WEP Cracking for Mac OS X - Slashdot

Please create an account to participate in the Slashdot moderation system

×

WEP Cracking for Mac OS X 29

Posted by pudge on Wednesday December 04, 2002 @06:41AM from the holiday-hacking dept.

Randar the Lava Liza writes "Finally there is a tool to put default Apple AirPort hardware into monitoring mode for wireless security analysis. KisMAC is a variant of Kismet that runs natively on Mac OS X. It requires a special driver to be installed to run the AirPort hardware in monitoring mode, and has built-in WEP cracking tools once enough weak packets have been sniffed."

This discussion has been archived. No new comments can be posted.

WEP Cracking for Mac OS X

Load All Comments

Search 29 Comments Log In/Create an Account

Comments Filter:

Great (Score:1, Troll)

by AndyAMPohl ( 573700 ) writes:

The submitter makes it sound like this is good news. What's so good about rooting for hackers? Maybe it's crackers I'm thinking of. I never know what is a good faith gesture from these guys. If you're going to try and fix a problem with some security thing, why not just point out what the problem is and how to reproduce it? Why go to the bother of making robust cracking software to exploit that particular problem unless you're actually a bad person doing bad things with a computer?

Andy
- Re:Great (Score:5, Insightful)
  
  by Anonymous Coward writes: on Wednesday December 04, 2002 @07:23AM (#4809073)
  
  One of the reasons why after a vulnerability has been discussed an easy to use exploit is a good thing is the tendency of higher-ups to disregard security risks which are only exploitable by a select few. WEP is not what its name suggests, but it is still the only line of defense in many wireless networks because the risk of being attacked still appears to be low. That has got to change.
  
  Parent Share
  twitter facebook
- Re:Great (Score:3, Insightful)
  
  by tbmaddux ( 145207 ) writes:
  
  Why go to the bother of making robust cracking software to exploit that particular problem unless you're actually a bad person doing bad things with a computer?
  
  Such software in general needn't only be used by blackhats. Whitehats can use it to test the security of their own systems.
  In this particular case, it could be used to see how exposed the rest of the internal network is to a lousy security scheme (WEP).
  Besides, these tools already exist on other platforms, so it's not like the blackhats suddenly have something they didn't have before to make our lives miserable.
  - Re:Great (Score:2, Insightful)
    
    by sco08y ( 615665 ) writes:
    
    Yup. If I wanted to make the case that we still need a VPN even with WEP to a suit, it would be nice to actually crack the WiFi network and give them proof. Especially if I could show that someone could just sit outside the building and break it.
  - Re:Great (Score:1)
    
    by stoney27 ( 36372 ) writes:
    
    Besides, these tools already exist on other platforms, so it's not like the blackhats suddenly have something they didn't have before to make our lives miserable.
    
    Now they can do it with style. The TiBooks are very C00L ;)
    
    -S
- Re:Great (Score:5, Informative)
  
  by Permission Denied ( 551645 ) writes: on Wednesday December 04, 2002 @11:29AM (#4810274) Journal
  
  Consider this analogy:
  MacOS X Server 10.1 used netinfo for authentication of client machines. The way it worked is that password hashes were stored in netinfo and netinfo was readable to the world (eg, it posted /etc/passwd on the Internet).
  The bosses would not believe this was a problem until I showed them how I could download all the password hashes from any arbitrary machine on the Internet and subsequently ran a cracker which found a large number of weak passwords.
  In fact, they failed to see the scope of the problem (it was completely debilitating) as they only saw me typing a bunch of commands and their eyes glazed over. If there were some point-and-click Mac toy that would download the hashes, run Crack in the background and report results, it may have convinced them of just how serious a problem it was. In fact, I considered writing such a GUI tool because I'm genuinely concerned about shops that buy MacOS X Server and don't have a *nix admin.
  Similarly, some people still don't understand that WEP is 100% useless (you can break it from a Palm for God's sake). I recommend completely turning off WEP so your users understand that any traffic going over wireless is world-readable. This may convince them to avoid plain-text password protocols and check that when they type their credit card numbers the site is using strong SSL. I've seen people send their credit card numbers over email, so this is absolutely necessary.
  WEP crackers are not in any way "hacker" or "cracker" tools, and I doubt they are widely used for illegitimage purposes - I would venture that many more people use netstumbler and airsnort to convince others that WEP is useless. Lowering the bar so there's some point-and-click tool that your grandmother can download is a good thing, since there is nothing "hard" about cracking WEP and people need to understand that.
  
  Parent Share
  twitter facebook
Good/Bad (Score:4, Interesting)

by Tug3 ( 567419 ) writes: on Wednesday December 04, 2002 @07:10AM (#4809051)

I would say this is good news.

At least I have been waiting for one. There is definate (legal) use for this, when you have to test you company's / other network. And specially if you have to prove the vulnerability to your boss.

I know it's been available for ages to Linux platform, but as a TiBook user I had to use someone elses laptop for this. Now it's finally available for OS X...
OK, I know you can use it for criminal activity too. But, as it is available on other platforms already I don't see the problem with it becoming available for new ones too... ...after all you can use even you car to good or bad - not even mentioning firearms... (Well, seems that I just did.)

Share
twitter facebook
Apple Laptops are not ideal for WiFi hacking (Score:3, Interesting)

by siferhex ( 321391 ) writes: on Wednesday December 04, 2002 @10:14AM (#4809682)

Because of the inaccessability of AirPort cards in Apple's laptops it's difficult to attach an external antenna to the cards. Without an external antenna one tends to be much more conspicuous sniffing a network as you've got to be in the thick of it.
IMHO this release is a good thing, as people mostly want to scout out their own networks to help set up coverage, monitor interference, etc. and Kistmet is an excellent program for doing so.

Share
twitter facebook
- Re:Apple Laptops are not ideal for WiFi hacking (Score:1)
  
  by Rommel ( 33210 ) writes:
  
  I think Apple's laptops already have an antenna. It's not external to the laptop, but it is external to the card itself.
  
  Do WiFi sniffers use extra big external antennas?
  - Re:Apple Laptops are not ideal for WiFi hacking (Score:1)
    
    by martingunnarsson ( 590268 ) writes:
    
    Yes, they have built in antennas (just like the new iMac:s), but if you want to sniff a wireless network you probably want to have some kind of long range antenna.
    - Re:Apple Laptops are not ideal for WiFi hacking (Score:1)
      
      by sco08y ( 615665 ) writes:
      
      Just typing on my iBook now... it's actually quite accessible, only you'd have to pop the keyboard off. Since this only takes a few moments, I don't think it'd be a huge issue.
      - Re:Apple Laptops are not ideal for WiFi hacking (Score:2)
        
        by anarkhos ( 209172 ) writes:
        
        I have a new TiPB and it isn't as easy. You have to remove the bottom panel.
        
        If I heavily get into 802.11b I'll likely look for an easier way. However by then cracking tools will be available for 3rd party cards like the EnGenius Senao or whatever.
- Re:Apple Laptops are not ideal for WiFi hacking (Score:2, Informative)
  
  by sco08y ( 615665 ) writes:
  
  You're in the thick of it, granted, but as far as they can tell you haven't got any 80211.b card at all. You can tell them, hey, I'm just using my laptop. Go look for someone with an external antenna.
bah! (Score:1)

by 1155 ( 538047 ) writes:

anyone got a mirror, this seems to be appledotted... :)

Actually, this is a good thing, I can finally convince my employer that maybe it's not such a good idea, as anyone with a mac can login.
- - Re:Is all WEP protection useless? (Score:1)
    
    by andyhuey ( 585336 ) writes:
    
    I'm using alleged 128-bit WEP encryption. Are y'all saying it's useless?
    A line I've heard repeated a few times recently is that turning WEP on is basically enough to indicate to people that your network is private. Honest, courteous, people will understand that and keep out. Anyone who's determined to break in, though, will have a fairly easy time of it.
    What I'm curious about is whether or not anyone has come up with a wireless access point that integrates something more robust on top of WEP, in a consumer-friendly, easy-to-use way.
- Re:bah! (Score:3, Informative)
  
  by Pathwalker ( 103 ) writes:
  
  Yep - seems to be down now.
  
  If you want the binary, you can grab it from my box here [ofdoom.com] - I didn't save any of the web pages.
- Re:bah! (Score:1)
  
  by bearded_yak ( 457170 ) writes:
  
  VersionTracker has it:
  
  http://www.versiontracker.com/moreinfo.fcgi?id=171 99&db=mac [versiontracker.com]
  
  -Bearded Yak
  - Re:bah! (Score:1)
    
    by bearded_yak ( 457170 ) writes:
    
    Never mind, thought their site pointed to somewhere else for the file. It just points to the same site, which still has some problems apparently.
Kismac not related to kismet (Score:5, Informative)

by Anonymous Coward writes: on Wednesday December 04, 2002 @09:48PM (#4815562)

Just for the record - kismac is NOT a variant of kismet. Kismac is, to the best of my knowledge, closed source and as such is unrelated to the Kismet GPL codebase.

For those interested, Kismet SHOULD have native OSX support, also using the viha drivers, in the 2.8 release. Stay tuned to the development changelogs. Anyone interested in furthering development (I don't have an OSX box) are welcome to drop by in #kismet on openprojects.net

-dragorn

Share
twitter facebook
Fuck Yeah! (Score:4, Interesting)

by Anonymous Coward writes: on Thursday December 05, 2002 @03:34PM (#4820430)

It's about time OS X got decent wifi drivers! From what I can tell, it's really the ViHa driver we have to thank here. KisMAC is just a pretty cocca frontend.

Since reading the story yesterday, I've already found a number of non-broadcast networks in my area that MacStumbler couldn't see.

The Viha driver removes your network interface, though, so ifconfig en1 says interface en1 does not exist and you can't sniff with ethereal et al while scanning. KisMAC dumps pcap files though, so you can examine your captured data after the fact with the tool of your choice.

Thanks much to the ViHa people for writing this awesome driver!

Share
twitter facebook
- Re:Fuck Yeah! (Score:1)
  
  by love_fsd ( 633147 ) writes:
  
  hello miss pleaze send your all picture sex and young hard fuck picture and different style i will wait your picture

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

413 commentsChatGPT Leans Liberal, Research Shows
347 commentsAmazon CEO Says 'It's Probably Not Going To Work Out' For Employees Who Defy Return-to-Office Policy
327 commentsHotel Owners Start To Write Off San Francisco as Business Nosedives
323 commentsChina is Building Nuclear Reactors Faster Than Any Other Country
315 commentsChina is Calling in Loans To Dozens of Countries

Dynamically binding, you realize the magic. Statically binding, you see only the hierarchy.