Simply Steal all SAF / SPF / Corporate computer secret

[SeeFartLoong]

One USB thumb, one single button pressed.

All Stolen!

Even BIOS USB lock can be broken by codes hidden in USB drive.



No need James Bond 007, no need CIA KGB. No need JI no need MSK.

http://digital.asiaone.com/Digital/Reviews/Story/A1Story20090805-159340.html

SanDisk Ultra Backup USB Flash Drive

By John Tan, a freelance writer
SanDisk Ultra Backup USB Flash Drive
» Price: $50 (8GB) to $360 (64GB)
» Available: from authorised dealers such as ChallengerSuperstore and South Asia Computer.Forfull retailers' list, check:www.vector-magnetics.com/dealers.html

MAKING the easy easier is what SanDisk aims to do with its latest flash drive.

Usually, backing up files into any flash drive requires you to plug the device into the computer's USB socket, run Windows Explorer, then drag and drop the files you want archived into the drive's folder.

The Ultra Backup USB Flash Drive does away with the drag-and-drop bit, making archiving a one-touch process.

Simply plug it into your PC and press the Backup button - the gizmo automatically copies the contents of your desktop and common folders such as My Documents and My Pictures onto itself.

If you want the self-created folders, say, Health, Holiday or Expenses, automatically backed up, use the built-in software for that.

Just browse through the Windows Explorer-like checklist that you will see onscreen and tick the checkboxes for the folders you want included.

The next time you run a synch, these folders will automatically be archived.

The fact that the software - SanDisk Backup - is built into the gizmo is a boon as it means that you do not have to install additional software for the PC to recognise the drive.

You can also choose from options like file encryption so that if the drive gets stolen, the thief will not be able to open your files without a password.

The software also tracks the files that have been modified, deleted or added since the last synch and updates the contents of the flash drive to mirror the files changed on your hard drive.

So, there is no need to manually sift through the list of files using Windows Explorer to figure out which ones have changed.

The backup software runs only with Windows XP or Vista. Mac and Linux users must manually drag and drop files and folders to move them between the computer and the flash drive.

The Ultra Backup series comes in 8, 16, 32 and 64GB capacities.

Final say

Easy backup within a regular USB storage drive.

 

[Lee_Gong_Yaw]

Who stole my bra?

 

[SeeFartLoong]

Cisco teach you how to crack WPA-2 Wifi Security!

http://www.ciscopress.com/articles/article.asp?p=370636

Cracking Wi-Fi Protected Access (WPA), Part 2

In part 1 of this series, we looked at the internals of WPA as compared to WEP, and saw how this wireless protection method can be cracked with only four packets of data. With a solid understanding of how keys are created, transmitted, validated, and then used to set up the encryption between two wireless devices, we're ready to investigate how WPA can be cracked.
Starting the Crack

First, it's important to note the efforts that the designers of WPA went through to secure WPA. The four-way handshake was designed to occur over an insecure channel using plaintext, but still provide a means of authenticating and initializing a secure connection between two devices. At no time is any key actually transmitted over the air. The pre-shared key (PSK) is first converted to a primary master key (PMK), which is then used to create the primary transient key (PTK). The PTK is broken down into several parts, one of which is the MIC (Message Authentication Code) Key. This value is then used to create a message digest value (hash) that is appended to each packet for validation. Note that a hash, by definition, cannot be used to re-create the original data. As a result, at no time is sensitive data exposed to an attacker.

The problem isn't directly related to the algorithm or WPA initialization process, but is instead tied to the simple fact that the process can be reproduced. This fact, combined with the reality that most users select poor passwords, provides an opportunity that can be exploited.

NOTE

Both the WPA and 802.11i documentation recommend a minimum 20-character password. Unfortunately, this small tip is buried in a lot of highly technical information, and therefore unavailable to the typical SOHO user.

To illustrate how the attack works, let's dissect a successful crack using a program written by Joshua Wright, who has made headlines with his security research. His work prompted Cisco to release a warning about the insecurities of LEAP, and eventually lead to the release of EAP-Fast. Mr. Wright also produced the first publicly available WPA cracking tool for Linux. While KisMAC had this ability for several months prior to the release of coWPAtty, the use of that tool requires a Mac.

 

[SeeFartLoong]

=====

http://www.ciscopress.com/articles/article.asp?p=370636&seqNum=4

Collecting Data

Prior to using coWPAtty, we need to capture a WPA-PSK TKIP/EAP/802.1x negotiation session between an access point and a node. This can be accomplished using any number of sniffers, including Ethereal and tcpdump.

TIP

Older sniffers don't understand all the details of an EAP packet. I had to upgrade to the most recent version of Ethereal to obtain an accurate interpretation of the collected data.

Our illustration is a highly filtered capture of only four packets, each of which represents one of the parts of the four-way handshake. In a normal capture, you would see WLAN management packets and encrypted traffic from other connected devices. You must have all four packets associated with the handshake. The problem is how to differentiate one EAP packet from another.

Fortunately, the 802.11 specifications help. Figures 1-4 provide the details of each individual packet in Ethereal. Note that the ACK flag is set only when the packet originates from the Linksys AP. Also, note the encryption information that appears only in packets 2 and 3. Finally, the Install flag is set only in packet 3, which comes from the authenticator (discussed in part 1 of this series).
Figure 1

Figure 1 Packet 1.
Figure 2

Figure 2 Packet 2.
Figure 3

Figure 3 Packet 3.
Figure 4

Figure 4 Packet 4.

Joshua Wright's tool takes all these differences into consideration and automatically determines whether a packet capture contains the relevant data required to crack WPA. If any one of these packets is missing, cracking efforts will fail.

=====

http://www.ciscopress.com/articles/article.asp?p=370636&seqNum=5

The Achilles Heel

coWPAtty is a password cracker. However, just like all password-cracking tools, it needs a target. In many cases, password crackers simply create a hash of a dictionary word and compare it to an existing password hash to see whether it matches. In other cases, such as this one, the target is not a simple hash of the original password. Instead, the target is buried several layers into the algorithm and requires significant work to attack.

The Achilles heel of WPA is the calculated MIC value that is used to validate messages 2–4 of the four-way handshake. In particular, coWPAtty targets the final EAPoL message; although any would work. Remember that this MIC value is created by passing the entire EAPoL message into an HMAC_MD5 hashing algorithm, which is secured by the MIC Key that was taken from the PTK.

Because both the MIC value (not the key) and the EAPoL message are passed as plaintext, an attacker can focus on the MIC hash value. The challenge is tied to the fact that an attacker must first convert the dictionary word to a PMK, using the correct algorithm with an accurate SSID value. Then the resulting value is plugged into another equation that also requires the MAC addresses and Nonce values of the supplicant and authenticator. The result of this calculation is the PTK, from which the attacker can strip the MIC Key. With this MIC Key, the attacker then performs the same HMAC_MD5 hash on the captured EAPoL message to see whether the selected password produces the same MIC as the captured MIC.

Sounds complex? This is why most of this article focused on the background of WPA-PSK. Imagine trying to explain this process without first describing the PMK, PTK, and their relationships to the MIC Key!

To help clarify how all this works, let's look at a step-by-step illustration revealing how a real four-way handshake can lead to a cracked password.

=====

http://www.ciscopress.com/articles/article.asp?p=370636&seqNum=6

The Crack

First, the assumed and known values:

* SSID: linksys54gh
* SSID Length: 11
* Test password from a dictionary file or STDIN (radiustest)
* The four-way handshake is captured and stored in eapcap2.cap. (Refer to Figure 1.)

NOTE

To help us gain an insider's view of the cracking process, I added a few output commands to coWPAtty. The modifications only provide a look at how the program is collecting and manipulating data to produce its calculated MIC value. Nothing was altered that changes the way in which the program functions.

1. Verification of capture. This part of the program verifies that all the required packets are in the capture file. This objective is accomplished by filtering out all packets that don't include the 802.1x Authentication type flag (0x888E). The remaining packets are then checked to be sure that a complete four-way handshake was captured.
2. The packets are parsed for all relevant information. The following example lists important parts to be used during the cracking process. Figures are taken from previous Ethereal capture images.
* Packet 1 (A>S): Provides no real data for the cracking process.
* Packet 2 (S>A): Provides the SNonce value (green) shown in Figure 5.
Figure 5

Figure 5 Packet 2 with SNonce value highlighted.
* Packet 3 (A>S): Provides the ANonce value (green) and the MAC addresses of both the Authenticator (blue) and Supplicant (red). The MAC addresses could be taken from any one of these packets (see Figure 6).
Figure 6

Figure 6 Packet 3 with ANonce value and MAC addresses highlighted.
* Packet 4: (S>A): Provides the MIC value and EAPoL packet to be used when calculating the test MIC from the generated MIC Key (see Figure 7). Note that the MIC value is added after it's calculated. Until it's added, the data field is filled with 00 bytes.
Figure 7

Figure 7 Packet 4 with EAP frame data and MIC value highlighted.
3. The selected test password is checked to be sure that it's not less than eight or greater than 63 characters, as required by 802.11i.
4. The PMK is generated from the test password, using the following algorithm:

PMK = pdkdf2_SHA1(passphrase, SSID, SSID length, 4096)
PMK = pbkdf2_sha1("radiustest","linksys54gh",11,4096)

5. The PTKs are generated from the PMK, using the following algorithm:

<li><p> = PRF-X(PMK,</p></li>
Len(PMK), "Pairwise key expansion",
Min(AA,SA) || Max(AA,SA) || Min(ANonce,SNonce) || Max(ANonce,SNonce))

PTK = SHA1_PRF(
9e99 88bd e2cb a743 95c0 289f fda0 7bc4 ;PMK
1ffa 889a 3309 237a 2240 c934 bcdc 7ddb
,32,"Pairwise key expansion", ;length of PMK & string
000c 41d2 94fb 000d 3a26 10fb 893e e551 ;MAC and nonce values
2145 57ff f3c0 76ac 9779 15a2 0607 2703
8e9b ea9b 6619 a5ba b40f 89c1 dabd c104
d457 411a ee33 8c00 fa8a 1f32 abfc 6cfb
7943 60ad ce3a fb5d 159a 51f6,76)

PTK = ccbf 97a8 2b5c 51a4 4325 a77e 9bc5 7050
daec 5438 430f 00eb 893d 84d8 b4b4 b5e8
19f4 dce0 cc5f 2166 e94f db3e af68 eb76
80f4 e264 6e6d 9e36 260d 89ff bf24 ee7e

6. A MIC value is calculated, using the MIC Key from the PTK and the EAPoL message:

MIC = HMAC_MD5(MIC Key,
16,
802.1x data)

MIC = HMAC_MD5(
ccbf 97a8 2b5c 51a4 4325 a77e 9bc5 7050 ;first 16 bytes of PTK
,16, ;length of PTK
0103 005f fe01 0900 0000 0000 0000 0000 ;802.1x data
1400 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 )
MIC = d0ca 4f2a 783c 4345 b0c0 0a12 ecc1 5f77

7. The calculated MIC is compared to the captured MIC:

Calculated MIC using EAP frame four with "radiustest" is
d0ca 4f2a 783c 4345 b0c0 0a12 ecc1 5f77

Capture MIC is
d0ca 4f2a 783c 4345 b0c0 0a12 ecc1 5f77

CALCULATED MICS MATCH!!! Congratulations, the PSK is "radiustest".

 

[SeeFartLoong]

FBI tools to helps you to crack WEP WPA wifi security!

http://www.torrentreactor.net/torrents/1793441/FBI-WEP-and-WPA-cracking-tools-and-apps-rar

FBI WEP and WPA cracking tools and apps.rar
Download Torrent Secure download Usenext 5x faster downloads Direct downloads Send report

*
Torrent:
FBI WEP and WPA cracking tools and apps.rar
*
Change name:
You need to register
*
Category:
Software / Windows - Other
*
Change cat.:
You need to register
*
Private Client:
Hide your personal activity while downloading torrents with TorrentPrivacy.com
*
Size:
67 MB
*
Seeds/Leechs:
2/1 Check it now
*
Added:
04/19/2008
*
Last check:
2009-07-13 00:29:59
*
Tracker:
http://tpb.tracker.thepiratebay.org:80
Tracker Rate:2022/1114
*
Comments:

Crack WEP and WPA in no time,

Free internet

*
Change comment:
You need to register
*
Alternative download:
FBI WEP and WPA cracking tools and apps.rar might also be available on Usenet. Get the UseNext Client - Highspeed Access To 300TB of Videos, Games and Music!