Notices tagged with security, page 27

Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Tuesday, 29-Oct-2019 22:38:29 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
#wpa is not secure https://linuxsecurityblog.com/2019/10/29/crack-wpa-handshake-using-aircrack-with-kali-linux/ #kalilinux #security
In conversation Tuesday, 29-Oct-2019 22:38:29 EDT from pleroma.site permalink
Attachments
1. Invalid filename.
  
  Crack WPA Handshake using Aircrack with Kali Linux
  
  By QuBits from ls /blog
  Today’s tutorial will be looking into how you can crack the password of the 4 way handshake of someone that is re-authenticating themselves to a wireless router. The goal is to gain access to the router.
  
  As always guys, these posts are for Penetration Testing purposes and not to be used on real networks without permission.
  
  $199 ENROLLS YOU INTO OUR SELF PACED COURSE – LFS264 – OPNFV FUNDAMENTALS!
  
  So let’s get started, first we need to fire up our Kali Linux machine and get our WiFi card into monitor mode so we can monitor local connections to local routers. Then we will need to de-authenticate a user from the WiFi connection, this will give us time to capture the re-authentication (the 4 way handshake). Once we do that we will try to crack the password to that WiFi router to gain access.
  
  Once you are logged into Kali Linux, open a command shell. Type
  
  iwconfig
  
  This will tell you the interfaces that are connected to the internet over a wireless connection.
  
  We can see that our interface wlan0 is our listening interface, at the moment it’s in Managed Mode. We want to change that to Monitor Mode to scan for local devices trying to connect to local routers.
  
  ENROLL TODAY IN THE SELF PACED COURSE – LFS263 – ONAP FUNDAMENTALS FOR $199!
  
  It does this by packet capture over the airwaves. Kali does it with a range of tools. Airmon allows us to start monitor mode on this interface.
  
  airmon-ng start wlan0
  
  That seemed to work, no errors, so let’s check to see that the interface is in monitor mode.
  
  iwconfig
  
  Cool, the interface is set. Once you have that set up we can now grab packets from the airwaves on this interface.
  
  airodump-ng wlan0mon
  
  This process is knows as Channel Hopping and you will see the monitor change channels on the top left hand corner. It’s trying to find the devices that are trying to connect to all access points in the vicinity no matter what channel they are on.
  
  $299 REGISTERS YOU FOR OUR NEWEST SELF PACED COURSE! LFD201 – INTRODUCTION TO OPEN SOURCE DEVELOPMENT, GIT, AND LINUX!
  
  Now let’s say we want to target this AmIRootYet channel then we can stop the packet capture.
  
  Now that we have our target router, let’s see what devices are trying to connect to it. As we can see from above, the BSSID is being broadcast for devices to detect their presence and underneath, the Stations (clients) are associated with the access points.
  
  Now that we know the channel to the access point we are interested in we can just filter everything else out. Airodump will help us do that.
  
  airodump-ng -c2 -w capture -d DE:EF:CA:CA65AF wlan0mon
  
  The -c tag is the channel, the -w tag is writing the packet capture to a file called ‘capture’ and then we need to specify the BSSID. Then the interface at the end.
  
  Now it is fixed on the channel we want (2) and the access point we are trying to crack. On the bottom line we can see the access point and the Station beside it, that is a device that’s connected to that router.
  
  REGISTER TODAY FOR YOUR KUBERNETES FOR DEVELOPERS (LFD259) COURSE AND CKAD CERTIFICATION TODAY! ~~$499!~~ $299 now!!
  
  Our purpose now is to knock that Station, or any other device that’s connected to this access point, off of it, so that they have to reconnect. This will enable us to capture the re-authentication handshake and then we will try to crack the password offline.
  
  To knock the client off the network we need to firstly de-authenticate them from the access point. Airplay in Kali let’s us do exactly this. So grab the BSSID of the Station or client, we will need that for the next command.
  
  aireplay-ng --deauth 0 -a DE:EF:CA:CA:65:AF -c 10:A5:D0:EB:99:E6 wlan0mon
  
  The -c flag is the client we want to knock off the network, if we didn’t specify this we would knock all clients from the network and raise suspicion.
  
  Perfect, we are sending de-authentication packets to the client now. Now we wait to see if it got knocked off the network. This may take some time so be patient.
  
  What we are waiting for in the top right hand corner is for the WPA handshake to show up. Once we capture it we are good to go.
  
  BOOM! There it is!! We were able to knock the client off the network and we have captured the handshake in our file that we called ‘capture’.
  
  As we can see we have the capture file, so let’s open it up in Wireshark and see what it gives us. Wireshark comes as a default tool in Kali Linux.
  
  wireshark capture-01.cap
  
  Wireshark is a network protocol analyser but you could use another tool if you are more comfortable with something else.
  
  $299 WILL ENROLL YOU IN OUR SELF PACED COURSE – LFS205 – ADMINISTERING LINUX ON AZURE!
  
  There are a lot of packet captures we don’t want to see here, so let’s use the filter to just show us the 4 way handshake. In the filter filed type:
  
  eapol
  
  This stands for Extensible Authentication Protocol Over LAN (Local Area Network) and will filter just what we want.
  
  Look at that, 4 packets. That is the 4 way handshake we are looking for. So let’s dig into the packet a bit and see what’s in here. Click on the arrow beside 802.1X Authentication and this should give us the WPA Key.
  
  Marvelous, just one more thing to do now is to try and crack the key to get a password from it. We will be using a built in wordlist that we made for this post. Aircrack will help us achieve this with a brute force dictionary attack.
  
  BUNDLE CLOUD FOUNDRY FOR DEVELOPERS COURSE(LFD232) AND THE CFCD CERTIFICATION FOR $499!
  
  So it’s going to fire all passwords in the list at the target to see if we can guess the correct password eventually.
  
  aircrack-ng capture-01.cap -w /usr/share/dict/words
  
  This could take days, weeks or even months depending on the combination of letters and numbers and special characters that you use in the wordlist. For this demonstration though, we just used an easy passphrase to get access.
  
  Once we get the password Aircrack will et us know that it was found successfully.
  
  We cracked the password as we can see and it is the word ‘community’. This is why you should always use strong passwords for access to any network.
  
  Thank you so much for reading until the end. Please like, subscribe or comment, we’d love to hear from you. Also, give us some of your own ideas that you’d like us to cover.
  
  Peace!! 🕊️
  
  Quits 2019-10-29
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Tuesday, 29-Oct-2019 22:04:13 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
#cbs #tabloid #zdnet still at it with anti #linux #security FUD. Please do boycott the whole site. It deserves not to even exist. It's not news, it's propaganda for Microsoft et al.

In conversation Tuesday, 29-Oct-2019 22:04:13 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Tuesday, 29-Oct-2019 13:18:43 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
#Security Leftovers
http://www.tuxmachines.org/node/129858

In conversation Tuesday, 29-Oct-2019 13:18:43 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Tuesday, 29-Oct-2019 05:19:00 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
What you probably didn’t know about #sudo http://www.tuxmachines.org/node/129840 #gnu #linux #security

In conversation Tuesday, 29-Oct-2019 05:19:00 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Tuesday, 29-Oct-2019 04:31:07 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
● NEWS ● #ProprietarySoftware #security #microsoft #windows ☞ Congress Still Doesn't Have an Answer for #Ransomware https://www.wired.com/story/congress-still-doesnt-have-an-answer-for-ransomware/
In conversation Tuesday, 29-Oct-2019 04:31:07 EDT from pleroma.site permalink
Attachments
1. Invalid filename.
  
  Congress Still Doesn't Have an Answer for Ransomware
  
  from Wired
  
  As data hijackers continue to target local governments and hospitals, legislators remain stymied over how best to address the problem.
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Tuesday, 29-Oct-2019 04:29:25 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
#freebsd #security
https://www.youtube.com/watch?v=I2rhwnY6Bg4&list=PLskKNopggjc6NssLc8GEGSiFYJLYdlTQx&index=28 #bsd #unix
In conversation Tuesday, 29-Oct-2019 04:29:25 EDT from pleroma.site permalink
Attachments
1. Invalid filename.
  
  FreeBSD and the absurdities of security compliance
  
  By EuroBSDcon from YouTube
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Tuesday, 29-Oct-2019 00:47:23 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
#Security : Updates, #Firewalls and #ARIN
http://www.tuxmachines.org/node/129838

In conversation Tuesday, 29-Oct-2019 00:47:23 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Tuesday, 29-Oct-2019 00:27:53 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
You're #ARIN a laugh: Critical internet org accused of undercutting #security over legal fears
https://www.theregister.co.uk/2019/10/28/arin_rpki_open_source/
In conversation Tuesday, 29-Oct-2019 00:27:53 EDT from pleroma.site permalink
Attachments
1. Invalid filename.
  
  You're ARIN a laugh: Critical internet org accused of undercutting security over legal fears
  
  America's regional internet registry slammed by critics, snubbed by ISPs
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Tuesday, 29-Oct-2019 00:01:40 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
These certainly change lives; They destroy #privacy #security while increasing waste (money) and ewaste https://www.iottechtrends.com/life-changing-smart-home-products/

In conversation Tuesday, 29-Oct-2019 00:01:40 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Monday, 28-Oct-2019 21:53:34 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
Top #Linux developer on #Intel chip #security problems: 'They're not going away.' http://www.tuxmachines.org/node/129823 #kernel

In conversation Monday, 28-Oct-2019 21:53:34 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Monday, 28-Oct-2019 21:46:49 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
Ubuntu: #LXD #Security , #ROS EOL and More
http://www.tuxmachines.org/node/129826 #gnu #linux

In conversation Monday, 28-Oct-2019 21:46:49 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Monday, 28-Oct-2019 08:51:14 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
#police was supposed to give the taxpayers a sense of #security https://www.morningjournal.com/entertainment/kerry-washington-fears-for-kids-safety-due-to-police-violence/article_357ee698-20dd-50ce-bf1f-6f58de390e33.html

In conversation Monday, 28-Oct-2019 08:51:14 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Monday, 28-Oct-2019 03:58:02 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
old: #microsoft #windows #security #www
https://blog.didierstevens.com/2007/05/07/is-your-pc-virus-free-get-it-infected-here/
In conversation Monday, 28-Oct-2019 03:58:02 EDT from pleroma.site permalink
Attachments
1. Invalid filename.
  
  “Is your PC virus-free? Get it infected here!”
  
  By Didier Stevens from Didier Stevens
  Would you click on this Google ad?
  
  No? Sure? Because 409 persons did!
  
  How do I know? Because I’ve been running this Google Adwords campaign for 6 months now.
  
  Last fall, my attention got caught by a small book on Google Adwords at our local library. Turns out it’s very easy to setup an ad and manage the budget. You can start with a couple of euros per month. And that gave me an idea: this can be used with malicious intend. It’s a way to get a drive-by download site on the first page of a search result (FYI, I’ve reported on other ways to achieve this). So I started an experiment…
  
  I bought the drive-by-download.info domain. .info domains are notorious for malware hosting.
  
  I setup a web server to display a simple page saying “Thank you for your visit!” and to log each request. That’s all. I want to be absolutely clear about this: no malware or other scripts/code were ever hosted on this server. No PCs were harmed in this experiment.
  
  I started a Google Adwords campaign with several combinations of the words “drive by download” and the aforementioned ad, linking to drive-by-download.info
  
  I was patient for 6 months
  
  During this period, my ad was displayed 259,723 times and clicked on 409 times. That’s a click-through-rate of 0.16%. My Google Adwords campaign cost me only €17 ($23). That’s €0.04 ($0.06) per click or per potentially compromised machine. 98% of the machines ran Windows (according to the User Agent string).
  
  In a previous post on spamdexing , I reported 6,988 click-throughs to malicious websites over a 3 month period. That’s 2,329 click-throughs per month, compared to my 68 click-throughs per month. The Spamdexing “R” Us operation was much more successful than my little experiment, but at a greater cost (they ran a bunch of dedicated web servers). I’m sure I could get much more traffic with a higher Google Adwords budget and a better designed ad.
  
  This is how my ad looks on a search result page:
  
  I designed my ad to make it suspect, but even then it was accepted by Google without problem and I got no complaints to date. And many users clicked on it. Now you may think that they were all stupid Windows users, but there is no way to know what motivated them to click on my ad. I did not submit them to an IQ-test 😉
  
  Recently there have been several stories in the press pointing out that this technique is used “in the wild”. That’s why I’m publishing my results now, but my experiment is still running. Of course, the nature of the experiment has changed now that I have revealed it, but it could still turn out to be interesting.
  
  You can find a video of Google showing my ad here hosted on YouTube, and you can find a hires version (XviD) here. Not the best quality, but I wanted to show off my new Nokia N800.
  
  I want to thank all participants of my experiment.
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Monday, 28-Oct-2019 03:10:21 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
#Security : #VisibleV8 , #Snuffleupagus , So-called 'Awareness Month' and Other FUD
http://www.tuxmachines.org/node/129784

In conversation Monday, 28-Oct-2019 03:10:21 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Monday, 28-Oct-2019 00:49:29 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
#Snuffleupagus : Open source #security tool hardens #PHP sites against cyber-attacks

https://portswigger.net/daily-swig/snuffleupagus-open-source-security-tool-hardens-php-sites-against-cyber-attacks it needs to #deletegithub as #nsa hosting makes it less safe
In conversation Monday, 28-Oct-2019 00:49:29 EDT from pleroma.site permalink
Attachments
1. File without filename could not get a thumbnail source.
  
  Snuffleupagus: Open source security tool hardens PHP sites against cyber-attacks
  
  from The Daily Swig | Cybersecurity news and views
  
  The successor to Suhosin is protecting sites from the inside
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Sunday, 27-Oct-2019 20:54:42 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
Audiocasts/Screencasts: #Linux Action News, #OpenSource #Security Podcast and #Voyager 19 10 GE Run Through
http://www.tuxmachines.org/node/129776

In conversation Sunday, 27-Oct-2019 20:54:42 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Sunday, 27-Oct-2019 20:40:48 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
#OpenSource #Security Podcast: Episode 167 - Security is terrible because digital literacy is terrible http://www.opensourcesecuritypodcast.com/2019/10/episode-167-security-is-terrible.html
In conversation Sunday, 27-Oct-2019 20:40:48 EDT from pleroma.site permalink
Attachments
1. Invalid filename.
  
  Episode 167 - Security is terrible because digital literacy is terrible
  
  Josh and Kurt talk about the horrid state of digital literacy in the US. We start out talking about broken Phillips Hue light bulbs, the...
Björn Schießle 🌍 🇪🇺 (bjoern@mastodon.social)'s status on Sunday, 27-Oct-2019 14:05:38 EDT Björn Schießle 🌍 🇪🇺

Germany's BSI tested #Firefox, #Chrome, #IE, and #Edge. Firefox was only browser to pass all minimum requirements for mandatory security features. https://www.zdnet.com/article/germanys-cyber-security-agency-recommends-firefox-as-most-secure-browser/ #browser #security
In conversation Sunday, 27-Oct-2019 14:05:38 EDT from mastodon.social permalink
Attachments
1. Invalid filename.
  
  Germany's cyber-security agency recommends Firefox as most secure browser | ZDNet
  
  from ZDNet
  
  Germany's BSI tested Firefox, Chrome, IE, and Edge. Firefox was only browser to pass all minimum requirements for mandatory security features.
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Sunday, 27-Oct-2019 13:36:39 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
#Security Leftovers
http://www.tuxmachines.org/node/129760

In conversation Sunday, 27-Oct-2019 13:36:39 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Sunday, 27-Oct-2019 13:28:16 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
#proprietarysoftware #security https://dwaves.org/2019/10/27/company-it-takedown-by-ransomeware-by-0-day-in-the-bonjour-utility-for-itunes-followup-to-emotet-and-trickbot/
In conversation Sunday, 27-Oct-2019 13:28:16 EDT from pleroma.site permalink
Attachments
1. File without filename could not get a thumbnail source.
  
  company it takedown by ransomeware by 0-day in the Bonjour utility for iTunes – followup to emotet and trickbot
  
  By admin from dwaves.org
  
  company it takedown by ransomeware by 0-day in the Bonjour utility for iTunes – followup to emotet and trickbot

After
Before

Public

Notices tagged with security, page 27