Here is a video created by g0tmi1k on WEP cracking with Aircrack-NG.
How does this work? – ARP beacon is needed (depending on the attack method), so this can be re-injected back into the network. To get this packets the attacker needs to disconnect a connected client currently on the network (if the attacker keeps on repeating this part, it will be a DoS to the client). Once the key beacon has been captured and enough data injected/collected, it is now an offline attack either by brute force or a dictionary attack. Then its just a question of waiting then the attacker will have the key (brute forcing WEP can be less than 60 seconds!) From here, the attacker can use that key to decrypt the captured data from before, and now is able to ‘read’ it as well as join the network.
Today Guardian.co.uk reported that the famous Chinese Search engine Baidu Got hacked. Chinese internet users were unable to use the Baidu search engine after it was targeted by hackers called the ‘Iranian Cyber Army’.
Guardian Said,
The search engine is widely regarded as having good relations with the Beijing government and has never been associated with sensitive content. That led other internet users to speculate that foreign hackers were attempting to discredit Iran.
China’s state-run People’s Daily website reported that Baidu’s website began redirecting to a site attributed to the Iranian Cyber Army at around 8am (midnight GMT). The People’s Daily site published a screen grab showing a message reading “This site has been hacked by the Iranian Cyber Army”, alongside a picture of the Iranian flag.
Other users said they could not open the Baidu site, but it was back up and running by around 11.30am. In a statement, the company said: “Services on Baidu’s main website www.baidu.com were interrupted today due to external manipulation of its DNS (Domain Name Server) in the US. Baidu has been resolving this issue and the majority of services have been restored.”
A group calling themselves the Iranian Cyber Army temporarily took down the microblogging service Twitter.
The users who visited twitter got redirecte o the attackers website where it displayed “This site has been hacked by the Iranian Cyber Army.”
Twitter admitted that “its Domain Name Systems’ records were temporarily compromised but have now been fixed. The site says it will update with more details once we’ve investigated more fully.”
Apple has released a minor software update for iPhone to patch a security flaw revealed just yesterday. Security researchers Charlie Miller and Collin Mulliner on Thursday demonstrated this memory curruption bug at a blackhat security conference held at Las Vegas.
They demonstrated this flaw by sending an attack to a cent reporter who was present there.
This attack actually consists of sending a series of invisible messages which will eventually crash the iphone. But after this the attacker will be able to gain the control of this attacked iphone. So by this attack an attacker can use any function of iphone.
On Friday morning, Apple released iPhone OS 3.0.1. Available through iTunes, the update “Fixes SMS vulnerability,” according to its description.
“We appreciate the information provided to us about SMS vulnerabilities which affect several mobile phone platforms,” an Apple spokeswoman said in a phone interview with Wired.com. “This morning, less than 24 hours after a demonstration of this exploit, we’ve issued a free software update that eliminates the vulnerability from the iPhone. Contrary to what’s been reported, no one has been able to take control of the iPhone to gain access to personal information using this exploit.”
![Reblog this post [with Zemanta]](http://obscurant1st.biz/blog/wp-content/uploads/2009/12/reblog_e53.png)
