http://wiki.cas.mcmaster.ca/index.php?title=Information_security_awareness&feed=atom&action=historyInformation security awareness - Revision history2024-03-28T08:27:34ZRevision history for this page on the wikiMediaWiki 1.15.1http://wiki.cas.mcmaster.ca/index.php?title=Information_security_awareness&diff=825&oldid=prevXuanz2 at 00:20, 10 December 20072007-12-10T00:20:50Z<p></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 00:20, 10 December 2007</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 20:</td>
<td colspan="2" class="diff-lineno">Line 20:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div> Brief WEP attack steps:</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div> Brief WEP attack steps:</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> </del>1. Configure the wireless card to monitor mode</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> </ins>1. Configure the wireless card to monitor mode</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> </del>2. Start capturing all traffic packets that contain initialization vectors (IVs)</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> </ins>2. Start capturing all traffic packets that contain initialization vectors (IVs)</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> </del>3. Fake authenticate to the target network</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> </ins>3. Fake authenticate to the target network</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> </del>4. Listen for address resolution protocol (ARP) requests and replay them back, so that new IVs are generated quickly</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> </ins>4. Listen for address resolution protocol (ARP) requests and replay them back, so that new IVs are generated quickly</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> </del>5. Use a cracking tool like aircrack-ng to analyze all the IVs and get the WEP key</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> </ins>5. Use a cracking tool like aircrack-ng to analyze all the IVs and get the WEP key</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Wireless sniffing ===</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Wireless sniffing ===</div></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 36:</td>
<td colspan="2" class="diff-lineno">Line 36:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div> Brief side-jacking attack steps:</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div> Brief side-jacking attack steps:</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> </del>1. Connect to a public network or piggyback to a private network</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> </ins>1. Connect to a public network or piggyback to a private network</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> </del>2. Crack the network using the previous method if the network is encrypted</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> </ins>2. Crack the network using the previous method if the network is encrypted</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> </del>3. Start capturing all traffic packets, save all HTTP headers</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> </ins>3. Start capturing all traffic packets, save all HTTP headers</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> </del>4. Analyze all the cookies and corresponding URLs in the headers or use tools like Ferret</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> </ins>4. Analyze all the cookies and corresponding URLs in the headers or use tools like Ferret</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> </del>5. Replay these cookies to their corresponding web pages</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> </ins>5. Replay these cookies to their corresponding web pages <ins class="diffchange diffchange-inline">to fake original sessions</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Passwords cracking ===</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Passwords cracking ===</div></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 50:</td>
<td colspan="2" class="diff-lineno">Line 50:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div> Brief rainbow table attack steps:</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div> Brief rainbow table attack steps:</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> </del>1. Obtain the hash function and password hashes of target</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> </ins>1. Obtain the hash function and password hashes of target</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> </del>2. Generate the rainbow table corresponding to the hash function, if it does not already exists online</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> </ins>2. Generate the rainbow table corresponding to the hash function, if it does not already exists online</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> </del>3. Compare passwords hashes to the table indexes and find the plain text</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> </ins>3. Compare passwords hashes to the table indexes and find the plain text</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== Discussion ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== Discussion ==</div></td></tr>
<!-- diff generator: internal 2024-03-28 08:27:34 -->
</table>Xuanz2http://wiki.cas.mcmaster.ca/index.php?title=Information_security_awareness&diff=824&oldid=prevXuanz2 at 00:16, 10 December 20072007-12-10T00:16:52Z<p></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 00:16, 10 December 2007</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 19:</td>
<td colspan="2" class="diff-lineno">Line 19:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>A tools set called Aircrack-ng is worth to be mentioned here, as it is currently the most popular tool to crack wireless networks. It provides a whole set of programs to crack wireless networks, including adapter configuration, fake authentication, de-authentication, passwords cracking, etc., and the only thing it requires is a good wireless card.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>A tools set called Aircrack-ng is worth to be mentioned here, as it is currently the most popular tool to crack wireless networks. It provides a whole set of programs to crack wireless networks, including adapter configuration, fake authentication, de-authentication, passwords cracking, etc., and the only thing it requires is a good wireless card.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div> Brief attack steps:</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> Brief <ins class="diffchange diffchange-inline">WEP </ins>attack steps:</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div> 1. </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> 1. <ins class="diffchange diffchange-inline">Configure the wireless card to monitor mode</ins></div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div> 2.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> 2. <ins class="diffchange diffchange-inline">Start capturing all traffic packets that contain initialization vectors (IVs)</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> 3. Fake authenticate to the target network</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> 4. Listen for address resolution protocol (ARP) requests and replay them back, so that new IVs are generated quickly</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> 5. Use a cracking tool like aircrack-ng to analyze all the IVs and get the WEP key</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Wireless sniffing ===</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Wireless sniffing ===</div></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 28:</td>
<td colspan="2" class="diff-lineno">Line 31:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>There are a lot of tools, such as Wireshark and Kismet, can be used to sniff the network. They are not very easy to use, but they also do not require any particularly deep knowledge to use. Most of these tools offer good GUI for the users, and the presentation of sniffed data is usually very clear and organized.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>There are a lot of tools, such as Wireshark and Kismet, can be used to sniff the network. They are not very easy to use, but they also do not require any particularly deep knowledge to use. Most of these tools offer good GUI for the users, and the presentation of sniffed data is usually very clear and organized.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div>One thing should be noted here is that although a lot of websites use encryption when they are expecting passwords from users, many of them do not use encryption after the authentication since usually the only critical information being transferred is passwords. However, this brings a serious problem. Since during the session after authentication, the website stores the session information in cookies, which are not encrypted. These session data can be sniffed and replayed by an attacker to gain access to the website. For example, if a Hotmail user has checked the "remember my password" option, and if an attacker sniffs the session id contained in the user's cookies, the attacker then can access to the user's Hotmail account without even knowing the actual password at any time. <del class="diffchange diffchange-inline">(As a side notice</del>, <del class="diffchange diffchange-inline">GMail is not vulnerable to this kind of attack</del>.<del class="diffchange diffchange-inline">)</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>One thing should be noted here is that although a lot of websites use encryption when they are expecting passwords from users, many of them do not use encryption after the authentication since usually the only critical information being transferred is passwords. However, this brings a serious problem. Since during the session after authentication, the website stores the session information in cookies, which are not encrypted. These session data can be sniffed and replayed by an attacker to gain access to the website. For example, if a Hotmail user has checked the "remember my password" option, and if an attacker sniffs the session id contained in the user's cookies, the attacker then can access to the user's Hotmail account without even knowing the actual password at any time. <ins class="diffchange diffchange-inline">WebCT in McMaster also encrypts only login pages just like Hotmail; thus it can be sniffed in the same way</ins>, <ins class="diffchange diffchange-inline">though the session cannot last if the original user closes his browser</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>This particular type of sniffing is called side-jacking. It is very easy to be performed and it can be done in a lot of situations. Ferret is a tool developed by Errata Security, which automate the whole side-jacking process. A typical hacker can sit in a Hotspot enabled cafeteria or [[Piggybacking|piggyback]] a private network, open his laptop and click on Ferret; then after 1 hour or so, he will get all the email accounts that have been accessed in that wireless network.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>This particular type of sniffing is called side-jacking. It is very easy to be performed and it can be done in a lot of situations. Ferret is a tool developed by Errata Security, which automate the whole side-jacking process. A typical hacker can sit in a Hotspot enabled cafeteria or [[Piggybacking|piggyback]] a private network, open his laptop and click on Ferret; then after 1 hour or so, he will get all the email accounts that have been accessed in that wireless network.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"> Brief side-jacking attack steps:</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"> 1. Connect to a public network or piggyback to a private network</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"> 2. Crack the network using the previous method if the network is encrypted</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"> 3. Start capturing all traffic packets, save all HTTP headers</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"> 4. Analyze all the cookies and corresponding URLs in the headers or use tools like Ferret</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"> 5. Replay these cookies to their corresponding web pages</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Passwords cracking ===</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Passwords cracking ===</div></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 38:</td>
<td colspan="2" class="diff-lineno">Line 48:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Although rainbow table cracking can be prevented by using salt, a lot of applications and web services do not use salt. A good example is Microsoft Windows, it stores unsalted passwords hashes in the machine; thus it is vulnerable to this kind of attack. Many web applications also store unsalted hashes in the cookies to maintain sessions; since cookies can usually be sniffed easily, they are also vulnerable to rainbow tables.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Although rainbow table cracking can be prevented by using salt, a lot of applications and web services do not use salt. A good example is Microsoft Windows, it stores unsalted passwords hashes in the machine; thus it is vulnerable to this kind of attack. Many web applications also store unsalted hashes in the cookies to maintain sessions; since cookies can usually be sniffed easily, they are also vulnerable to rainbow tables.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"> Brief rainbow table attack steps:</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"> 1. Obtain the hash function and password hashes of target</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"> 2. Generate the rainbow table corresponding to the hash function, if it does not already exists online</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"> 3. Compare passwords hashes to the table indexes and find the plain text</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== Discussion ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== Discussion ==</div></td></tr>
<!-- diff generator: internal 2024-03-28 08:27:34 -->
</table>Xuanz2http://wiki.cas.mcmaster.ca/index.php?title=Information_security_awareness&diff=823&oldid=prevXuanz2 at 23:57, 9 December 20072007-12-09T23:57:23Z<p></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 23:57, 9 December 2007</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 20:</td>
<td colspan="2" class="diff-lineno">Line 20:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div> Brief attack steps:</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div> Brief attack steps:</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> # Test</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> 1. </ins></div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> # Test2</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> 2.</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Wireless sniffing ===</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Wireless sniffing ===</div></td></tr>
<!-- diff generator: internal 2024-03-28 08:27:34 -->
</table>Xuanz2http://wiki.cas.mcmaster.ca/index.php?title=Information_security_awareness&diff=822&oldid=prevXuanz2 at 23:57, 9 December 20072007-12-09T23:57:04Z<p></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 23:57, 9 December 2007</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 20:</td>
<td colspan="2" class="diff-lineno">Line 20:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div> Brief attack steps:</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div> Brief attack steps:</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div> # <del class="diffchange diffchange-inline">test</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> # <ins class="diffchange diffchange-inline">Test</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> # Test2</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Wireless sniffing ===</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Wireless sniffing ===</div></td></tr>
<!-- diff generator: internal 2024-03-28 08:27:34 -->
</table>Xuanz2http://wiki.cas.mcmaster.ca/index.php?title=Information_security_awareness&diff=821&oldid=prevXuanz2: /* Wireless cracking */2007-12-09T23:56:10Z<p><span class="autocomment">Wireless cracking</span></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 23:56, 9 December 2007</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 19:</td>
<td colspan="2" class="diff-lineno">Line 19:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>A tools set called Aircrack-ng is worth to be mentioned here, as it is currently the most popular tool to crack wireless networks. It provides a whole set of programs to crack wireless networks, including adapter configuration, fake authentication, de-authentication, passwords cracking, etc., and the only thing it requires is a good wireless card.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>A tools set called Aircrack-ng is worth to be mentioned here, as it is currently the most popular tool to crack wireless networks. It provides a whole set of programs to crack wireless networks, including adapter configuration, fake authentication, de-authentication, passwords cracking, etc., and the only thing it requires is a good wireless card.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"><pre></del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> </ins>Brief attack steps:</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div>Brief attack steps:</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> </ins># test</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div># test</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"></pre></del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Wireless sniffing ===</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Wireless sniffing ===</div></td></tr>
<!-- diff generator: internal 2024-03-28 08:27:34 -->
</table>Xuanz2http://wiki.cas.mcmaster.ca/index.php?title=Information_security_awareness&diff=820&oldid=prevXuanz2: /* Wireless cracking */2007-12-09T23:55:18Z<p><span class="autocomment">Wireless cracking</span></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 23:55, 9 December 2007</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 20:</td>
<td colspan="2" class="diff-lineno">Line 20:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div><pre></div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div><pre></div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div>test</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">Brief attack steps:</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"># </ins>test</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div></pre></div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div></pre></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<!-- diff generator: internal 2024-03-28 08:27:34 -->
</table>Xuanz2http://wiki.cas.mcmaster.ca/index.php?title=Information_security_awareness&diff=819&oldid=prevXuanz2 at 23:54, 9 December 20072007-12-09T23:54:41Z<p></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 23:54, 9 December 2007</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 18:</td>
<td colspan="2" class="diff-lineno">Line 18:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>A tools set called Aircrack-ng is worth to be mentioned here, as it is currently the most popular tool to crack wireless networks. It provides a whole set of programs to crack wireless networks, including adapter configuration, fake authentication, de-authentication, passwords cracking, etc., and the only thing it requires is a good wireless card.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>A tools set called Aircrack-ng is worth to be mentioned here, as it is currently the most popular tool to crack wireless networks. It provides a whole set of programs to crack wireless networks, including adapter configuration, fake authentication, de-authentication, passwords cracking, etc., and the only thing it requires is a good wireless card.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"><pre></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">test</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></pre></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Wireless sniffing ===</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Wireless sniffing ===</div></td></tr>
<!-- diff generator: internal 2024-03-28 08:27:34 -->
</table>Xuanz2http://wiki.cas.mcmaster.ca/index.php?title=Information_security_awareness&diff=818&oldid=prevXuanz2: /* Wireless cracking */2007-12-09T23:48:08Z<p><span class="autocomment">Wireless cracking</span></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 23:48, 9 December 2007</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 15:</td>
<td colspan="2" class="diff-lineno">Line 15:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Wireless networks are generally very vulnerable to cracking. A lot of wireless networks used in families are poorly configured, which means they either have no passwords at all, or have very weak passwords. This makes it very easy for attackers to get access to the network by simply guessing the passwords. </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Wireless networks are generally very vulnerable to cracking. A lot of wireless networks used in families are poorly configured, which means they either have no passwords at all, or have very weak passwords. This makes it very easy for attackers to get access to the network by simply guessing the passwords. </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div>However, when the network is configured so that it has a good password, there is still a good chance that it can be cracked easily. It is due to the fact that most wireless networks use WEP (Wired Equivalent Privacy) as authentication methods, and WEP has some serious weakness. According to <del class="diffchange diffchange-inline">"Weaknesses in the Key Scheduling Algorithm of RC4" by </del>Fluhrer<del class="diffchange diffchange-inline">, Mantin </del>and <del class="diffchange diffchange-inline">Shamir</del>, RC4, the encryption method that WEP uses, can be broken when enough sample traffic is collected; and both gathering sample traffic and cracking encryption can be automated. When the whole cracking process is automated by computer programs, it takes less than 10 minutes to crack a WEP protected network.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>However, when the network is configured so that it has a good password, there is still a good chance that it can be cracked easily. It is due to the fact that most wireless networks use WEP (Wired Equivalent Privacy) as authentication methods, and WEP has some serious weakness. According to Fluhrer and <ins class="diffchange diffchange-inline">his colleagues</ins>, RC4, the encryption method that WEP uses, can be broken when enough sample traffic is collected; and both gathering sample traffic and cracking encryption can be automated. When the whole cracking process is automated by computer programs, it takes less than 10 minutes to crack a WEP protected network.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>A tools set called Aircrack-ng is worth to be mentioned here, as it is currently the most popular tool to crack wireless networks. It provides a whole set of programs to crack wireless networks, including adapter configuration, fake authentication, de-authentication, passwords cracking, etc., and the only thing it requires is a good wireless card.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>A tools set called Aircrack-ng is worth to be mentioned here, as it is currently the most popular tool to crack wireless networks. It provides a whole set of programs to crack wireless networks, including adapter configuration, fake authentication, de-authentication, passwords cracking, etc., and the only thing it requires is a good wireless card.</div></td></tr>
<!-- diff generator: internal 2024-03-28 08:27:34 -->
</table>Xuanz2http://wiki.cas.mcmaster.ca/index.php?title=Information_security_awareness&diff=817&oldid=prevXuanz2: /* References */2007-12-09T23:47:02Z<p><span class="autocomment">References</span></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 23:47, 9 December 2007</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 58:</td>
<td colspan="2" class="diff-lineno">Line 58:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== References ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== References ==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* Siponen, Mikko T. (June 2001). "Five dimensions of information security awareness". Computers and Society 31 (2), 24 - 29. New York, ACM Press.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* Siponen, Mikko T. (June 2001). "Five dimensions of information security awareness". Computers and Society 31 (2), 24 - 29. New York, ACM Press.</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div>* Scott R. <del class="diffchange diffchange-inline">Fluhrer </del>, Itsik <del class="diffchange diffchange-inline">Mantin </del>, Adi <del class="diffchange diffchange-inline">Shamir </del>(August 2001). "Weaknesses in the Key Scheduling Algorithm of RC4", Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography, 1-24.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>* <ins class="diffchange diffchange-inline">Fluhrer, </ins>Scott R.<ins class="diffchange diffchange-inline">; Mantin</ins>, Itsik<ins class="diffchange diffchange-inline">; Shamir</ins>, Adi (August 2001). "Weaknesses in the Key Scheduling Algorithm of RC4", Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography, 1-24.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== External links ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== External links ==</div></td></tr>
<!-- diff generator: internal 2024-03-28 08:27:34 -->
</table>Xuanz2http://wiki.cas.mcmaster.ca/index.php?title=Information_security_awareness&diff=816&oldid=prevXuanz2: /* References */2007-12-09T23:45:07Z<p><span class="autocomment">References</span></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 23:45, 9 December 2007</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 58:</td>
<td colspan="2" class="diff-lineno">Line 58:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== References ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== References ==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* Siponen, Mikko T. (June 2001). "Five dimensions of information security awareness". Computers and Society 31 (2), 24 - 29. New York, ACM Press.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* Siponen, Mikko T. (June 2001). "Five dimensions of information security awareness". Computers and Society 31 (2), 24 - 29. New York, ACM Press.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">* Scott R. Fluhrer , Itsik Mantin , Adi Shamir (August 2001). "Weaknesses in the Key Scheduling Algorithm of RC4", Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography, 1-24.</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== External links ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== External links ==</div></td></tr>
<!-- diff generator: internal 2024-03-28 08:27:34 -->
</table>Xuanz2