A triple-payload e-mail attack that uses a fake shipping confirmation notice with a supposed attached label is making the rounds.A write-up from the company describes a social engineering ruse designed to nail someone who wasn’t paying close attention, with a .zip file attachment that contains an executable disguised with an Excel file icon. The text of the e-mail tells the recipient to open the attachment to print a shipping label (one big clue that this is a scam).
The Default Windows behavior to show file extensions can help thwart the common trick of using a fake document icon to disguise an executable file, assuming that the attached file made it through your anti-spam and antivirus programs. You’d have the chance to see that the supposed Excel file ended in .exe.
In XP, as Brandt describes, change that by opening Explorer, clicking Tools up top, and then unchecking “Hide extensions for known file types.” In Vista, start with Organize, then choose Folder and Search options. For either Vista or XP, be sure to click the “Apply to Folders” button to apply the change to all folder, not just the one you’re looking at.
[click to continue…]
WEPCrack is a tool that cracks 802.11 WEP encryption keys using the latest discovered weakness of RC4 key scheduling.
Tool Capabilities :
The current tools are Perl based, and are composed of the following scripts:
1) WeakIVGen.pl – This script allows a simple emulation of IV/encrypted output that one might observe with a WEP enable 802.11 Access Point. The script generates IV combinations that can weaken the secret key used to encrypt the WEP traffic
2) prism-getIV.pl – This script relies on output from Prismdump [or from Ethereal captures if libpcap has been patched for 802.11 monitor
mode], and looks for IVs that match the pattern known to weakned secret keys. This script also captures the 1st byte of the encrypted output and places it and the weak IVs in a logfile.
3) WEPCrack.pl – This script uses data collected or generated by WeakIVGen to attempt to determine the secret key. It will work with either 40bit or 128bit WEP.
Additionaly, a script prism-decode.pl is included that will decode most 802.11 frame types. This tool is intended to be used with prismdump, but could also be used against Ethereal 802.11 saved captures. It might be useful for capturing SSIDs, AP MAC addresses, or authentication data.
[click to continue…]
