Learn Security Online - Home

Learn Security Online - Home

Hushmail - Free Email with Privacy

Hushmail - Free Email with Privacy:

"Hushmail provides private, secure free email accounts.

Email is encrypted, scanned for viruses and filtered for spam, automatically."

Encryption algorithms

Encryption algorithms:

"Different encryption algorithms use proprietory methods of generating these keys and are therefore useful for different applications. Here are some nitty gritty details about some of these encryption algorithms. Strong encyrption is often discerend by the key length used by the algorithm."

Learning About Cryptography

Learning About Cryptography:

"For some reason, good cryptography is just much harder than it looks. This field seems to have a continuous flow of experts from other fields who offer cryptographic variations of ideas which are common in their other field. Now, there is nothing wrong with new ideas. But there are in fact many extremely intelligent and extremely well-educated people with wide-ranging scientific interests who are active in this field. It is very common to find that so-called 'new' ideas have been previously addressed under another name or as a general concept. Try to get some background before you get in too deep."

Snake Oil Warning Signs:Encryption Software to Avoid

Snake Oil Warning Signs:Encryption Software to Avoid:

"Snake Oil Warning Signs:
Encryption Software to Avoid"

sci.crypt FAQ

sci.crypt FAQ: "This is a mirror of the sci.crypt FAQ."

What’s on my USB key?

I’ve gathered many programs for my USB memory stick so I thought I
would list them here. Actually, when you get down to it, I have a
couple of memory sticks I keep with me most of the time. The first one
is an older stick and is only 256 mb. However, it has a switch that you
can flip to make it read-only. I use this stick to run the Windows
utilities from Helix. The read-only switch comes in handy because some
antivirus programs identify a few of the Helix tools as malware.

What’s on my USB key?

I’ve gathered many programs for my USB memory stick so I thought I
would list them here. Actually, when you get down to it, I have a
couple of memory sticks I keep with me most of the time. The first one
is an older stick and is only 256 mb. However, it has a switch that you
can flip to make it read-only. I use this stick to run the Windows
utilities from Helix. The read-only switch comes in handy because some
antivirus programs identify a few of the Helix tools as malware.

Running airpwn

One of the tools that comes with the Backtrack distribution is airpwn. Airpwn is a tool that first debuted at DefCon 12. (Careful with the link, it is not safe for work, and may not actually be safe for humanity.)

A Little About Airpwn

Airpwn acts as a man in the middle
tool for wireless networks. It takes advantage of the time that a
website takes to respond to normal page requests. In that lag time, it
can inject its own content onto the wireless channel of an access
point. For instance, you may request a page from wikipedia.org
that takes, round-trip, approximately 125 ms. If someone near you is
running the airpwn tool, it will see your request and immediately
respond with its own web page and/or content because it is much closer
and takes much less time to respond.

Manual Reference Pages - AIRPWN (1)

airpwn is a thoughtful framework for automated injection of arbitrary application-layer data on an unencrypted 802.11 network. It is used mainly for penetration testing as it’s primary role is for a complex pattern matching and packet generation.

Airpwn: Owning the Airwaves

InformIT: Security Reference Guide > Airpwn: Owning the Airwaves

Airpwn: Owning the Airwaves

Wireless networking has experienced many black eyes in the recent past due to
the various ways it can be exploited and abused by people with malicious intent.
Most people are familiar with the ever-popular attack against WEP that can
extract a key from the air in less than five minutes. There are also attacks
against WPA that can crack a passphrase with only four bytes of data, man in the
middle attacks that give an attacker full access to SSL encrypted traffic, and
rogue access points that can trick a victim into connecting to an
attacker's network. While these various vectors of owning a victim are
dangerous and need to be protected against and understood, this section will
deal with a method that is not widely discussed: data traffic injection.

Airpwn

Airpwn is a framework for 802.11 (wireless) packet injection. Airpwn
listens to incoming wireless packets, and if the data matches a pattern
specified in the config files, custom content is injected "spoofed"
from the wireless access point. From the perspective of the wireless
client, airpwn becomes the server.

Interview: SANS Pen Test Summit Part 2 - Johnny Long

The SANS WhatWorks in Penetration Testing & Ethical Hacking Summit with Ed Skoudis
brings together a number of authors, researchers, and actual
practitioners of pen testing, the summit will not only give a view as
to where we stand as a community right now but also where we are headed
in the future. Joining Ed will be a number of celebrated hackers (the
positive connotation of the term) including Google Hacking Expert, Johnny Long, and the man behind the Metasploit Project, HD Moore.

Interview: SANS Pen Test Summit Part 1 - Ed Skoudis

The field of penetration testing, or ethical hacking as it is commonly
described, is one of the fastest growing areas in the realm of
Information Security. Whether that is attributable to the growing
number of regulations such as HIPAA, SOX, GLBA et al or perhaps it is
the fact that many hackers have grown up and now have families to
support. Or just maybe it is the real fear today that many
organizations are garnering more press attention for recent data theft
incidents as opposed to their products. No matter how you look at it,
penetration testing is becoming a maturing and legitimate profession.

johnny.ihackstuff.com

First and foremost, I am a committed Christian, a follower of Christ.
I'm far from perfect, but I try to live my life in a way that provides
a true reflection of God's love for mankind. One of the ways my beliefs
manifest themselves is through my charity work, a central passion of my
life. Please check out Hackers For Charity.org.



Secondly, I am a family guy. I am very close to my family and make them the second-highest priority in my life.


Thirdly, I am a hacker. More specifically, I am a professional hacker.
I've always been one at heart, even though it waned as I went through
my "wear a stupid suit and climb the corporate ladder" phase. I finally
figured out that I could get paid to do what I loved. These days I am a
researcher, author
and public speaker paid for my knowledge and abilities. I have
personally broken into hundreds of computer networks, all of which have
had their security improved because of my actions. I also dabble in
physical security, and have a very nice collection of secured
facilities that I have broken into. That's about as much as you'll
catch me tooting my own horn. Except for the fact that I have to post
my "Marketing Sheet" because people keep asking for a resume-type thing.



One last thing. I don't teach people how to hack, so don't ask. Unless
I know and trust you personally, you won't even get a response to a
hacking-related question. Sorry, but I won't help people who have bad
intentions.
The documents I make available on my site contain knowledge which can
be gained from scores of other places, but I like to think I help to
simplify complex topics, and provide resources for those that wish to
defend their own systems.

Hackers for Charity

What we do

We provide professional references to hackers willing to use their technical skills to help charities through our technical services initiative. We collect "swag" and distribute it as school supplies to students in underdeveloped countries through our "Swag for Charities" campaign.