I had some other entries that, to be honest, didn't really belong here. They actually should have been in my journal, and so I printed them off, placed them there, and deleted them.
Troy Hunt demonstrated a "Pineapple" hacking unprotected wi-fi clients recently. His article
Pineapple Surprise! Mixing trusting devices with sneaky Wi-Fi at #wdc13 is interesting reading, especially in light of a couple of previous posts he had building up to this.
My paranoia kicked into high-gear. So I have installed a tool on my Droid called "WiFi Auto Turn Off" which disables wifi on the phone after losing contact for 5mins (user settable). So if/when I go out, it will turn off while I am in the car, and hence I won't get the "drive by" attacks described by Troy in his article. Indeed, I used this "in anger" today, and it worked just like a bought one. Well, I didn't time it, but when I checked for WiFi while out, it was turned off - good enough for me :)
Now, the Pineapple is pretty cheap at about $100 - give or take. But it seems that, because it is built on OpenWRT, I can build a 'pineapple clone' for a bit over $20 - Blue for the Pineapple - based on the TP-Link WR703N (http://www.obostore.com/tplink-tlwr703n-150m-wifi-3g-wireless-router-p-7748.html)
I was sort of wondering if I might be able to do "the same" with the eeePC I have sitting around, although it won't run OpenWRT. But OpenWRT is built on BusyBox, which is a Linux, so I may investigate further - although it's not as "cute" as the TP-Link 703.
This has the potential to be included as a short course for building a pentest kit. 3 or 4 weeks?
I am also thinking of putting together a couple of other courses at TAFE on Web Application Security. One, in two forms perhaps - .NET and PHP - using the OWASP Top 10 for Web App Developers - probably 10 weeks (1 term), and another (third? fourth?) on defending web apps using ModSecurity WAF with the OWASP ruleset. This would probably be 5 or 6 weeks.
But there are some other things to be completed first...
have fun,
.h
Saturday 4 May 2013
Saturday 13 April 2013
First halting steps
For some time now, I have been following a blog by Troy Hunt (www.troyhunt.com in case you were wondering) and have been pondering adding my own voice to the multitude.
Perhaps an attempt at 'significance' (hah!)?
Perhaps I have something "interesting" to say? That will be for others to judge.
Additionally, I am studying a Christian Counselling course through St.Mark's Theological College in Canberra, and so there will be other musings on this quite separate topic.
My machine is demanding I reboot, so I shall finish off this first post, and see how we progress from there.
.h
Perhaps an attempt at 'significance' (hah!)?
Perhaps I have something "interesting" to say? That will be for others to judge.
My reasons for this blog
I hope that this will become a "repository" for myself for numerous Web Application Security related posts I come across - and if others find this useful as well, all the better.Additionally, I am studying a Christian Counselling course through St.Mark's Theological College in Canberra, and so there will be other musings on this quite separate topic.
My machine is demanding I reboot, so I shall finish off this first post, and see how we progress from there.
.h
Subscribe to:
Posts (Atom)