| New attack cracks WPA in just a minute |
| Submitted by 云舒 on 2009, August 28, 11:00 AM. 技术 |
New attack cracks WPA Wi-Fi encryption in just a minute
Encryption systems used by wireless routers have had a long history of security problems. The Wired Equivalent Privacy (WEP) system was cracked and rendered effectively pointless within a few years of its introduction in 1997. Now, it looks like its WPA successor may soon suffer the same fate, with a pair of Japanese researchers developing a way to break it in just one minute. The attack builds on the so-called "Becks-Tews method" unveiled last year by researchers Martin Beck and Erik Tews. However, that method worked on a smaller range of WPA devices and took between 12 and 15 minutes to carry out. Both attacks work on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They aren't key-recovery attacks -- but give hackers a way to read encrypted traffic sent between computers and certain types of routers that use the outdated encryption system. The Wi-Fi Alliance has required since 2006 that Wi-Fi-certified products support WPA 2, a much more powerful encryption system that is not vulnerable to these attacks, but users have been slow to upgrade. The two researchers, Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, are to discuss their findings at a conference in Hiroshima this September 25 but you can read some details now in their paper, "A Practical Message Falsification Attack on WPA" (PDF) |
| 评论(3) | 更多内容... |
| 小记 |
| Submitted by 云舒 on 2009, August 22, 4:08 PM. 琐记 |
就我自己的心里来说,其实已经差不多有一年多没有写过真正博客了。 上周在北京待了差不多一个星期,期间几次路过我们以前住的地方,以前逛过的小路,思绪万千。今天还是一个人在家,整整一下午的暴雨。开着台灯听音乐看书,居然看得有点抑郁了,也不知道到底想了些什么。 就暂且记下这件小事吧。 |
| 评论(9) | 更多内容... |
| XCON之北京信息查询与ATM一体终端机被黑 |
| Submitted by 云舒 on 2009, August 19, 4:35 PM. 琐记 |
在XCON举行的酒店大厅有一个信息查询终端机,并且提供自动取款的功能。遗憾的是我们的墨西哥同学harry盯上它了,研究了两天,今天终于得手了。有图有真相,曾哥真汉子。我对此表示惊叹,也许下界xcon不能在这里开了,哈哈。举办XCON有风险啊,不过听harry说blackhat更可怕,everything is broken! |
| 评论(24) | 更多内容... |
| 阿里巴巴漏洞通告邮箱 |
| Submitted by 云舒 on 2009, August 18, 9:07 PM. 琐记 |
我们集团专门设置了一个接收漏洞通告的邮箱, security@service.alibaba.com,有任何阿里集团的漏洞请通知我们,非常感谢!我们会有精美的礼品赠送。这次xcon就带了好几份礼物过来,欢迎大家来mail啊。 |
| 评论(7) | 更多内容... |
| 怒了 |
| Submitted by 云舒 on 2009, August 17, 1:08 AM. 琐记 |
如题。 |
| 评论(10) | 更多内容... |
| (转载)神秘的程序员——KG |
| Submitted by 云舒 on 2009, August 13, 10:02 PM. 八卦 |
|
| 评论(5) | 更多内容... |
| LWP处理javascript重定向 |
| Submitted by 云舒 on 2009, August 11, 12:23 AM. 技术 |
晚上仔细调试程序,发现一个bug,在抓取页面内容时处理了302 redirect,但是没有处理javascript的重定向。简单搞了搞,能用了,其实还可以优化做细致的判断。 sub GetContentFromUrl { my $url = shift; my $time_out = shift; chomp( $url ); my $ua = LWP::UserAgent->new(); $ua->cookie_jar({}); $ua->agent( 'Mozilla/4.0 (compatible; MSIE 6.0; Windws NT 5.1)' ); $ua->timeout( $time_out ); my $res_obj = $ua->get($url) || warn "get $url error, $!n"; print "$url: ".$res_obj->status_line."n"; if ( !$res_obj->is_success ) { return undef; } my $html = $res_obj->as_string; if ( $html =~ m/window.location[.href]?\s*=\s*\"(.*?)\"/is ) { my $tmp_url = URI::URL->new($1, $url); $tmp_url = $tmp_url->abs; print "found window.location, will follow $tmp_urln"; &GetContentFromUrl( $tmp_url, $time_out ); } else { return $html; } } |
| 评论(7) | 更多内容... |
| 善人恶人 |
| Submitted by 云舒 on 2009, August 4, 10:48 PM. 读书 |
浙中有五奇鬼,四鬼尽瞽,惟一鬼有一眼,群鬼恃以看物,号“一目五先生”。遇瘟疫之年,五鬼联袂而行,伺人熟睡,以鼻嗅之。一鬼嗅则其人病,五鬼共嗅则其人死。四鬼伥伥然斜行踯躅,不敢作主,惟听一目先生之号令。 有钱某宿旅店中,群客皆寐,己独未眠,灯忽缩小,见五鬼排跳而至。四鬼将嗅一客,先生曰:“此大善人也,不可。”又将嗅一客,先生曰:“此大有福人也,不可。”又将嗅一客,先生曰:“此大恶人也,更不可。”四鬼曰:“然则先生将何餐?”先生指二客曰:“此辈不善不恶、无福无禄,不啖何待?”四鬼即群嗅之,二客鼻声渐微,五鬼腹渐膨亨矣。 |
| 评论(7) | 更多内容... |
| 共有759篇文章8篇/每页 | « 5 6 7 8 9 10 11 12 13 14 ... 95 » |