WPA’s TKIP cracked in 12 to 15 minutes

According to several sources, security researchers Erik Tews and Martin Beck have found a way to break the Temporal Key Integrity Protocol (TKIP) key used by WPA. Cracking the TKIP key was never thought to be an impossible feat and it was previously thought that the angle of attack would be via a massive dictionary attack over an extended period of time.

Tews and Beck, however, did not use a dictionary attack to crack TKIP. According to Dragos Ruiu (via this Network World article), the organizer of the PacSec conference where Tews plans on discussing the crack, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a “mathematical breakthrough,” that lets them crack WPA much more quickly than any previous attempt.

And how long did it take Tews and Beck….12 to 15 minutes.

Beck, creator of the Aircrack security tool, has also added the ability to exploit this weakness over the past two weeks. Note, this attack only impacts WPA and not WPA2, which is still deemed “safe”. Over the past few years people who were using WEP, which was determined to be an unsafe and easy to crack protocol, were advised to switch over to WPA due to prevent an attack of this magnitude. Now many enterprise customers will be left scratching their heads and wondering how long it will be until they have to switch to something other than WPA2…and at what cost.

From Andrew Hay’s Blog.


DEFCON 16: List of tools and stuff released

DEFCON, the 9000+ attendee hacker conference in Vegas has become a sort of hydra conference. It has become more like a global fair than what most people think of conferences; even the badge is highly unique.

I say this because there are so many things to do at DEFCON, other than going to talks, that you could spend your whole weekend looking at the “World’s Largest Boar!”, so to speak. One of the CTF (Capture the Flag) contest winners this year actually exclaimed that he only made it to 2 talks in 12 years! I am also one of those individuals who barely get a chance to go to talks and now that the speaker pool is so diverse, it’s hard to find all of the “stuff” they release.

Before anyone has a chance to post “it’s all on the DEFCON CD dummy,” I want to challenge them to try. After a weekend of googling (which came back with few results) and making contact with some of the speakers, I provide you with a mostly accurate list of “stuff” that was released at DEFCON this year. If any of the information is inaccurate, or a tool is missing, please contact me and I will update this post.

Posted by Ryan Naraine at ZDnet.

USB Snoop: A USB Sniffer

USBSnoop is a program (driver) that logs the USB data exchange between hardware and device driver. Best part is, it is OPEN SOURCE.

It is based on the WDM architecture (Windows Driver Model), which supports the insertion of a filter between device drivers. In this case, the filter itself is a driver.

Also, it is very easy to install. All you need to do is copy the driver to your ‘drivers’ directory (normally c:\windows\system32\drivers for Windows XP & c:\WINNT\system32\drivers for Windows 2000). Then, you need to configure the sniffer front-end sniffusb.exe and then use the device that needs to be sniffed. This program saves the logs in your Windows drive with the name usbsnoop.log

This application is compatible with Windows 98, Windows 2000, Windows XP.

Download the latest version (though not updated in a LONG time) here (version 1.8).

Homepage: http://benoit.papillault.free.fr/usbsnoop/

Found on Meta-Human.net.

DecaffeinatID: A Very Simple IDS

This project started because I wanted a simple ARP Watch like application for Windows. In a short matter of time, feature creep set in. DecaffeinatID is a simple little app that acts as an Intrusion Detection System (more of a log watcher really) to notify the user whenever fellow users at their local WiFi hotspot/ LAN are up to the kind of “reindeer games” that often happen at coffee shops and hacker cons. For more information on the sort of attacks I’m talking about see my article Caffeinated Computer Crackers.  It’s not meant to be a replacement for something more feature rich (but complicated) like Snort. DecaffeinatID watches the Windows logs for three main things and pops up a message in the Windows Systray when it sees any of the following:

Read more and download DecaffeinatID from Irongeek.


Many (if not most) VoIP devices have available a Web GUI for their configuration, management, and report generation. These Web GUIs are often on default, meaning that the moment you install the IP phone or IP PBX, the Web GUI is immediately available on the network. And unfortunately it is also common for the username and password to have the default values. Sipflanker will help you find these SIP devices with potentially vulnerable Web GUIs in your network.

Download it here

You can find a list of default IP phones and other SIP devices here.

Disguise your Surfing Traffic with AntiPhorm

AntiPhorm (Lite) is a surfing simulator that runs independently and silently in the background of your PC. It connects to the web and intelligently simulates natural surfing behavior across thousands of customizable topics while you surf the web for your own special interests, or while you do something else entirely. This creates a background of noise blurring, disguising and inverting your own online interests from prying eyes. We believe our technology is indistinguishable from that of a typical user engaging the internet. To support this claim we have introduced a preview mode that works with any of your preferred browsers, and together with a detailed reporting system and a host of custom options each AntiPhorm Lite user can appear unique.

If you suspect your data is being tracked and sold, a solution is to make the data they collect absolutely worthless. At least now you have that option.

Download AntiPhorm Lite.

Pass-The-Hash Toolkit

Pass-The-Hash Toolkit v1.2 is available.

What is Pass-The-Hash Toolkit?

Pass-The-Hash Toolkit contains utilities to manipulate the Windows
Logon Sessions maintained by the LSA (Local Security Authority)
component. These tools allow you to list the current logon sessions
with its corresponding NTLM credentials (e.g.: users remotely logged in
thru Remote Desktop/Terminal Services), and also change in runtime the
current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on

Direct download links:
source code:

More info:

what's new:

From Hexale.