Showing posts from August, 2009

WPA not cracked yet

I'll admit, when I heard that WPA, (specifically implementations using TKIP ), was cracked, my first reaction was "It's about time." This does not stem from some deep held desire to obtain free internet access from my neighbors, but instead from the fact that TKIP use RC4 . It's extremely hard to implement RC4 correctly. So much so, that in general I don't trust any encryption algorithm that uses a stream cipher vs. a block cipher , (for the crypto purists, yes block ciphers essentially become stream ciphers when put in CFB mode, but that's also when problems tend to occur ). I guess what I'm trying to say is I'm inclined to take a dire view of WPA's security. That being said, when headlines like " Wi-Fi Code Cracked in Minute " appears on the front page of Yahoo, (bad grammar and all), I really feel the need to post something. Regardless though, please understand, if you are still using WPA in TKIP mode you should at least start thi

Defcon Roundoup Part II

Saturday: Started out at Hacker vs. Disasters , but I bailed on the first speaker and instead went to the talk by Joe Grand on hacking parking meters . It just further reinforced my belief that society functions because there are not many talented bad guys. Or I should say, the effort to hack these systems outweighs the cost of using them legitimately. Still the ability to frame other people is scary. Also, you can buy ANYTHING on E-Bay. Then went back to Hacker vs. Disasters to see Renderman talk. Didn't learn much but had a great time. Favorite quote: "Most people will be absolutly useless in a disaster. Actually that's not true. They are mostly made of meat..." Of course I went to the Mythbusters talk . I was blown away by how good a speaker Adam Savage was, along with the great topic "Failure". Like everything else in his life, Adam's failures truely were epic, and I think they need to show a copy of that speach to every kid in Intermediate/High Scho

Blog Spammers

Well, it looks like I've had my first tangle with blog spammers. If I deleted any legitimate posts that offered strong, but completely abstract, praise for this site along with a signature full of links, I apologize.

Defcon 17 Roundup

It hardly seems like Defcon 17 was only a week ago. Right now it alternately feels like I just got back from it, or it happened a million years ago . Ok, I admit it. That link has nothing to do with this post, defcon, or even the idea of "a million years ago", but I stumbled across it in my Google search for something more appropriate and I thought I should share. Librarian hackers: need I say more? As I was saying, Defcon 17 occurred at some point in the past. I won't detail the parties that went on, though there were a few . The exception I will mention is the Toxic BBQ which was held on Thursday. Having skipped it the last two years due to various reasons, most of which involved the words "108 degrees", "outside", "off-site", and "laziness", I was truly amazed at how fun this event was. It also was the one event where you could relax, drink a few beers, (making sure to drink plenty of water as well - let me reference that 10