WPA 2 Wifi compromised. !

[Fon]

http://www.independent.co.uk/life-style/gadgets-and-tech/news/wifi-wpa-2-krack-security-hacking-cyber-crime-device-smartphone-ipad-break-internet-us-government-a8002446.html

 

Looks like you need to use SSL with every website, or stick that plug back in again!

 

Fon

[Snuffs99]

I'm ok, PC is connected via ethernet and my router is set so only specific mac addresses can connect...plus i cant see any hacker wanting to hack me tbh.

[Neoburner]

Ah it’s actually been comprimisable for a while, many a time AC helped me with that, and with a decent mitm process most can be sniffed! 

I do miss my infosec days!

[Neoburner]

Sent from my iPhone using Tapatalk

[HackmanSlim]

hmmmm, looks a bit hard to do that one neo, got anything a bit more simplified

 

Slim 

[Mik25]

On 16/10/2017 at 9:20 PM, Fon said:

http://www.independent.co.uk/life-style/gadgets-and-tech/news/wifi-wpa-2-krack-security-hacking-cyber-crime-device-smartphone-ipad-break-internet-us-government-a8002446.html

 

Looks like you need to use SSL with every website, or stick that plug back in again!

 

Fon

ssl has been compromised since the beginning of the attempted Syrian uprising.The DSA(dark syrian army) using dark comet initially were able to intercept and change the secure packets to intercept/disrupt communications over social networks.

The method is commonly available now and has been used to target individuals and large organisations.

Edited October 22, 2017 by Mik25

[Neoburner]

Dark comet was totally ripped from the sub7 days, I feel for the kiddies of the past putting the effort in to only be wiped out by a rewrite!!

Only additional good thing was the reverse shell from the payload, sub was a tcp in only, and using ICQ to grab the NAT's was always a welcome tool!

Nothing beats the matrix screen!

[Mik25]

They used dark comet not for its console,at that time it was the only fud rat using pdf that they spread again over social networks arranging demo's etc they had setup.

Js is the tool of choice now,being so badly underestimated particularly by google.Android is practically a failed os as a result and they know it,no matter how many revisions they make.

I wouldnt have android on a watch never mind part of my network.

MS have the problem that it can write to data areas windows can't even see,but thats another story.

[Neoburner]

For me the issue with public available exploits is they are exactly that, public, most can be pin pointed and kiddies using them will get found because of lack of self knowledge.

Writing a tailored script and not grabbing low hanging picks is how the concealed people do it, and they are the ones you never hear of!

It's why I went white and not black back in the day, it's more fun and more reward-able...

Rev engineering is my favoured fun part of it all, hacking the stack is a term I enjoy, EIP and ESP's... my wife thinks I am actually looking at coded porn!

On a side note, Mr Robot has pulled a-lot more interest in the market!

@Mr_Spark ... memories! - BSides is always a fun day out