Thursday, October 28, 2004

Kismet 2004-10-R1 Released

It seems like it's been forever, but there's finally a new stable release of Kismet available. Many of the changes are relatively minor, since the main purpose of the release is just to snapshot the kismet-devel CVS branch. One of the potentially biggest changes, though, is the addition of Centrino support.

Friday, October 15, 2004

Report: FAA Cybersecurity Sucks

Raise your hand if this surprises you. is running an article entitled U.S. Air Traffic Control Found Vulnerable. Some of the key points:

  1. The FAA certifies the security of computers systems as tested by their lab, not as deployed in the field.
  2. Vulnerability assessment is performed only on servers, leaving "tens of thousands" of vulnerable targets
  3. The FAA's IT security sucks

Ok, you probably guessed that I added that last item myself, but it's a pretty accurate summary of the article.

Friday, October 08, 2004


A case of "television commercial imitates life". SecurityFocus has an article talking about how manufacturing machines on factory floors often have abysmal cybersecurity, because they've grafted ancient protocols meant for dedicated serial communication onto modern LAN hardware. My favorite part is the hardcoded default passed "hihihi".

Thursday, October 07, 2004

Scottsdale F33R5 Wardrivers

I don't know whether to laugh or cry: The Arizona Republic reports that some Scottsdale residents are becoming concerned about the level of wardriving in their area. Apparently they've been noticing more and more people leeching free Internet access via home access points, and are concerned that this could lead to a higher level of identity theft.

Leeching access and poking around on other peoples' networks are the kind of things that give legal wardriving a bad name. I only hope the Scottsdale police department (who will be creating a cybercrime unit "next year") can tell the difference between a crook and a hobbyist.

Wednesday, October 06, 2004

Zaurus auditing tools

I'll keep this brief, since I don't like promoting my own work in this blog. I just got a new Zaurus, intending to use it for wireless security auditing. None of the commercially-available CompactFlash WiFi cards offer external antenna jacks, which is a problem. So I've created a HOWTO for using a more powerful 200mW PCMCIA card with antenna hookups. I've also created an installable package for nmap v3.70. Interested? See my Zaurus page.

Tuesday, October 05, 2004

North Korea's Cyberarmy?

I don't know if this is true or not, but the Financial Times is reporting that North Korea has trained a force of 600 information warriors. Personally, I find it plausible, even credible. It wouldn't take much for any nation-state to produce a crop of skilled attackers, and although this would only be a small part of a coordinated intelligence or offensive campaign, it could be quite a useful one indeed.

On a related note: I can't quite put my finger on why, but this North Korea story somehow puts me in mind of an earlier story about Singapore.