Dipetik dari http://www.ethicalhacker.net/

Oleh Daniel V Hoffman (CISSP, CWNA dan CEH)

Finding Wireless Networks

Locating a wireless network is the first step in trying to exploit it. There are two tools that are commonly used in this regard:

Network Stumbler a.k.a NetStumbler – This Windows based tool easily finds wireless signals being broadcast within range – A must have. It also has ability to determine Signal/Noise info that can be used for site surveys. I actually know of one highly known public wireless hotspot provider that uses this utility for their site surveys.

(NetStumbler Screenshot)

Kismet – One of the key functional elements missing from NetStumbler is the ability to display Wireless Networks that are not broadcasting their SSID. As a potential wireless security expert, you should realize that Access Points are routinely broadcasting this info; it just isn’t being read/deciphered. Kismet will detect and display SSIDs that are not being broadcast which is very critical in finding wireless networks.

(Kismet Screenshot)

Attaching to the Found Wireless Network

Once you’ve found a wireless network, the next step is to try to connect to it. If the network isn’t using any type of authentication or encryption security, you can simply connect to the SSID. If the SSID isn’t being broadcast, you can create a profile with the name of the SSID that is not being broadcast. Of course you found the non-broadcast SSID with Kismet, right? If the wireless network is using authentication and/or encryption, you may need one of the following tools.

Airsnort – This is a very easy to use tool that can be used to sniff and crack WEP keys. While many people bash the use of WEP, it is certainly better than using nothing at all. Something you’ll find in using this tool is that it takes a lot of sniffed packets to crack the WEP key. There are additional tools and strategies that can be used to force the generation of traffic on the wireless network to shorten the amount of time needed to crack the key, but this feature is not included in Airsnort.

(Screenshot of Airsnort in Action)

CowPatty – This tool is used as a brute force tool for cracking WPA-PSK, considered the “New WEP” for home Wireless Security. This program simply tries a bunch of different options from a dictionary file to see if one ends up matching what is defined as the Pre-Shared Key.

(Cowpatty Options Screenshot)

ASLeap – If a network is using LEAP, this tool can be used to gather the authentication data that is being passed across the network, and these sniffed credentials can be cracked. LEAP doesn’t protect the authentication like other “real” EAP types, which is the main reason why LEAP can be broken.

(Asleap Options Screenshot)

Sniffing Wireless Data

Whether you are directly connected to a wireless network or not, if there is wireless network in range, there is data flying through the air at any given moment. You will need a tool to be able to see this data.

Wireshark (formerly Ethereal) – While there has been much debate on the proper way to pronounce this utility, there is no question that it is an extremely valuable tool. Ethereal can scan wireless and Ethernet data and comes with some robust filtering capabilities. It can also be used to sniff-out 802.11 management beacons and probes and subsequently could be used as a tool to sniff-out non-broadcast SSIDs.

(Screenshot of Ethereal in Action)

(Yahoo IM Session being sniffed in Ethereal)

The aforementioned utilities, or similar ones, will be necessities in your own wireless security toolkit. The easiest way to become familiar with these tools is to simply use them in a controlled lab environment. And cost is no excuse as all of these tools are available freely on the Internet.

Jalur lebar jadi ungkapan popular selepas NBI

Petikan dari Utusan Malaysia Online
ARKIB : 24/03/2010

HSBB kebangsaan bernilai RM11.3 bilion yang merupakan projek perdana NBI, merupakan perjanjian usaha sama awam-swasta antara Telekom Malaysia dan kerajaan bagi membangunkan perkhidmatan dan infrastruktur jalur lebar berkelajuan tinggi generasi akan datang untuk negara.

NBI membahagikan negara kepada tiga zon. Zon satu melibatkan kawasan ekonomi berimpak tinggi seperti kawasan tengah Lembah Klang dan Wilayah Pembangunan Iskandar di Johor. Zon Dua membabitkan kawasan bandar dan separa bandar yang lain manakala Zon Tiga melibatkan kawasan luar bandar.

Telekom Malaysia akan menawarkan jalur lebar berkelajuan tinggi (HSBB) dengan akses 10 Mbps di zon ini. Penduduk di Zon satu juga akan mendapat akses kepada penyelesaian jalur lebar kompetitif yang lain.

Empat kawasan awal yang akan diliputi perkhidmatan TM HSBB ialah Shah Alam, Subang Jaya, Taman Tun Dr. Ismail dan Bangsar. Pelan NBI membabitkan inisiatif swasta untuk menawarkan jalur lebar ke kawasan Zon Dua. Penawaran jalur lebar di Zon Tiga memerlukan campur tangan MCMC menggunakan dana Peruntukan Perkhidmatan Sejagat (USP).

Peruntukan jalur lebar di kawasan berkenaan termasuk Telefoni Asas (menerusi rangkaian tetap dan mudah alih), Perpustakaan Jalur Lebar Komuniti (CBL) dan Pusat Jalur Lebar Komuniti (CBC).

Liputan selular di kawasan berkenaan akan diperluas dengan membina lebih banyak menara komunikasi yang dibiayai oleh USP bagi membolehkan operator selular meluaskan liputan masing-masing kepada 97 peratus penduduk menjelang 2011.

TM reveals HSBB access rates

Petikan dari http://www.btimes.com.my
Published: 2010/01/30

The pricing comes in two forms: a one-time charge and a monthly recurring charge.

It charges service providers one-time fees of between RM100 and RM200 for activation of each Internet port. On a monthly basis, it charges the service providers between RM50 and RM550 per megabit per second (Mbps) for bandwidth subscription. Different monthly charges are catered for different type of usage.

Backtrack4

Assalamualaikum dan Salam1Malaysia,

Akhirnya.. penantian saya sekian lama sudah berakhir. Backtrack 4 final saudah pun release!
Tidak sabar rasanya utk mencuba OS favourite saya ini.

Gambar sebelah kiri inilah skrin favourite saya (screenshot aircrack AP wireless).

So.. watchout...

p/s maklumat lanjut sila ke http://www.backtrack-linux.org/

CEH

Assalamualaikum dan Salam 1Malaysia..

Aduh, malunya diri sendiri sebab inilah post pertama bagi 2010, nampak sgt tiada disiplin diri utk mengemaskini laman blog ini.

Awal kalam, saya ingin berkongsi dengan anda berkenaan CEH atau Certified Ethical Hacker. Terdapat beberapa respondent yg menghantar email bertanyakan berkenaan CEH..



Perkataan di bawah adalah petikan terus dari Wikipedia:
http://en.wikipedia.org/wiki/Certified_Ethical_Hacker

Certified Ethical Hacker

From Wikipedia, the free encyclopedia

Jump to: navigation, search

The Certified Ethical Hacker (C|EH) is a professional certification provided by the International Council of E-Commerce Consultants (EC-Council.)

An Ethical Hacker is one name given to a Penetration Tester. An ethical hacker is usually employed by an organization who trusts him to attempt to penetrate networks and/or computer systems, using the same methods as a hacker, for the purpose of finding and fixing computer security vulnerabilities. Illegal hacking (i.e.; gaining unauthorized access to computer systems) is a crime in most countries, but penetration testing done by request of the owner of the targeted system(s) or network(s) is not, except in Germany.

A Certified Ethical Hacker has obtained a certification in how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a hacker.

The certification is in Version 6 as of August 2008.

Certification coursework

The coursework consists of 67 modules, which range from 30 minutes to five hours or more, depending on the depth of the information provided.

Some training centers and universities in Asia and Europe include EC Council's CEH program in one of their course modules.

Examination

Certification is achieved by taking the C|EH examination after having either attended training at an ATC (Accredited Training Center) or done self-study. If a candidate opts for self-study, an application must be filled out and proof submitted of 2 years of relevant information security work experience. In case you do not have two years of information security related work experience you can send them a request detailing your educational background and request for consideration on a case basis.^[2] The current version of the CEH, v6, uses EC-Council's exam 312-50, as did v5. This exam has 150 multiple-choice questions and a 4 hour time limit. The earlier v4 had 125 multiple-choice questions and a three hour time limit. The exam costs US$250 in the United States (prices in other countries may differ)^[3], and is administered via computer at an EC-Council Accredited Training Center, Pearson VUE, or Prometric testing center (in the United States).

p/s sebarang maklumat berkenaan CEH dan EC-Council, anda boleh la ke laman web CEH