MITM Attack on Smartphones whitepaper

From Daily Dave Mailing List

SMobile has released a detailed report on research indicating that smartphone users are just as susceptible to man-in-the-middle (MITM) attacks as PC users. This report details the results of attempts to produce MITM attacks to determine whether it is possible to intercept SSL encrypted communications between various smartphone devices and servers. Of the devices that were tested, each of the major smartphone operating systems appeared to lack the ability to natively detect and defend against MITM attacks, allowing the testing team to intercept sensitive information that should have been encrypted via SSL.

Paper can be downloaded here:
http://threatcenter.smobilesystems.com/?page_id=1331

thanks to MAYANK

Tags: Exploits by ac3bf1
No Comments »

RainbowCrack 1.4 is released

From http://project-rainbowcrack.com/

This version focus on more effective rainbow table file format. New features:

* New compact rainbow table file format (.rtc) reduce rainbow table size by 50% to 56.25%
* New rt2rtc utility convert rainbow table from raw file format (.rt) to compact file format (.rtc)
* New rtc2rt utility convert rainbow table from compact file format (.rtc) to raw file format (.rt)
* The rcrack/rcrack_cuda program support both .rt and .rtc rainbow table file format
* Conversion from non-perfect to perfect rainbow table is supported by rt2rtc utility

Smaller rainbow table significantly improve table lookup performance!

Tags: Exploits, Tutorials by ac3bf1
No Comments »

phpbb.com Hacked – A Thorough Description!

phpbb.com was hacked. Sites get “broken into” every day, but in this case a very thorough description was published here on how the attack was carried out. There is a lot to learn form there, even if techniques used are mostly straight forward. After the attack, someone else then ran the list of recovered passwords through an analysis program, and here is what he came out with.

Links:

phpbb Home Page

Details of Attack

Password Frequency Analysis

Happy Hacking!

Tags: Exploits by ac3bf1
No Comments »

WPA PSK lookup tables: wpa_psk-h1kari_renderman

Since link was broken on the Church of wifi website I got a copy though tbhost.eu. Now their link is broken. Here is an http copy and a torrent file (Please use torrent where possible…)

HTTP (not possible anymore due to high bandwidth usage)

Torrent

Credits:

HTTP Download from here (Broken Links?)
Church of Wifi
and The Shmoo Group for the previous Hosting of the torrent.

Tags: Exploits by ac3bf1
No Comments »

Interesting (possible) phishing for admins?

Read the posts on this forum

Then visit the site linked at the bottom of the page, or click here

That looks like phishing to me… Very simple attempt…

But could be effective if indeed it IS phishing…

To test it out, someone could perhaps create a “super” jailed ssh account on a system to perhaps see if someone attempts to login using those parameters… Someone wants to attempt it, and report back?

Tags: Exploits by ac3bf1
No Comments »

Steve just had his USRP confiscated

Shocking news… I wonder what they will do with an Open Source Device…

GSM Researcher stopped at Heathrow Airport by UK government officials

Tags: Exploits by ac3bf1
No Comments »

CCCC 2007 GSM A5 Cracking Talk

Tags: Exploits by ac3bf1
No Comments »