is that even there is an excellent video presentation on the Ubuntu website by Mark Shuttleworth, there is no stable version of Ubuntu that is currently available for download and install. Even the askUbuntu forum answers the question:

What is 'Ubuntu for phones' and how can I get it?  - askUbuntu asked by Tom Brossman in January 2013 and updated by Ubuntu on February 2013:

"Right now is too early to tell how the Ubuntu for Phones will work, will be sold, how the software will be integrated, how to get the software and work on it/with it or even be compatible with an Ubuntu Desktop."

Monday, March 4, 2013

What I don't understand about WiFi Hackers

Rather than discuss whether the tools that are available are of any use in determining whether you are at risk or more importantly are any use in determining ways to compromise systems, the discussion revolves mainly around the cost of the equipment that is being promoted to enable penetration.

The Pwnie Expresss Pwn Pad is a case in point. Promoted at the RSA conference it is not whether the device is effective that the talk is about, it is the fact that they are trying to charge in the region of $600 for free software.

It seems to taken as red that users of wireless networks are at risk regardless of what measures that they may take. I don't think that there are many users that are not aware of wireless security and you are not easily put in a position where you can operate a network with no security in place. Encryption is pretty much setup by default and you would have to switch it off manually if you so desired. Most users are incapable doing this in any case.

The final irony is that even if you were to operate a wireless network with no security the relative risk that the average user would be exposed to would be minimal. Even if a "hacker" managed to penetrate your system and could "see" your traffic it is unlikely that that "hacker" could  do anything with this information. Apart from frightening the "hacked" into thinking that they are at risk and then sell them a solution so that they are presumably protected.

There are many that will disagree with me on this point but I would counter that many of these are the "profession" themselves and are in the business of selling you such solutions.

Sunday, March 3, 2013

What I think is actually possible when it comes to the penetration of Wireless Networks

amidst a sea of misinformation.....

I am not saying that Pwnie Express have not mangaged to produce hardware that incorporates software that can be used to penetrate WiFi networks, I am saying that many have an unrealistic idea of what can be done with such tool, regardless of the platform or device that the software runs.