lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20021218223148.0649563f.merharm@wra.net>
From: merharm at wra.net (matt merhar)
Subject: A WiFi security tool I would like to see developed

Hey RMS,
Great idea, but I think it's already been in the works in the latest
version of Dug Song's infamous dsniff. I really hope that he fixes the
several remote exploits that exist in this acclaimed pen-testing tool,
though.

Here are some recent #monkey logs I've acquired that highlight the
features that I'm discussing.
*** #monkey Session Start (11/24/02) ***
<dr``> Hey Doug. How's it going? I'm working on my HoneyNet project, and
I'd like to implement a WiFi security tool. I think it'd be splendid if
we could somehow alert these ScriptKiddie BlackHats as to how insecure
it is for them to use our HoneyPots send Unsolicited Commercial E-Mail
(Better known as spam).
<dugsong> Excellent notion! In my homeland of Asia, it is considered
good KARMA to help people in times of need. Peradventure I shall add
such a feature in my next version of dsniff?
<dr``> Superb. Maybe you can give me credit for the idea? I think it'd
be delightful if we made it email everyone involved in this BlackHat
SPAM attack, including the Sender, the Receiver, and even those to which
a Carbon-Copy will be sent!
<dugsong> What's this bullshit I hear about ScriptKiddies being able to
gain root access to the VMWare Host Machines by exploiting flaws in the
x86 architecture?
<dr``> Rubbish! I've got Lance Spitzner on my side. I'm sure he's
audited the source code very well. What's this I hear about dsniff being
remotely exploitable in several places throughout the CodeBase?
<dugsong> Hmmm. Alright. I'll keep quiet.
*** #monkey Session End (11/24/02) ***
On Wed, 18 Dec 2002 21:28:04 -0500
"Richard M. Smith" <rms@...puterbytesman.com> wrote:

> Hi,
> 
> Here is a WiFi security tool that I would like to see developed and
> made available free of charge on the Internet.  The tool would be a
> packet sniffer that listens to unprotected email traffic on a WiFi
> network. When it sees an email message being sent in the clear, it
> sends out its own message to the "To", "From", and "CC" email
> addresses saying that the message could be easily read by the "bad
> guys".  The message who link to a Web page that describes the security
> problems with unprotected WiFi networks and then offers some possible
> solutions to the problems.
> 
> This tool would be a great way to educate the public on the dangers of
> insecure WiFi hotspots.  It would make crystal clear to all
> participants of the email conversation how easy it is for
> eavesdroppers to listen in.
> 
> From privacy reasons, the tool should not keep a record of any the
> TCP/IP traffic that it sniffs.
> 
> I believe that the tool can be put together without too much trouble
> using existing public domain software libraries.
> 
> Any takers?
> 
> Thanks,
> Richard M. Smith
> http://www.ComputerBytesMan.com
>   
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ