×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

49 comments

You Brick My Phone (2)

smitty_one_each (243267) | about a year and a half ago | (#41373651)

You brick my phone
(And I'm not alone)
We'll find us time
For Amish crime [go.com]
Burma Shave

Seriously: great project. As I'm connected using a Galaxy S 2 in hotspot mode as I write this, I may need to have a go at this project.

BREAKING NEWS: SLASHDOT SOLD TO DICE (-1)

Anonymous Coward | about a year and a half ago | (#41373659)

wow. Not sure if that's good or bad.

Re:BREAKING NEWS: SLASHDOT SOLD TO DICE (0, Offtopic)

monkeyhybrid (1677192) | about a year and a half ago | (#41373761)

Yep, Slashdot, SourceForge and Freecode [diceholdingsinc.com] for $20,000,000.

Re:BREAKING NEWS: SLASHDOT SOLD TO DICE (-1)

Anonymous Coward | about a year and a half ago | (#41373963)

Man, Dice got ripped off.

Re:BREAKING NEWS: SLASHDOT SOLD TO DICE (-1)

Anonymous Coward | about a year and a half ago | (#41374133)

The press release ends with "Dice Holdings acquired the business for $20 million in cash. In 2011, the online media properties generated $20 million in Revenues."

Re:BREAKING NEWS: SLASHDOT SOLD TO DICE (0)

Anonymous Coward | about a year and a half ago | (#41375127)

FU to the Android-hating AC who tried to hijack this thread.

This article is plain spam. (-1, Flamebait)

Anonymous Coward | about a year and a half ago | (#41373701)

This article is plain spam.

Re:This article is plain spam. (0, Offtopic)

Anonymous Coward | about a year and a half ago | (#41373803)

Yes it is. Probably a result of Slashdot being bought by dice. I bet we start seeing a lot more of this crap!

Re:This article is plain spam. (1)

arielCo (995647) | about a year and a half ago | (#41373933)

How so? I can't find a single reference to Dice (it's a tech jobs site, right?) in TFA, and they're not selling anything. There's an overview, and they link the source+binaries for you to try (at your own risk).

Re:This article is plain spam. (2, Interesting)

NerdmastaX (1749114) | about a year and a half ago | (#41374013)

yea im gettin away from slashdot if the monster.com equivalent for nerds just bought it.

Re:This article is plain spam. (5, Insightful)

fuzzyfuzzyfungus (1223518) | about a year and a half ago | (#41374101)

This article is plain spam.

Wait: an article about some guys who reverse engineered a (very common) broadcom wireless chipset to add monitor mode to a linux kernel driver(complete with source and instructions on how to brick your own phone) is 'spam'?

What is slashdot for, if not trolling and arguing about linux drivers?

Re:This article is plain spam. (2)

kelemvor4 (1980226) | about a year and a half ago | (#41374219)

This article is plain spam.

Wait: an article about some guys who reverse engineered a (very common) broadcom wireless chipset to add monitor mode to a linux kernel driver(complete with source and instructions on how to brick your own phone) is 'spam'?

What is slashdot for, if not trolling and arguing about linux drivers?

I agree, this article = "News for Nerds."

Re:This article is plain spam. (1)

Anonymous Coward | about a year and a half ago | (#41377075)

I agree, this article = "News for Nerds."

Although, not quite sure if it's "Stuff that Matters".

Re:This article is plain spam. (1)

dave420 (699308) | about a year ago | (#41386399)

I'm pretty sure one of the most popular Android devices ever getting monitor mode (and possibly injection further on down the line) matters...

Re:This article is plain spam. (2)

Penurious Penguin (2687307) | about a year and a half ago | (#41374573)

When I don't prefer my spam with eggs, I often prefer my spam with plain spam. Nothing wrong with spam, is there? What more could you ask for anyway? It's already an exciting 3D representation of an entire pig stuffed into a single tin, with a few elements of modern science added.

~ Plain Spam - The Number One Choice for Spam Purists Since 1970

Strengthen your passwords (4, Informative)

AmiMoJo (196126) | about a year and a half ago | (#41373783)

With modern graphics cards dictionary attacks on WPA2 passwords are realistic. Since everyone carries wifi radios around with them and can gather the necessary data you should probably expect more such attacks on your network in the future.

Re:Strengthen your passwords (1)

BlackSupra (742450) | about a year and a half ago | (#41374193)

What is the best Wifi Encryption?

My Router offers:
* WPA(TKIP)
* WPA2(AES)
* WPA2 Mixed

Re:Strengthen your passwords (4, Informative)

L4t3r4lu5 (1216702) | about a year and a half ago | (#41374249)

WPA2(AES) is the most secure, as long as your vendor implemented it properly.

Re:Strengthen your passwords (4, Informative)

spectrokid (660550) | about a year and a half ago | (#41374301)

Use AES with a very long random gobbledigook password. Write the password down on the back of your router. from wikipedia:
Weak password Shared-key WPA remains vulnerable to password cracking attacks if users rely on a weak password or passphrase. To protect against a brute force attack, a truly random passphrase of 13 characters (selected from the set of 95 permitted characters) is probably sufficient.[12] To further protect against intrusion, the network's SSID should not match any entry in the top 1000 SSIDs[13] as downloadable rainbow tables have been pre-generated for them and a multitude of common passwords.

Re:Strengthen your passwords (2, Funny)

DickBreath (207180) | about a year and a half ago | (#41374633)

That is good advice. After you determine what you will use as a long cryptic password, you should set the SSID to be the same as the password to eliminate the possibility of forgetting the password. Also when guests are over, it is easy to tell them that the password is the SSID that their phone/laptop/tablet just scanned. Since the scanned SSID still has a lock icon next to it in the list of nearby WiFi routers, it is secure.

Re:Strengthen your passwords (1)

srussia (884021) | about a year and a half ago | (#41374679)

Use AES with a very long random gobbledigook password. Write the password down on the back of your router.

My handwriting constitutes a higher encryption level than AES-256, you insensitive clod!

Re:Strengthen your passwords (0)

Anonymous Coward | about a year and a half ago | (#41375613)

To further protect against intrusion, the network's SSID should not match any entry in the top 1000 SSIDs[13] as downloadable rainbow tables have been pre-generated for them and a multitude of common passwords.

This is stupid. Why does this mean I need a weird SSID? Shoot, leave the default SSID if you want. Just pick a strong password.

Re:Strengthen your passwords (0)

Anonymous Coward | about a year and a half ago | (#41374401)

Just use a friggin cable. End of story.

Re:Strengthen your passwords (0)

Anonymous Coward | about a year and a half ago | (#41374505)

It's a wireless cable.

Re:Strengthen your passwords (0)

Anonymous Coward | about a year and a half ago | (#41375763)

Where do I plug in this cable on my phone and tablet?

Re:Strengthen your passwords (3, Informative)

fuzzyfuzzyfungus (1223518) | about a year and a half ago | (#41374201)

It doesn't help entities that are likely to be targets of directed attacks(either high value institutional targets, who ideally aren't using PSK and are rotating passwords properly, or people with psycho and/or prankster neighbors); but the easiest way to keep people out of your network, for most of us, might actually to be to give them some of what they want.

APs with multiple radios, or chipsets capable of handling multiple SSIDs with distinct security and routing rules, are increasingly common and cheap. If you broadcast an open SSID(all traffic originating from there QoS tagged as lower priority than traffic from your internal network, naturally) that dumps anybody who connects straight to the internet, no connection to the internal network or router configuration interfaces(through Tor if you are really worried about somebody's warez and/or kiddie porn pointing back to you), that removes the bulk of most people's interest in cracking your network itself...

Re:Strengthen your passwords (0)

Anonymous Coward | about a year and a half ago | (#41379177)

Bad advice. Bad, bad advice.
Bank manager: To deter thieves from stealing from us, the tellers must scatter some money on the floor of the branch every morning.

Re:Strengthen your passwords (1)

Yvanhoe (564877) | about a year and a half ago | (#41380343)

I used to do that, then my government (France) declared that any act committed from my IP address was my responsibility and that if I don't protect my access, my connection can be cut. It kinda slowed me down...

Re:Strengthen your passwords (3, Informative)

Penurious Penguin (2687307) | about a year and a half ago | (#41374279)

It uses the aircrack suite and supports injection. I imagine if people write convenient scripts for this software, it could get pretty popular. I've never owned a smartphone and don't know what their ranges are, but if they are close to a half-height mini-PCI, then this is a pocket sized menace indeed. Throw in the Cloud, rainbow tables, mega dictionaries and so on, and you get action. I have no doubt that many people will use such an application just as a novelty (because they can) -- but others may opt for more. Of course, those who don't use common ESSIDs and use peculiar passwords along with WPA2, they should have nothing to worry about. The rest, however, should definitely start with stronger passwords.

For example, someone can crack your WEP regardless of your password; but to enter the router where the real fun can begin, they would encounter great difficulty if a strong password and unique user ID were set. Verizon figured this out some time ago [slashdot.org]. A strong password could limit an "attacker" to simply using your network. While stronger passwords are a good idea, it shouldn't be one's only recourse though.

Re:Strengthen your passwords (0)

Anonymous Coward | about a year and a half ago | (#41378857)

It doesn't support injection - that is on the list of future work. I have heard that injection support is a tough cookie to crack with Broadcom chips so I (no disrespect to the developers) won't hold my breath. WEP stations are quickly losing ground to WPA and becoming the exception rather than the rule so I don't think injection is as great a feature as it used to be for penetration testers.

Re:Strengthen your passwords (1)

mjwx (966435) | about a year and a half ago | (#41381699)

Of course, those who don't use common ESSIDs and use peculiar passwords along with WPA2, they should have nothing to worry about.

This,

The point of security is not to be uncrackable but to be so difficult and time consuming to crack that an attacker simply gives up (combined with the risk of being detected/caught). The threats to my wireless network consist almost entirely of local neighborhood script kiddies who want free internet, a 64 character randomly generated WPA2 key ensures they'll move onto softer targets before too long.

Re:Strengthen your passwords (1)

Anonymous Coward | about a year and a half ago | (#41374611)

lol google REAVER.

there is no strength that matters anymore. time is all you need.

Re:Strengthen your passwords (2)

Penurious Penguin (2687307) | about a year and a half ago | (#41375257)

And how much time would you need to crack a password such as:
GrimTittyPat00shkinGarment
?
Time is all we have. Why squander millennia on a mediocre password? Also, it's not the weakness of passwords, but the weakness of protocols here. Install proper firmware that does not support WPS and REAVER becomes little more than aircrack. With a solid WPA2 setup on open-wrt, I'd relax and not even bother monitoring my network traffic whilst surrounded by hostile REAVER users.

Re:Strengthen your passwords (0)

Anonymous Coward | about a year and a half ago | (#41376265)

GrimTittyPat00shkinGarment

That's amazing. I've got the same combination on my luggage!

Re:Strengthen your passwords (1)

neokushan (932374) | about a year ago | (#41385931)

REAVER takes advantage of a vulnerability in the implementation of WPS in some (many?) routers. It's not the be-all and end-all, if the router is patched or simply not vulnerable, then the same rules apply.

It also doesn't (currently) work on Android.

N900 (0, Offtopic)

Anonymous Coward | about a year and a half ago | (#41373807)

This constitutes as news?

Why waste time waiting for years and then implementing something on the Android platform which doesn't lend itself well to porting that sort of thing when you can just get an N900 which already has all of those "common 802.11 pwnage tools" they're using.

Re:N900 (2)

fuzzyfuzzyfungus (1223518) | about a year and a half ago | (#41374127)

"As you know, ah, you write software to go with the hardware you have---not the hardware you might want or wish to have at a later time."

Re:N900 (1)

neokushan (932374) | about a year ago | (#41385941)

I don't know who you're quoting, but the random "ah" means I'm guessing it's John Carmack?
He makes lots of odd noises in his speech.

Re:N900 (1)

dave420 (699308) | about a year ago | (#41386373)

... and none of the decent software available on Android. I know you're all butthurt because your favourite device is laughed at for being a massive, strange, ineffective beast of a phone, but that doesn't mean you should lash out at Android devices. If you really want a pissing competition, you can just read all the things Android does which the N900 doesn't. Grow the fuck up.

Awww yeah aircrack-ng port to Android! (0)

Anonymous Coward | about a year and a half ago | (#41375117)

Monitor mode is the first step, I would like to see this app developed for da Droid. Should be an easy port...and since my old laptop with a 800Mhz PIII could find a wep key in about 3 minutes, I'm sure these new 1ghz dual core phone processors can do it in about 90 seconds or less. For penetration "research" purposes of course, I don't condone the use of such tools for nefarious resaons. Yadda Yadda Yadda, you know the deal.

Re:Awww yeah aircrack-ng port to Android! (1)

norminator (784674) | about a year and a half ago | (#41378077)

You realize that a 1GHz ARM CPU in your phone isn't nearly as "fast" as a 1GHz x86 CPU, and that a dual core processor also doesn't actually mean it's twice as fast, right?

Re:Awww yeah aircrack-ng port to Android! (0)

Anonymous Coward | about a year and a half ago | (#41378755)

Well that laptap can't run google earth, but my phone can :/ I'd say the processing power is on par at least. Sorry I didn't run cpuMark on both first to give you the exacting crunching numbers on both items. My bad :P Since Android is basically a smoothed over version of Linux anyway, a port of aircrack-ng and other related programs should be a snap. Which would be my point in the previous post, the actual processing power of any computing device isn't really an issue since the lightweight ***-ng programs are blazing fast even in brute force mode on highly outdated hardware.

Re:Awww yeah aircrack-ng port to Android! (1)

MrDoh! (71235) | about a year and a half ago | (#41380117)

You realise that these phones can send emails/ftp/ssh the dump back to your real machine(s) with high end gpus, and wait for the password to appear. right? I
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...