Posts tagged as:
nSSIDer is an award-winning free Wi-Fi network scanner for Windows Vista and Windows XP. Because NetStumbler doesn’t work well with Vista and 64-bit XP, an open-source Wi-Fi network scanner designed for the current generation of Windows operating systems.
[click to continue…]
{ 0 comments }
The rumor mill has been put into high gear this morning by a discover of some code in the latest iPhone OS 3.0 beta release indicating that voice recognition may be a part of the new operating system.
Even though the newest beta developer code for for Apple’s iPhone 3.0 operating system has been out for about a week, people are still finding new things in it. There appears to be hooks in the new API for both voice recognition and voice synthesis, in the form of an OS component named Jabbler, already in the new operating system, according to a PC World story.
This new OS component will apparently be used to build an enhanced Springboard application, which is the software in the iPhone which controls the home screen and launches applications. This part of the OS will also be the basis of the new Spotlight search feature. It is possible that we have already seen part of the new Apple voice functionality built into the latest iPod shuffle, which is able to read items like playlists, song selections, and other text items in a synthesized voice.
Apparently this rumor started this morning when sources close to the iPhone OS 3.0 project told ars technica about the existence of the voice recognition part of the package. It seems surprising that it had not been noticed before, since the current beta developers code has been out for a week and has been pretty thoroughly investigated. Apple has not confirmed this rumor.
{ 0 comments }
In a presentation today at Black Hat Europe, a computer-security conference in Amsterdam, a group of researchers claimed to have found a way to hijack the data sent to and from mobile phones. The researchers say that the attack might be used to glean passwords or to inject malicious software onto a device.
Mobile phones are becoming ever more useful for transmitting data in addition to making voice calls, and they’re increasingly being used for sensitive activities such as online banking, as well as for searching the Internet and downloading mobile games.
The new attack relies on a protocol that allows mobile operators to give a device the proper settings for sending data via text message, according to Roberto Gassira, Cristofaro Mune, and Roberto Piccirillo, security researchers for Mobile Security Lab, a consulting firm based in Italy. By faking this type of text message, according to the protocol an attacker can create his own settings for the victim’s device. This would allow him to, for example, reroute data sent from the phone via a server that he controls. The researchers say that the technique should work on any handset that supports the protocol, as long as the attacker knows which network the victim belongs to and the network does not block this kind of message.
Some trickery is required to make the attack work, however. Ordinarily, to transfer settings to a device remotely, a mobile operator will first send a text message containing a PIN code. The operator will then send the message to reconfigure the phone. In order to install the new settings, the user must first enter the PIN.
{ Comments on this entry are closed }
As wireless networks evolve, so does the security encryption needed to protect them. As usual, the methods to hack this encryption evolves just as fast, so let’s take a look at how its done and how to protect yourself from these types of threats.
WEP-based encryption was the first to be developed, and therefore first to be easily cracked and made vulnerable. Then came WPA-based encryption which took the security up a level and introduced some new methods. Let’s look at some differences between the two. WEP, or Wired Equivalent Privacy, is a basic form of wireless security where both the “WAP” and the user are configured with an encryption key of either 64 bits or 128 bits in HEX. When someone connects to the network, the access point issues a “random challenge.” The user inputs the key which is encrypted with the “challenge answer.” If the answer is correct, the user is granted access to the network. WEP is easy to crack because the network key required to gain access is static, and with very little effort can be figured out.
WPA-based encryption, or Wi-Fi Protected Access, is similar in theory to WEP but doesn’t use a static network key, but rather a “Temporal Key Integrity Protocol (TKIP),” which changes keys with every data packet sent or received. This by itself makes WPA a very secure method for wireless networks, but the problem is that in most home-based environments, a “shared pass phrase” is used to access the network. If this pass phrase is any word found in the dictionary, a hacker can crack it through what is known as a “brute force dictionary attack.” While it may take a long time, it can be done.
Since WEP can be easily cracked, we’ll focus on educating you on how your WPA-encrypted wireless network can be cracked and made vulnerable to attacks as well, and how to prevent this from happening, or at least lower your risk considerably. With WPA, there’s two different versions; PSK and RADIUS. In the simplest terms, PSK is hackable and RADIUS is not. PSK uses the TKIP process I mentioned above to authenticate the network, and therefore makes it vulnerable to cracking. While WPA is indeed much more secure than WEP, only WPA-RADIUS is un-crackable. Ninety percent of access points and home wireless routers don’t even support WPA-RADIUS, only advanced enterprise-based routers do, which leaves most WPA-secured home-based networks almost as vulnerable as WEP-secured networks.
{ Comments on this entry are closed }
