Re: I want the PT list back....

From: Pete Herzog (lists@isecom.org)
Date: Wed Dec 12 2007 - 05:06:56 EST


Hi Joe,

Well, you've done it now. The thought police are already on their way to
your domestic residence to impound your computers for auction. They'll get
top dollar too if they leave the "Kiss me I'm a hacker" sticker on it! ;)
Actually, I need to get me one of those....

> For wireless I pretty much just use Kisment/Aircrack-NG, but I'm really
> interested in wicrawl. Anyone using it on pentests yet?

I have a comment on this. You wrote a way tanker full anyway so I want to
leave the rest for the list members to chew on.

I put a lot of new wireless tests in OSSTMM 3 which include going beyond
the typical WiFi ranges for many reasons but mostly because some clients
want the information even if they aren't aren't prepared to deal with it.
So we've been using hand held EMR/EMF testers looking for high-powered
devices, bugs and other rf transmitters, "illegal" or at least "restricted"
frequency wifi communication signals from devices bought in Japan and
China, and anomalies which can cause wireless DoS or "human discomfort"
(the medical researchers seem to be split on what constitutes EMR damage).

While I realize that some of this is not currently usable for penetration
and more in the lines of a security test I think it's only a matter of
time. I mean, look at how quickly sniffing traffic to wireless keyboards
and cordless telephone conversations has become part of pen tests. It's
just a matter of time before other devices fall into this domain.

Anyway, I appreciated your rant this morning. Good on ya! Maybe I'll
submit my rant here later- the one on Security 2.0 that I put on the ISECOM
News list yesterday.

-pete.
www.isecom.org

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:15 EDT