ROMPIENDO CONTRASEÑAS WEP CON AIRCRACK EN UNA RED WIFI

Interesante artículo donde explica como se puede saltar la seguridad WEP con programas de libre acceso y sin demasiados conocimientos.

Mas adelante explicarán como resolverlo, al menos en parte.
En cualquier caso hay que dejar claro que no hay programa , software o seguridad 100% fiable. El éxito de una red inalámbrica está basado en el uso y diseño con conocimiento y aplicando varias reglas la mayoria de las veces muy asequibles y que conjuntadas dan una mayor estabilidad. Poner solo encriptado WEP, no sirve de mucho, pero si se le añaden otras características, será mas que suficiente para disuadir a gran parte de los atacantes.

Actualización: Muy recomendable también este otro artículo:

Como obtener la clave de una red wifi WLAN_XX – How to get wifi key on WLAN_XX (Telefonica Spain)

Número 2 de INSECURE

INSECURE 2
Ha salido el 2º número de la revista INSECURE.

Esta revista es totalmente gratuita, y se puede distribuir libremente, siempre que se haga en su formato original (PDF).

Los temas de este número son los siguientes:
* Information security in campus and open environments
* Web applications worms – the next Internet infestation
* Integrating automated patch and vulnerability management into an enterprise-wide environment
* Advanced PHP security – vulnerability containment
* Protecting an organization’s public information
* Application security: the noveau blame game
* What you need to know before migrating your applications to the Web
* Clear cut cryptography
* How to lock down enterprise data with infrastructure services

Se puede descargar desde aqui. Del primer numero ya dimos cuenta aqui.

Innovate 05

INNOVATE
Desde ayer lunes se está celebrando en Zaragoza la cita mas importante en lo referente a Nuevas Tecnologías, la Feria INNOVATE´05.

Son muchos los sitios que hacen referencia a la feria, pasando del sitio oficial, a un wiki que se ha montado paralelo a la Feria.

Ayer, fuera del orden del dia, Dan Bricklin (inventor de la primera hoja de cálculo), dió una conferencia en el Museo del Teatro Romano de Zaragoza, a la que lamentablemente no pude asistir. Sin embargo gracias a Mariano, leo el resumen de Hector Blanco , que me sirve para hacerme una idea de lo que me perdí.

El resumen es muy bueno, y recomiendo su lectura, pero quisiera recalcar un detalle que a su vez destacó Dan Bricklin:
Las cosas mas calientes de la actualidad son:

  • Security
  • Mobility
  • Storage
  • Sensors
  • CPU power
  • IP eveywhere
  • Point solutions giving way to modular systems

Antivirus on-line gratuito

bitdefender
Bitdefender acaba de presentar la versión 8 de su antivirus on line «bitdefender scanner online».

Es un producto que funciona como un Active-x en entornos Windows, y cuando decimos Windows, lamentablemente también lo es para su navegador, no dejando activarse desde otro explorador que no sea Iexplore. Una pena, que esperemos no tarden en solucionar, de lo contrario se estarán perdiendo a buena parte de los internautas que ya solo usamos Mozilla, como medida (también) de seguridad.

Por lo demás es totalmente gratuito.
Via Genbeta. La pagina oficial aqui.

Si infectas, cobras

Y cobras pasta de verdad.
Algo asi debería ser la publicidad de una empresa rusa que promete pago por infección.

La cosa funciona mas o menos asi, según leo en Kriptópolis; el webmaster desarrolla una web con código malicioso que le proporciona la empresa rusa. Cuando un internauta descuidado y sin los consabidos parches de seguridad puestos al dia , la visita se infecta. Cada infección se paga a 6 céntimos, y según se explica, se pueden llegar a ganar 75.000 dólares al año, una cantidad mas que apetecible.

De momento, si usas IExplore, y quieres evitarte problemas, bloquea la dirección ip 81.222.131.59.

Mas info: aqui, aqui, y aqui

McAfee compra una empresa de seguridad de Wi-Fi

Lo leo aqui, y aqui.

Mcfee se ha lanzado al terreno de la seguridad en entornos móviles con la compra de Wireless Security, para añadir soluciones de detección wifi, a sus productos actuales.

«McAfee se compromete a brindar soluciones innovadoras y completas que protejan a los clientes de las amenazas a la seguridad en todos los puntos de acceso”, señaló George Samenuk, CEO y presidente de la junta directiva de McAfee, Inc.

Esta noticia demuestra que el mundo de la seguridad se vuelca cada vez mas a los entornos inalámbricos, como algo que no va a ser una moda, sino un entorno mas dentro de las comunicaciones.

Mas spam

Hace unos dias contábamos un caso de un correo que recibi tipicamente pilla-incautos.

Hace 2 diás lo ponía Sonia Blanco en su blog, a ella le escribió la viuda de Arafat, para pedirle ayuda.

Ahora me vuelve a llegar un correo que reproduzco completamente:

Qin Wang
Lloyds TSB Pacific Limited
Hong Kong Branch

Thank you for giving me your time. Please be patient and read my email to you.
I am a staff of Lloyds TSB Group attached in private Banking Services. I am contacting you concerning a customer and, an investment placed under our banks management 3 years ago, I contacted you independently of our investigation and no one is informed of this communication and I would like to intimate you with certain facts that I believe would be of interest to you.
In 2000, the subject matter; ref: bb/tsb/bank/73 came to our bank to engage in business discussions with our Private Banking Services Department. He informed us that he had a financial portfolio of 8.35 million United States Dollars, which he wished to have us turn over on his behalf. I was the officer assigned to his case; I made numerous suggestions in line with my duties as the de-facto chief operations officer of the Private Banking Services Department, especially given the volume of funds he wished to put into our bank. We met on numerous occasions prior to any investments being placed. I encouraged him to consider various growth funds with prime ratings. The favoured route in my advice to customers is to start by assessing data on 600 traditional stocks and bond managers and alternative investments. Based on my advice, we spun the money around various opportunities and made attractive margins for our first months of operation, the accrued profit and interest stood at this point at over 10 million United States Dollars, this margin was not the full potential of the fund but he desired low risk guaranteed returns on investments.

In mid 2001, he asked that the money be liquidated because he needed to make an urgent investment requiring cash payments in Europe. He directed that I liquidate the funds and had it deposited with a firm in Europe. I informed him that our bank would have to make special arrangements to have this done and in order not to circumvent due process, the bank would have to make a 9.5 % deduction from the funds to cater for banking and statutory charges. He complained about the charges but later came around when I explained to him the complexities of the task he was asking of us.Cash movement across borders has become especially strict since the incidents of 9/11. I contacted my affiliate in Europe and had the funds available in main land Europe. I undertook all the processes and made sure I followed his precise instructions to the letter and had the funds deposited in a security consultancy firm, the firm is a specialist private firm that accepts deposits from high net worth individuals and blue chip corporations that handle valuable products or undertake transactions that need immediate access to cash. This small and highly private organization is familiar especially to the highly placed and well-connected organizations. In line with instructions, the money was deposited. He told me he wanted the money there in anticipation of his arrival from Norway later that week. This was the last communication we had, this transpired around 25th February 2002. In June last year, we got a call from the security firm informing us of the inactivity of that particular portfolio.This was an astounding position as far as I was concerned, given the fact that I managed the private banking sector I was the only one who knew about the deposit, and I could not understand why he had not come forward to claim his deposit. I made futile efforts to locate him I immediately passed the task of locating him to the internal investigations department of our bank. Four days later, information started to trickle in, that he was apparently dead. A person who suited his description was declared dead of a heart attack in Cannes, South of France. We were soon enough able to identify the body and cause of death was confirmed. The bank immediately launched an investigation into possible surviving next of kin to alert about the situation and also to come forward to claim his estate. If you are familiar with private banking affairs, those who patronize our services usually prefer anonymity, but also some levels of detachment from conventional processes. In his bio-data form, he listed no next of kin. In the field of private banking, opening an account with us means no one will know of its existence, accounts are rarely held under a name; depositors use numbers and codes to make the accounts anonymous. This bank also gives the choice to depositors of having their mail sent to them or held at the bank itself, ensuring that there are no traces of the account and as I said, rarely do they nominate next of kin. Private banking clients apart from not nominating next of kin also usually in most cases leave wills in our care, in this case; he died in testate. What I wish to relate to you will smack of unethical practice but I want you to understand something. It is only an outsider to the banking world who finds the internal politics of the banking world aberrational. The world of private banking especially is fraught with huge rewards for those who occupy certain offices and oversee certain portfolios. You should have begun by now to put together the general direction of what I propose. There is US$ 28,000,000.00 deposited, I alone have the deposit details and they will release the deposit to no one unless I instruct them to do so. I alone know of the existence of this deposit for as far as the finance firm, the transaction with our deceased customer concluded when I sent the funds to the firm, all outstanding interactions in relation to the file are just customer services and due process. The finance firm has no single idea of what’s the history or nature of the deposit. They are simply awaiting instructions to release the deposit to any party that comes forward. This is the situation. This bank has spent great amounts of money trying to track this man’s family; they have investigated for months and have found no family. The investigation has come to an end. My proposal; you share similar details to the late fellow; I am prepared to place you in a position to instruct the finance firm to release the deposit to you as the closest surviving relation. Upon receipt of the deposit, I am prepared to share the money with you in half and no more. That is: I will simply nominate you as the next of kin and have them release the deposit to you. We share the proceeds 50/50.

I would have gone ahead to ask the funds be released to me, but that would have drawn a straight line to me and my involvement in claiming the deposit. But on the other hand, you with a similar name as the original depositor would easily pass as the beneficiary with the rights to claim. I assure you that I could have the deposit released to you in a few days. I will simply inform our bank of the final closing of the file relating to the customer. I will then officially communicate with the finance company and instruct them to release the deposit to you. With these two things: all is done. The alternative would be for us to have the firm direct the funds to another bank with you as account holder. This way there will be no need for you to think of receiving the money from the firm. We can fine-tune this based on our interactions. I am aware of the consequences of this proposal. I ask that if you find no interest in this project that you should discard this mail. I ask that you do not be vindictive or destructive. If my offer is of no appeal to you, delete this message and forget I ever contacted you. Do not destroy my career because you do not approve of my proposal. You may not know this but people like myself who have made tidy sums out of comparable situations run the whole private banking sector. I am not a criminal and what I do; I do not find against good conscience, this may be hard for you to understand, but the dynamics of my industry dictates that I make this move. Such opportunities only come ones’ way once in a lifetime. I cannot let this chance pass me by I hope you understand because for once I found myself in total control and face to face with my destiny. These chances won’t pass me by. I ask that you do not destroy my chance, if you will not work with me let me know and let me move on with my life but do not destroy me. I am a family man and this is an opportunity to provide them with new opportunities. There is a reward for this project and it is a task well worth undertaking. I have evaluated the risks and the only risk I have here is from you refusing to work with me and alerting my bank. I am the only one who knows of this situation, good fortune has blessed you with a name that has planted you into the center of relevance in my life. Let’s share the blessing.
If you find yourself able to work with me, contact me through this email account inwang1954@yahoo.com.hk .

If you give me positive signals, I will initiate this process towards a conclusion. I wish to inform you that should you contact me via official channels; I will deny knowing you and about this project. I repeat, I do not want you contacting me through my official phone lines nor do I want you contacting me through my official email account. Contact me only through this email address. I do not want any direct link between you and me. My official lines are not secure lines as they are periodically monitored to assess our level of customer care in line with our Total Quality Management Policy. Please observe this instruction religiously. Please, again, note I am a family man; I happily married with two kids. I send you this mail not without a measure of fear as to what the consequences might be, but I know within me that nothing ventured is nothing gained and that success and riches never come easy or on a platter of gold. This is the one truth I have learned from my private banking clients. Do not betray my confidence. If we can be of one accord, we should plan a meeting, soon. I await your response.
Sincerely,
Qin Wang

La cuestión es la de siempre, ¿que se puede hacer al respecto?