Wednesday, January 23, 2008

New Methods of Hacking

This is where I will be talking about the new generation of hacking and theories.

Password Profiling
Okay, so everyone knows that the current brand of password cracking involves one of three different methods. One is a dictionary attack using real words from a dictionary list. Another is a brute force attack that systematically tries every possible number, letter, and character combination over a large amount of time. The third is to use a rainbow table.

What if there was an easier method to discover someone's password, that doesn't use random generation, but profiling? That is, a program that can scan a person's personal folders and files and look for patterns.

It looks as though the Wyd Password Profiler will do just that. By looking for patterns in the targets behavior or personality, the program is able to construct viable passwords.

As an example: Tom loves baseball. He has pictures of his favorite team, scores, screen savers, etc stored on his system. It is logical, therefore, that his password will contain something about this sports team, or one of the players. By knowing this information, the attacker can focus on that attack vector, instead of running a dictionary attack list that may only contain the word baseball (which would not be sufficient).

The purpose of this type of attack is not to build an extensive list to attack the victim with, but is instead used to take out false positives, and narrow down the possible passwords significantly.

Rogue Access Point Attack

Remember Microsoft Windows' ability to automatically connect you to your favorite networks? Well, that may not be the best feature Microsoft has thought up. By exploiting a bug in the wireless manager, an attacker can sniff out your favored networks, and change the SSID of their rogue network to match it. Windows will automatically connect you to that network, without alerting you. At this point, they are free to start scanning your computer, transmit malware, or or use a program like wireshark to capture your packets.

More information on this attack can be found here.

However, there is a potential defense against this, which uses the same program used to disconnect the victim from a good network (void11) and uses a matchlist that you generate to automatically refuse connections. However, it is limited to prism cards, and requires a bit of technical knowledge. You can find information on it here.

No comments: