Metasploit Framework integrated with KARMA! Metasploit is most potent security penetration and exploit development platform, while KARMA is a potent Evil Twin (Honeypot) tool with attracts unassuming wireless clients. With this integrated tool, it is all the more easier to establish wireless connectivity with probing wireless clients and “Metasploit” them. http://trac.metasploit.com/wiki/Karmetasploit http://blog.trailofbits.com/karma/
… and Don’t Sweat Chasing Hacking Tool Signatures! You feel pretty good and more secure when you receive that daily signature update from your anti-virus software. I feel the same and why not – anti-virus technology is fundamentally rooted in signature analysis. But don’t make the mistake of applying the same metric to wireless… Read More
If you did not know about this or if you did not get the latest, you really ought to read Bob McMillan’s article in Network World. This is a very sneaky and vicious attack and apparently growing like wildfire. They almost got me but being fleet of foot, I got away.
The Department of Telecommunications (DoT), Govt. of India, has set a June 2009 deadline for complying with its regulation on WiFi security. Here’s a position paper that evaluates the DoT regulation and suggests best practices for secure use of WiFi.
Interesting gadget from Novatel/Verizon that lets you carry your WiFi hotspot with you. You can even share it with your friends. Check this out!
Today Network World released an interesting real-life case study of data leakage in the enterprise – refer to http://www.networkworld.com/news/2009/051109-data-leak-audit.html?page=1 The auditor found unencrypted confidential data being sent by internal employees through email & web communication (via the company’s firewall). While customers need to deploy Email & Web DLP systems to protect themselves against these risks they also… Read More
There appears to be a very high incidence of wireless vulnerabilities and poor wireless security practices in the financial districts of seven cities according to the results of a survey released 5/13/09 by AirTight® Networks. AirTight issued the findings of its Financial Districts Scanning Report for wireless security vulnerabilities in the financial districts of New York, Chicago, Boston, Wilmington (DE), Philadelphia, San Francisco and London. Read more
These days, certain terms are often used to characterize Wireless Intrusion Detection/Prevention System (WIDS/WIPS) architectures – overlay and integrated being most commonly used and that too with variable meanings. This post explains what these terms mean or should mean to be consistent with fundamental underpinnings of WIDS/WIPS architectures and functions.
Another article in the series by Joanie Wexler. “There are several ways to scan your 802.11n air environment for nasty goings-on. At a glance, the options seem pretty straightforward. However, you need to look carefully under the hood to draw a true apples-to-apples comparison of the accuracy and cost of the various offerings.” http://www.networkworld.com/newsletters/wireless/2009/033009wireless1.html?page=1
Interesting article from Joanie Wexler on the real costs of adding wireless intrusion to your WLAN. She compares a similar configuraion from several vendors. http://www.networkworld.com/newsletters/wireless/2009/042709wireless1.html