Wednesday, December 30, 2009

Cracking GSM Encryption for Public


Few days ago, in 26th Chaos Communication Congress(26C3), researchers presented a live proof-of-concept for cracking GSM encryption protocol A5/1 that is used in many GSM networks worldwide nowadays.


- Security agencies worldwide are cracking the A5/1 for years, now it is publicly available
- It was previously cracked in 2008 by someone else, but the tables was never released
- The crack is using rainbow tables created by the community
- A5/1 is vulnerable to pre-computation attack
- Creation of pre-computed tables will take 100,000+ year on a single PC, or 3 months using 80 distributed CUDA nodes.
- The new table generation techniques and tools are released as open-source
- Pre-computed tables are publicly available on bittorrent networks
- The attack claim 50% success rate, without capturing data from the registered phone, 99% with data captured from the phone.
- Open Source interceptor: OpenBTS and Radio Receiver System (USRP2)
- The needed equipment cost 4000$
- The next generation protocol A5/3 is academically broken.


So what is new here?
Actually A5/1 is known to be a weak stream cipher for long time but details were only for closed groups, now it is public, relatively easy, and cheap. The interesting part is that many GSM operators are using this well-known weak encryption.

The moral of the story is ..... keep your mouth shut....


Links:

Thursday, December 24, 2009

Reports, Anti Virus Comparatives, 2009



AV-Comparatives released the 2009 summary report commenting on various AV products and comparing the results of various tests.

Best products of the year is Symantec, followed by Kaspersky, followed by ESET

Microsoft is doing a very good job, with their Security Essentials product, based on various reports and based on my own experience.

Wednesday, December 23, 2009

Wardriving Setup



Here is how to build your own wardriving setup:

Here is my checklist:
- Laptop :)
- High gain omni antenna 15dBi (choose the correct cables & connector to your wireless card)


Kismet New-Core comes with a new log format, so all the old tools used to convert kismet logs to Google Earth format is not valid anymore, the only tools I know that work with th new core are GISKismet or netxml2kml

I like the GISKismet tool, as it has some nice features:
- Eliminate duplicate APs, in case you have several log files.
- Filtering AP before exporting logs
- Filtering AP before generating kml file
- It uses a database (sqlite3), giving you great flexability for whatever queries you need, such as top SSID used, Encryption statistics, channels usage distribution,.....etc



Saturday, December 19, 2009

Spam Tactics after .cn Registration Restrictions

CNNIC (China Internet Network Information Center) has changed the rules for registering new .cn domains, requiring business registration documents starting from 14th December.

Here is how Sophos detected the behavior change in the spam tactics, where spammers are started using specific free web hosting services in their Canadian pharmacy spam.


Saturday, December 12, 2009

Paid WPA Cracking Service, on the Cloud

WPA Cracker is a new paid service for cracking WPA or WPA2 Pres-Shared Key.

- The service is running on cloud with 400 CPU
- Uses dictionaries with 130 million word, tailored for wireless cracking
- 2 pricing models 17$ (using CPU half capacity) and 34$ (using full capacity to shorten time)
- Require pcap file with WPA handshake
- Accept Amazon payments
- Cracking the key is not guaranteed.

So are you ready to crack your neighbor's wireless network for 17$??

Friday, December 11, 2009

SHODAN, The Banner Grabbing Search Engine

SHODAN is an interesting search service, this is a banner grabbing search service that could reveal some useful information for interested people. SHODAN is scanning the internet on specific ports and provide the scan results in a searchable way.

I did a simple search using SIP keywork, and easily got web access to lots of voip devices on the internet. The IP ranges I checked randomly are all ADSL ranges, poor end-users!

In Egypt more than 200 Cisco routers have web admin interface enabled, and exposed publicly.

The database has more than 11K IPs in Egypt, 3K IPs in UAE, and 8K IPs in Saudi Arabia.

Shodan queries samples are here and here
Shodan Firefox addon is available here.