What is Digg?62 Comments
- ElJefeGrande, on 10/12/2007, -4/+32And the reason why so many people have dugg it is because they either a) thought it was so damn cool that it deserves to be dugg again or b) they haven't seen it before (which applies to me). Who cares if it is old news to you, it is new news to me and I'm guessing to most of the people that dugg this.
Who cares about history...it's in the past, and it's old news. - didymus, on 10/12/2007, -0/+13This is not news. I can crack WEP on my ibook using kismet in under 10 mins. It's all about disassociating, replaying and then gathering weak keys.
From what I remember there was a video floating around of someone performing this hack. - cdharrison, on 10/12/2007, -6/+19Pretty scary that cracking WEP would be this easy. Just goes to show you... nothing is truly secure.
- radison2, on 10/12/2007, -6/+16This was an awesome story...............................on March 31, 2005 when it happened.
- phobos182, on 10/12/2007, -2/+10This is a little bit of stale disinformation. 40Bit (AKA 64Bit WEP) can be cracked in about 10 minutes with around 130,000 IV packets using packet reinjection. 104Bit (AKA 128Bit WEP) takes around 1,000,000 packets and takes much much longer. Utilities such as KisMac (Mac OS X) make the process much easier by including WPA / WEP cracking (weak scheduling / word lists), deauthentication / authentication flooding and packet reinjection instead of relying on multiple linux programs. 40Bit WEP is very old. Most home users utilize 128Bit WEP.
In any case WEP can be cracked if you really want access to the LAN (As a targeted attack in a coroporate setting). Most smart companies use WPA with EAP for lock tight security. - audioscience, on 10/12/2007, -0/+8Just what we need, everyone running around cracking WEP keys on their neighbors' networks...
I'm gonna go try it. - RandomSkratch, on 10/12/2007, -0/+8Apparently the time police are out on patrol again...
Hey look, there's a guy over there wearing platform shoes! - toomuchgreentea, on 10/12/2007, -1/+8I thought the consensus on time needed to crack WEP has been 3-10 mins for a very long time. I'm not sure what the FBI did was anything special.
- rnscwas123, on 10/12/2007, -0/+7I saw this over a year ago on digg. Its just back since the FBI finally figured out how to do it.
- kewldude606, on 10/12/2007, -5/+11Yes, things are secure.
Some algorithms aren't. If my "encryption" was to multiply everything by 2 and it got broken, would all encryption be insecure? Nope. - da_dude, on 10/12/2007, -1/+6Few months my butt!
- jon3k, on 10/12/2007, -0/+5Everyone calm down. To crack a 128bit WEP key (the norm) you're still looking at around 100,000 packets to aircrack the key instantly. Sometimes you can get away with as few as 50,000. It usually takes me 20-30 minutes to capture enough traffic with aireplay to crack a 128bit key. Also, there has to be a host on the network, which either generates an ARP, or that you can convince to issue an ARP (thats what the deauth attack is for, which works ocassionally). Trust me, at 2am, it can be tough to find an active host.
Thats why you should all be using WPA and cycling your keys (WEP and WPA). It could take months to years to crack WPA. - ZaNkY, on 10/12/2007, -0/+5Kismet:
http://zanky.igotfree.com/1.htm
KisMAC:
http://zanky.igotfree.com/4.htm
Both are around 10 minutes. - joeTSUNAMI, on 10/12/2007, -0/+5This is such old news.. The article hardly provided any information. I've seen much more detailed articles about this (long ago). I'm not sure how it got so many diggs.. gonna guess if you put FBI in a headline, anyone will bite.
- dharm, on 10/12/2007, -0/+4there have been better guides about this that made it to the front page...
"WEP Cracking, the FBI Way"
the fbi way seems to be the same way everyone else uses, just outdated.
"WEP cracking usually takes hours."
Almost every guide i have seen on cracking WEP takes 2 to 15 minutes. I personally havent ever taken longer than 10 minutes.
http://www.milw0rm.com/video/watch.php?id=1
http://youtube.com/watch?v=MQu0FjZGudM&search=wep
http://youtube.com/watch?v=G38PD5FyUxE&search=wep
http://youtube.com/watch?v=4IpOS27J5a8&search=wep
http://youtube.com/watch?v=Dl672fq_dfY&search=wep
http://youtube.com/watch?v=4IpOS27J5a8&search=wep - Nyfeh, on 10/12/2007, -0/+4Yeah.. Just use WPA. Seriously...
- klbclem, on 10/12/2007, -0/+4@phobos182
The FBI most likely used a direct packet injection tool like those found in aircrack-ng on the security Auditor CD and more recenly the Backtrack CD and on my comp. it takes about 2-20 mins to crack WEP 128 depending. For those who don't know, the tool can be found at aircrack-ng.com and premade Linux Live CDs at remote-exploit.com. Note that Auditor and Backtrack are very picky about which wireless cards (and more specifically which wireless chipsets) you are using, it wants mostly wireless 802.11b based prism cards; one of the few popular modern chipsets it can use effectively (with direct packet injection) are the Intel Centrino based wireless 802.11b/g and 802.11a/b/g cards.
FYI: WEP 128 is VERY broken and should not be used EVER, WPA should be used instead and for the home user WPA with AES works well. There is a slight vulnerability that has been discovered in WPA (running any encryption algorithm) you should use a password of at least 21 characters if I remember right
check the number at informit.com; and as always you should use a high entropy (a password randomly generated by a computer) as even though computers use a psudo-random algorithm they generate passwords a lot more random than you could think of (usually humans will not pick numbers with certain patterns because we do not see them as random) - cphuntington97, on 10/12/2007, -0/+3SO... could I sue nintendo for forcing me to use WEP since that's all their product is compatable with?
- spamdies, on 10/12/2007, -0/+3Funny thing, isnt this based off a demonstration the fbi did at defcon about 2 years ago? this is acient news, what did the poster blow the dust off of to find this?
- steelmaverick, on 10/12/2007, -1/+4 . 1 Funny
I wish we could mod comments like this. Just like in Slashdot. Perhaps for Digg v4? - inactive, on 10/12/2007, -0/+2Wow this is really old. Sorry. Still cool though.
- Urusai, on 10/12/2007, -0/+2If you want security, use VPNs or a similar encrypted data stream. You should consider your data conveyance as an open channel in every situation. I would use WEP/WPA where appropriate to stop casual bandwidth leeches, not for security.
Besides, if you wouldn't need security unless you had something to hide. Surely you escrow your WEP keys with the FBI already, right? You aren't a terrorist, are you? - squeevey, on 10/12/2007, -1/+3wasn't this on thebroken?
- Ozmotear, on 10/12/2007, -1/+3I didn't think my Avatar was all that great when I made it, but I guess I should be honored that you Stol... er Copie... er Borrowed it.
- MrCodeDude, on 10/12/2007, -0/+2Agreed. This is incredibly old.
- Hamsterpotpies, on 10/12/2007, -0/+2it was
- harmo777, on 10/12/2007, -2/+4who eva still uses WEP deserves to be hacked
- t3hX, on 10/12/2007, -0/+1Who doesn't know this. BTW, why is Old News not in "bury this"?
- Agret, on 10/12/2007, -0/+1"A few months ago" more like a year ago and this has been around for ages now. "WEP cracking usually takes hours. Lots of hours", no it usually takes about 5 minutes. Digg v3 needs an "old news" cat for tech so you can submit stories like these still.
- Kupop, on 10/12/2007, -1/+2How is this on digg? This is so old. Well the digg count might prove that people still may not know that They aren't safe cause last time I checked I thought everyone knew about WEP cracking and how easy it is.
- livet0ski, on 08/17/2009, -0/+1this is old school now. new versions of Aircrack have come out since then rendering the tut useless.
- chadseld, on 10/12/2007, -1/+2as I recall, 128bit wep and 104 bit wep are the same. There is some dispute over which bits in the key are actual 'key' bits verses standard header bits.
- Spec8472, on 10/12/2007, -0/+1...except the person with the scissors.
- inactive, on 10/12/2007, -2/+3Back in my day, when it was hip to use tin cans and string, no one could interfere with communication. But now it seems that these crazy kids are in a very insecure world.
- Agret, on 10/12/2007, -0/+1There is a way to intercept it, tie another piece of string onto your one somewhere along the line.
- PacoBell, on 10/12/2007, -0/+1@bartonnen: What makes you think the router can tell any device apart from its MAC address? Answer: it can't. It'll just broadcast normally and it's up to the client to make sense of the signal.
- xigxag, on 10/12/2007, -0/+1Students at my tech school are going be doing a demonstration before members of congress. There is a sort of competition between students to come up with a "hack" that can be presented in a 5-minute time-frame as different people come by. Perhaps the WEP vulnerability would be a good thing to show them, but it is old news. It needs to be something that would make any non-tech person awed at how quickly/easily security could be compromised. I wish there was something that also showed the importance of net neutrality so we can make a political point at the same time.
If you have any ideas...deadguys at gmail - PacoBell, on 10/12/2007, -0/+1Packet injection on ethernet != packet injection on 802.11
- JustMatt, on 10/12/2007, -0/+1I just tied my string onto the middle of your string and listened in. Hacking 1.0
- Nunya, on 10/12/2007, -1/+2Didn't they do this on Hak5 on episode 2 or 3?
Old - inactive, on 10/12/2007, -1/+2Nice to see the FBI finally figured out how to crack WEP, years after everyone else.
- lampiaio, on 10/12/2007, -0/+1(strange, couldn't edit after posted... immediatly said "4 minutes ago")
informal
an indefinite small number : he hoped she'd be better in a couple of days [as pron. ] | we got some eggs—would you like a couple? | [as adj. ] just a couple more questions | clean the stains with a couple squirts of dishwashing liquid. - inactive, on 10/12/2007, -1/+1This is so wrong lol.
- lampiaio, on 10/12/2007, -1/+1wrong.
from the New Oxford American Dictionary:
couple |ˈkəpəl|
noun 1 two individuals of the same sort considered together : a couple of girls were playing marbles. •
>>>>>>>>informal an indefinite small number - shafiu, on 10/12/2007, -0/+0Boy am I glad the Feds finally learned to crack WIFI after all these years.
- Odweaver, on 10/12/2007, -2/+2Marked innaccurate it was a few minutes meaning three, not a couple minutes meaning two.
[/sarcasm] - under_R_run, on 10/12/2007, -2/+2"WEP cracking usually takes hours"
maybe back in 2002... - bartonnen, on 10/12/2007, -0/+0But if you have Nintendo DS's - you have to use WEP.
Doesn't limiting which MAC addresses are allowed on your network prevent people connecting? And if they can figure out a valid MAC address, what happens when the router sees two devices with the same MAC? - Nerfdude, on 10/12/2007, -1/+1"a couple of minutes" is two minutes. not three minutes to be exact. "a few minutes" is an arbitrary term.
- inactive, on 10/12/2007, -6/+5OMG PACKET RE-INJECTION!?! we haven't seen that on digg in like 12 hours!
-
Show 51 - 62 of 62 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is