You are viewing a read-only archive of the Blogs.Harvard network. Learn more.

Wireless Resources

Wireless Users Groups
bawug.org Bay Area Wireless Users Group
 
nycwireless.net NYC Wireless Group
 personaltelco.net Personal Telco Project
 frars.org.uk FRARS Wireless lan working group
 bawia.org Boston Area Wireless Internet Alliance
GBA 802.11 Greater Boston Area 802.11 Wireless Database
DC-WiFi Initiative Public WiFi advocates in Washington DC
Seattle Wireless Seattle Wireless group

Wardriving Resources

wardriving.com Wardriving news portal
www.sicheres-funknetz.de Wireless security portal (German)
 www.netagent.at Wardriving and Wireless site (German)

/whois Bruce_Schneier

Cryptography and Computer Security Resources

Crypto-Gram Newsletter

Algorithms
Blowfish
Twofish
Solitaire
Helix
Phelix

Free Software
Password Safe
S/MIME Cracking Screen Saver

Essays and Columns on Cryptography and Computer Security
Academic Papers by Bruce Schneier
Bibliography of Papers by Other People

Analyses
Microsoft PPTP
CMEA Digital Cellular

Wireless Security Review: Kismet++

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.

 wardriving.com Wardriving news portal
– Ethereal/Tcpdump compatible data logging
– Airsnort compatible weak-iv packet logging
– Network IP range detection
– Built-in channel hopping and multicard split channel hopping
– Hidden network SSID decloaking
– Graphical mapping of networks

Q: What happens when I ask a question thats already answered here?
A: I’ll probably be rude to you and tell you to go read the docs.
But of course everyone already read the docs all the way to the end,
right? Right?

Greater Boston Area 802.11 Wireless Database
 http://www.digivill.net/~mowse/gba80211/

NYC Wireless Group
 http://nycwireless.net/

 www.turnpoint.net
 Turnpoint.net‘s wireless antenna shootout

 antennasystems.com
Antenna Systems antenna supplier

 pasadena.net
 Pasadena.net wireless equipment

 therfc.com
TheRFC RF Connector and custom cable supplier with no minimum order.

www.solwise.co.uk
Solwise UK connector and equipment supplier.

Dec 2007 Top 10 Infected Autonomous System Blocks

Beansec! 13

Beansec snuck up me this month but I will be helping to host the 13th installment of the only event of its kind in the Boston area. Come hang out and try to piece together those fuzzy memories from Vegas or tell me how that new German law makes you feel about working in the security industry.

BeanSec! is an informal meetup of information security professionals, researchers and academics in the Greater Boston area that meets the third Wednesday of each month.

Unlike other meetings, you will not be expected to pay dues, “join up”, present a zero-day exploit, or defend your dissertation to attend.

the Enormous Room in Cambridge:
567 Mass Ave, Cambridge 02139

A history of hackers from the underground

A really cool db has been leaked to the internet which contains releases to “the scene”. I did a quick search on the term “hackers” and got the following presented in chronological order.

Beansec turns 1!

This Wednesday will mark the 12th ever beansec! If you haven’t been to one yet or haven’t found time to attend then this is the month to make it.

BeanSec! is an informal meetup of information security professionals, researchers and academics in the Greater Boston area that meets the third Wednesday of each month.

Come get your grub on. Lots of good people show up. Really.

Unlike other meetings, you will not be expected to pay dues, “join up”, present a zero-day exploit, or defend your dissertation to attend.

the Enormous Room in Cambridge:
567 Mass Ave, Cambridge 02139

Beansec 七

谢谢 to everyone that made it out last night to Beansec. I have been so swamped with work and school that I didn’t have time to blog about it yet still 18-20 of you showed up! We are scheduled for the same time next month (3rd Wednesday).
Great topics that were discussed

Extending legal protections to security researchers
“Impact Factors” for vulnerabilities
The Pinkertons
The Security “Bubble”

Data Point on Vulnerability Research

From the Sun Java .gif parsing vulnerability

— Disclosure Timeline:
2006.06.16 – Vulnerability reported to vendor
2006.12.18 – Digital Vaccine released to TippingPoint customers
2007.01.16 – Coordinated public release of advisory

— Credit:
This vulnerability was discovered by an anonymous researcher.

This vulnerability existed on the internet for half a year before a patch was issued. What are the chances that certain sites were serving out this exploit? I recently investigated an adult chat site that used a java client and was flagged for serving out other malware. I’m not making any claims here but throwing out some questions.

Also the credit is interesting to me. In the past credit was very much like academic citations. Researchers didn’t get paid for their work (just like academics don’t get paid to publish in journals) but receive a citation in the advisory. At worst one would create a handle and use that for advisories.

Beansec 5 is tomorrow

See you there.
image provided by google maps
Enormous Room: 567 Mass Ave, Cambridge 02139