i got bored tonight and, for some reason, decided to get out my trusty old dell laptop that has fedora linux (and, coincidentally, aircrack-ng) on it. as i was getting it, i seen my netgear wg511t wireless card that i bought specifically because it supported packet reinjection. fun ensued.using the somewhat new “ptw method”, i was able to crack a neighbor’s 128-bit wep key in as little as 96 seconds. as i noted on twitter, “even after all the times i’ve done it, i still get such a thrill out of cracking wep”.

…like the nsa headquarters.

thanks to the billboard liberation front!

stan schroeder’s article “richard stallman invents new way of browsing the web” on mashable directed me to this e-mail on the misc@openbsd.org list where stallman (allegedly) states:

for personal reasons, i do not browse the web from my computer. (i also have not net connection much of the time.) to look at page i send mail to a demon which runs wget and mails the page back to me. it is very efficient use of my time, but it is slow in real time.

this took me on a trip down memory lane. i can remember, 13 or 14 years ago, when i had to access the internet via long-distance phone calls (which didn’t please my parents a whole lot). juno came out with a service where they provided free e-mail to anyone (ad supported) and even had a 1-800 number you could use to avoid long-distance charges. the proprietary client would dial up, send any queued mail, downloading any received mail, and disconnect.

some of us discovered that it was possible to access the internet by e-mail. using juno’s free e-mail service, you could construct specially crafted e-mail messages and send them to certain “gateways” to do things like download web pages, perform archie searches, and even ftp files.

ahh, the good ol’ days. =)

a little over three months ago i replaced my aging linksys wrt54g wireless router with a buffalo whr-g125 specifically to run dd-wrt on it. in the last month or so since i got my macbook it will occasionally become disconnected from the wireless network (wpa2/personal) and the only solution would be to hard reboot the whr-g125 (the wired pc’s never lose connectivity). i never had that problem with my dell or toshiba laptops (running windows xp), so i’m inclined to believe that the problem was something to do with the shiny new macbook (note that i could connect to other wireless networks just fine — open access points ftw!).

tonight i wondered if there might be newer firmware available and it just so happened there was. i was running “v24 beta (08/15/07) vpn” and am now running “v24 rc-5 (11/22/07) vpn” so i’ll monitor things for a while and see if it keeps happening. it could be that it was a bug in the previous version, it could be something flaky on my macbook. who knows!?

i’m highly disappointed, to be quite honest. it’s fun to follow the happenings, though.

“reddit is the hacking playground for today.”

so says richard stiennon, zdnet blogger, in an article from today, “using social networks for ddos. reddit as hacker tool.”.

steinnon is referring to an incident that began late last night with omghax1337 posting “dear riaa… from your friendly neighborhood hackers”. omghax1337’s link took advantage of a failure on the riaa’s part to properly sanitize data it accepts as input. with this vulnerability, users were able to do things like this:

unfortunately for the riaa, that wasn’t all. later, eurleif posted a link titled “this link runs a slooow sql query on the riaa’s server. don’t click it; that would be wrong.” the link was to the aforementioned script, taking advantage of the sql injection vulnerability to execute a cpu-intensive query on the riaa’s webserver.

of course, the reddit users didn’t heed eurleif’s warning and did, indeed, “click it” — with the eventual effect being a distributed denial of service attack. webserver go bye bye.

while that event was playing out, someone else upped the ante. not being content with simply crashing their server, an unknown person decided to go ahead and delete all of the database content. that led to all of the articles on the riaa’s website showing up as “temporarily removed”.

earlier today, the content was restored and it appears that the riaa has plugged the hole. as stiennon mentions, however:

“this event is a great study in mob behavior. there is no love lost between any technologist and the riaa who is viewed as a corporate king canute commanding the tides to stop. so a call to action that involves a ‘minor’ thing like clicking on a link that set off a malicious attack got at least 649 up mods (user’s votes). did 659 people click through? no way to know and it is a moot point because some impatient hacker took it upon himself to execute a more targeted attack.”

disclaimer: i’m not advocating hacking the riaa (or anyone else). i will note, however, that karma’s a bitch. =)