Skip to main content


Showing posts from January 29, 2012

3.4.8 IV Attack

IV attack An initialization vector (IV) is an arbitrary number that can be used along with a secret key for data encryption. This number, also called a nonce, is employed only one time in any session. Initialization vectors are used to prevent a sequence of text that is identical to a previous sequence from producing the same exact ciphertext when encrypted. The IV prevents the appearance of corresponding duplicate character sequences in the ciphertext. The use of an IV prevents repetition in data encryption, making it more difficult for a hacker using a dictionary attack to find patterns and break a cipher. The initialization vector (IV) that WEP uses for encryption is 24-bit, which is quite weak and IVs are reused with the same key. By examining the repeating result, it is easy for miscreants to crack the WEP secret key, known as using an IV attack. An IV attack is usually associated with the WEP wireless protocol. References:

3.4.7 War chalking

War chalking Warchalking is the drawing of standard iconography (often in chalk) in public places to advertise an open Wi-Fi wireless network. Warchalking involves those who discover a way into the network leaving signals on, or outside, the premise to notify others of the vulnerability. References:

3.4.6 Bluesnarfing

Bluesnarfing Bluesnarfing is much more serious than Bluejacking, but both exploit others' Bluetooth connections without their knowledge. Bluesnarfing enables gaining unauthorized access through a Bluetooth connection. This access can be gained through a phone, PDA, or any device using Bluetooth. Once access has been gained, the attacker can copy any data in the same way they would with any other unauthorized access. References: CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney

3.4.5 Bluejacking

Bluejacking Bluejacking is the sending of unsolicited messages (think spam) over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field to another bluetooth enabled device via the OBEX protocol. Bluejacking takes advantage of a loophole in the technology's messaging options that allows a user to send unsolicited messages to other nearby Bluetooth owners. Bluetooth technology operates by using low-power radio waves, communicating on a frequency of 2.45 gigahertz. This special frequency is also known as the ISM band, an open, unlicensed band set aside for industrial, scientific and medical devices. When a number of Bluetooth devices are switched on in the same area, they all share the same ISM band and can locate and communicate with each other, much like a pair of walkie talkies tuned to the same frequency are able to link up. Bluetooth technology users take advantage of this

3.4.3 Evil Twin

Evil Twin Evil twin attack is a term for a rogue Wi-Fi access point (AP) that appears to be a legitimate, but actually has been set up by a hacker to eavesdrop and intercept wireless communications among Internet surfers. It is an attack in which unsuspecting Wi-Fi users are tricked into associating with a phony wireless Access Point. Also known as AP Phishing, Wi-Fi Phishing, Hotspotter, or Honeypot AP, these attacks use phony APs with faked login pages to capture credentials and credit card numbers, launch man-in-the-middle attacks, or infect wireless hosts. Evil twin is the wireless version of e-mail phishing scams. An attacker tricks wireless users into connecting a laptop or mobile phone to a rogue hotspot by posing as a legitimate provider. By imitating the name of another, legitimate wireless provider, they can fool people into trusting the internet services that they are providing. When the users log into bank or e-mail accounts, the phishers have access to the entire tr

3.2.14 Transitive Access

Transitive access Transitive – Passing over to or affecting something else. Transitive access is a problem when inadvertent (and possibly unauthorized) access results for a set of related and authorized access. With transitive access, A trusts B, if B then trusts C, then a relationship can exist where C is trusted by A). In a transitive trust relationship, the relationship between A and B flows through such that A now trusts C. In all versions of Active Directory, the default is that all domains in a forest trust each other with two-way transitive trust relationships. While this process makes administration much easier when you add a new child domain (no administrative intervention is required to establish the trusts), it leaves open the possibility of a hacker acquiring more trust than they should by virtue of joining the domain. References: CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney

3.2.13 DNS poisoning and ARP poisoning

DNS poisoning and ARP poisoning DNS and ARP poisoning are types of man-in-the-middle (MITM) attacks, which are types of spoofing attacks. A spoofing attack is an attempt by someone to masquerade as someone else. Address Resolution Protocol (ARP) cache poisoning (sometimes also known as ARP Poison Routing) allows an attacker on the same network segment (subnet) as its victims to eavesdrop on all network traffic between the victims. ARP poisoning, tries to convince the network that the attacker's MAC address is the one associated with an IP address so that traffic sent to that IP address is wrongly sent to the attacker's machine. In ARP poisoning, the MAC (Media Access Control) address table of the victim host is ‘poisoned’ with false data. Incorrect data for a victim host is interjected into the MAC table of the victim host to force the victim to communicate with the wrong host. By faking this value, it is possible to make it look as if the data came from a network that