Hot Sales In China For Wi-Fi Key-Cracking Kits

alphadogg writes "Dodgy salesmen in China are making money from long-known weaknesses in a Wi-Fi encryption standard, by selling network key-cracking kits for the average user. Wi-Fi USB adapters bundled with a Linux operating system, key-breaking software, and a detailed instruction book are being sold online and at China's bustling electronics bazaars. The kits, pitched as a way for users to surf the Web for free, have drawn enough buyers and attention that one Chinese auction site, Taobao.com, had to ban their sale last year. With one of the 'network-scrounging cards,' or 'ceng wang ka' in Chinese, a user with little technical knowledge can easily steal passwords to get online via Wi-Fi networks owned by other people. The kits are also cheap. A merchant in a Beijing bazaar sold one for 165 yuan ($24), a price that included setup help from a man at the other end of the sprawling, multistory building."

fp

[Anonymous Coward]

First post using my neighbor's wifi!

Re:

[sqldr]

Damn you! I hate it when some wang ka leeches my next connection.

Re:

[sakdoctor]

This is what the kit looks like:

http://www.xmman.cn/n13848c14.aspx [xmman.cn]

You'd think TFA would have had a picture; you would think slashdot would have unicode support too.

www.aircrack-ng.org no good

[h00manist]

The five bucks is so you can get the goods at all, can't reach www.aircrack-ng.org, it's terribly slow. Been that way for a while.

Are these available in the states?

[Locke2005]

My neighbors have all started encrypting their wireless routers :-(.

Re:Are these available in the states?

[blair1q]

How are you going to steal my bytes when I don't pub my SSID?

Re:Are these available in the states?

[Annymouse Cowherd]

By sniffing traffic to determine the existence of your network?

Re:Are these available in the states?

[Tiger4]

See that's where I fool 'em. I don't encrypt my traffic. They'll search all day and never find the key!

Re:

[Ethanol-fueled]

I bet you could write a custom driver that simply XORs all wireless traffic,

Even better, a custom driver that XOR's the traffic twice for double the protection.

Re:

[dotancohen]

Even better, a custom driver that XOR's the traffic twice for double the protection.

I swear next time you rot26 your posts I'm killfiling you!

Re:

[Amouth]

you know.. i'm one of the lazy ones.. i don't bother with wep or wap or anything else.. just wide open and a mac filter.. why you ask?

because anyone who knows what they are doing can get around a mac filter - 9 out of 10 times that person is doing it because they have a need to fill (aka stuck on this side of down and needs a net connection)

what good is it?? well it stops my neighbors from connecting - and trying to download crap.. instead they just use someone else's - and it makes it simple for my wif

Re:

[GillyGuthrie]

and it makes it simple for my wife to let others on.

It seems simpler to configure WPA/WPA2 and just type in a password than to manually configure the router to allow a specific MAC address...

Re:Are these available in the states?

[mlts]

On a side subject, it would be nice for a wireless AP to have the ability to use multiple (like up to 255+) WPA2-PSK keys, one individual key per machine. Yes, this encroaches on WPA-Enterprise, but this would provide the ability to lock out a compromised machine off the network just by zapping its key, as opposed to having to rekey every single box on the wireless segment.

Re:

[bbk]

There are certain AP's and firmware that have a built-in RADIUS server for WPA/WPA2 Enterprise.

Re:

[fsulawndart]

All the Cisco APs have built-in RADIUS servers.

Re:

[icebraining]

My cheap Belkin ($15) can use a RADIUS server for authentication.

It can also setup two WPA-PSK passwords instead, a "main" and a "guest", which doesn't have access to the other machine's traffic nor can it connect to them.

I use this later solution; I use a secure "main" password and the guest password is equal to the SSID.

Re:

[h4rr4r]

Maybe on windows. What you need is a driver that supports doing this, OSes where the drivers are not made the by original vendor don't have these limitations.

Re:

[h00manist]

Aircrack is, curiously, one of the few tools that cannot be ported to windows, and which actually manages to attract people to run linux, just for this app. It's a "killer app", as they call it, which carries it's platform. Makes me think, sometimes, more open source software should be circulated without any windows ports or binaries at all, to keep people on open source platforms... of course, it goes against the whole idea of open...

Re:Are these available in the states?

[Maarx]

Aircrack is, curiously, one of the few tools that cannot be ported to windows, and which actually manages to attract people to run linux, just for this app. It's a "killer app", as they call it, which carries it's platform. Makes me think, sometimes, more open source software should be circulated without any windows ports or binaries at all, to keep people on open source platforms... of course, it goes against the whole idea of open...

While I cannot debate it's status as a "killer app", the reason it works is not that the code for Aircrack cannot be ported, but instead because Windows does not possess the underlying DLL's to support it. In fact, the fork project, Aircrack-ng, has a port for Windows, with a giant alt-text disclaimer on the download link that says it doesn't work without DLL's that they do not provide (i.e., they do not believe exist). The result is the same, but it's inaccurate to speak of it as an inability to translate the program "source".

Re:

[h4rr4r]

Binary driver for that wireless maybe?

Re:

[Bert64]

It's all down to the drivers... Most cards will go into monitor mode with the linux or bsd drivers.
I have atheros, ralink, intel, prism2 (old), and realtek cards all of which are perfectly capable of monitor mode, i tend to keep away from broadcom cards but aparrently they can be made to do it aswell. Have a read of the kismet website sometime, it has a list of supported cards.

Re:

[compro01]

What? I haven't seen a wifi card that isn't capable of that, aside from ones that pointblank don't work on Linux without annoying hacks (NDISwrapper), like broadcom-based ones.

You typically can't do that kind of thing on Windows, but it's trivial on Linux.

Re:

[zmollusc]

Odd. The _only_ wifi adapter i have that linux finds and uses is a broadcom one. 431X or something. I have had no luck with various netgear and belkin and no-name spurious cards and dongles.

Re:

[HungryHobo]

Personally I know I've had problems with netgear wireless cards on linux.
It's a bit pot luck.

Re:

[Rijnzael]

You have a fundamental misunderstanding of 802.11 and belligerence/holier-than-thou attitude to boot. An 802.11 access point will not respond to a probe with its actual SSID if it's configured to not broadcast SSID. If it were not heeding this directive, you'd still see the access point using a Windows station. This condition is the express purpose of the "don't broadcast SSID" directive.

You can verify your incorrectness by disabling SSID broadcast on an AP with proper firmware, actually saving the s

Re:Are these available in the states?

[geekoid]

There are several tools you can use to get the SSID from a "Non broadcasting" device.

Linux:
http://www.kismetwireless.net/ [kismetwireless.net],
Airjack,
Many others...

Windows:
AirMagnet
AirSnort

I just listed the most common for the particular OS. I do know they can be compiled onto other systems.

If you take a minute to step away from your knee jerk reaction to correcting people and think about it, you would realize* that at some point it has to broadcast the SSID or know one could ever maintain connection.

http://tech.blorge.com/Structure:%20/2008/04/21/wi-fi-mythbuster-do-not-hide-your-ssid/ [blorge.com]

So it is trivial to get an SSID from one that is hidden.

* Against all evidence. I'm assuming your not actually an idiot

Re:

[h4rr4r]

I see an ESSID that is blank!
But I see the channel info and all the rest.
Which iwlist shows just fine.
Your point was?

Re:

[h4rr4r]

To clear this up for you, it means I can still steal his bits and his network is not magically hidden like you seem to think.
Sure iwlist only told me it was there, but it tells me that now is the time to start logging network traffic to steal those bits.

Re:

[h4rr4r]

I never stated such a thing, you misread what I wrote, thanks for playing.

"iwlist still shows it".
It being the network I was going to steal bits from. You could have asked for clarification, instead you got offended at a little joke.

Judging by your userID you must be new here. That was a joke too, I am humorously pointing out that your userID is higher than mine.You see denigrating silly windows users is what we do here, again I am making a joke about typical slashdot users.

If your going to be a jer

Re:

[h4rr4r]

It was not, the it must be the network to steal bits from. Why would anyone need the fucking ESSID at all? Steal bytes would be to record his traffic.

To connect to it, you use a different tool to get it. Iwlist shows that you can do this, by showing you that a network is there.

Re:Are these available in the states?

[socceroos]

Commentator 1: And in the blue corner we have seasoned slashdotter and daisy-cutter h4rr4r. His opponent today is the unheard-of Rijnzael...
Commentator 2: Yeah, Bob - rumour has it that this Rijnzael dude is a cryptographer wannabe...
Commentator 1: Indeed! Round one is about to begin...
DING!
Commentator 1: We're off! Both contestants start jostling.
KABAM!!!
Commentator 1: Wow! h4rr4r has just run to the side of the ring and flattened a member of the crowd who started shouting out about something to do with hidden SSIDs. That was unexpected!!
THUD!!
Commentator 1: Ouch! And with h4rr4r's back turned, Rijnzael has snuck in from behind and layed a stiff elbow into the back of h4rr4r's head! He's reeling off something about the legitimacy of hidden SSIDs.
Commentator 2: It's all happening here, Bob. h4rr4r looks stunned... Rijnzael has bounced back to the middle of the ring - he almost looks surprised that he was able to land that blow. h4rr4r is turning around to face him...
BIFF!!! BOP!!!
Commentator 1: Thats gotta hurt! h4rr4r lays a couple of punches on Rijnzael!
Commentator 2: h4rr4r really likes that iwlist+luser combo doesn't he! Rijnzael stumbles backward. He's composing himself now...
DING DING DING!!
Commentator 1: Oooooh! And with that the round ends! Rijnzael looks upset, he was getting all fired up for his next attack! Look at the anger in that bloke's eyes will ya!
Commentator 2: Agreed. Rijnzael is itching to get back out there! h4rr4r is looking around the crowd... Ok, we're about to start round 2.
DING!
Commentator 1: And we're back into it. Rijnzael is bouncing like a kangaroo, he's pumped! Oh! He's moving in...
BAP!! PUNT!! THUD!!
Commentator 1: WOOOOOWW! What a combo! Rijnzael has hit h4rr4r squarely on the nose here! h4rr4r stumbles backwards and hits the ropes, arms splayed!
POW!!! KABIFF!!!
Commentator 2: Oh wow! "Fundamental Misunderstanding", "Belligerence", "Verifiable Incorrectness" - Rijnzael is throwing everything and the kitchen sink at h4rr4r!
KABLOOIE!
Commentator 1: An explosive hit! Rijnzael just landed a "slow adoption of Linux" blow on h4rr4r!
Commentator 2: My goodness, Bob! You don't do that to a seasoned slashdotter! h4rr4r has gritted his teeth now, boy he looks in pain! What a grimace!
*CROWD ROARING*
Commentator 2: Here we go! h4rr4r's senior, geekoid, has just jumped into the ring!! Talk about uneven now!
Commentator 1: Whats going on?! Looks like he got annoyed at the Linux reference! This is starting to look like a WWE match now!
BOP! POW! BAP! BIFF!!
**CARRIER LOST

I'd better get back to RL and start working.
'twas fun boys.

Re:

[HungryHobo]

he beat you.
Deal with it.

Re:

[h4rr4r]

Oh and learn how to take a joke you stick in the mud.

Re:

[h4rr4r]

again not what I said.

Good jerb!

The reality is I was talking about getting the network to steal teh bits, you are talking about showing ESSIDs which is but a small part of it. I only need to see if a network is there or not.

Re:

[h4rr4r]

huh?

I ran the test, it worked proving me right.
It showed a network without an ESSID. Which was my claim from the start.

I have always been joking about silly windows users, I know many of the poor bastards.

Re:

[Sir_Lewk]

Jesus fucking christ you two. Get a room...

Re:

[geekoid]

Except he is wrong. So I'm glad you don't have mod point to help this yahoo make people think a system is hidden just by hiding the SSID.

SSID is trivial to get.

People like him are a significant factor in the slow adoption or proper security procedures. So thank him for that.

Re:

[h4rr4r]

Yet, it does show networks with blank ESSIDS, which is what my point was.

Re:

[h4rr4r]

I DO NOT NEED THE SSID TO STEAL BITS YOU DUMB FUCK!

I only need to know a network is there, then I can record all the traffic I want.

Re:

[h4rr4r]

I will simplyfy this for you, since you seem to be quite slow.

With a blank SSID it does not show up in the windows network manager, but iwlist shows a network there. This means the bits can be stolen. Is that too fast for you? It means the original question posed is quite silly.

Re:

[socceroos]

Boy, I could write a book covering this joust if I were to continue my comment above! =)

Re:

[h4rr4r]

Can you not read?
This is not even my first language and I seem to manage. Ishowed you that iwlist shows networks without an ESSID. It tells you everything but the ESSID meaning the network is not hidden and I can steal the bits.

Re:

[h4rr4r]

iwlist will show the network, what part of that are you not grasping in your little pea sized brain?

I am not backpedlling. The only thing I made a mistake with is your initial reply, I should have told you that you misunderstood me then.

Hiding the SSID is the action of a silly windows user it accomplishes nothing.

Re:

[Rijnzael]

Sure are available DIY, for the price of a halfway decent wireless card (optimally supporting injection [aircrack-ng.org]), a box running linux, and the requisite AirCrack [aircrack-ng.org] (the latter for the total price of free).

Re:Are these available in the states?

[Locke2005]

...making it easier to browse their pr0n collection. My neighbors are all devout Christians, meaning I'm not interested in their pr0n collections -- that shit is WAY too kinky for me!

Re:

[TheLink]

Got to be even more careful if you want to browse other people's porn collection when in Vatican City ;).

Re:

[rtb61]

Of course these kits can be used far more destructively than just for free browsing. By penetrating a secure and encrypted connection, the legal holder of that connection is far more likely to be held criminally liable for the activity on their network.

Guilty until proven innocent for child porn, threats of violence against politicians and, terrorist related speech, these kits are quite dangerous. In China of course their version of the three worst things to do on the internet are speaking out for freedo

Re:

[Pharmboy]

I'm pretty sure that if someone hacks into your wifi connection and commits crimes, you won't be held responsible. For that matter, you can drive up to most hotels, coffee houses, airports, private homes, etc. and connect to their wifi without any password or encryption, which is exactly what someone would do if they needed the connection, not crack one.

They can't arrest you for child porn, etc. if they don't have the evidence (ie: it being on your computer), nor for threats of violence or any thing else y

Re:Are these available in the states?

[rtb61]

For those crimes being accused is sufficient to destroy your life, especially when it often takes a considerable period of time to clear things up, months and often years. The 'other side' is law enforcement and they have no problem tracking accessing you via your ISP. As for selectively breaking into a connection to target a specific person, simple proximity and monitoring over a short time will be sufficient to identify the specific target, upon whom you wish to piggy back questionable traffic.

Not long ago a person was presumed guilty by the RIAA and a civil court a fined hundreds of thousands of dollars, with no physical evidence just the ISP records, with the persons claim that someone broke into their network not being accepted as a defence with out "PROOF OF BREAK IN" ie they were required to prove themselves innocent. Of course that is civil versus criminal but the point can be mute if it is equally punishing at the end of the day.

Oddly enough legally speaking having a completely insecure and open wireless network would be safer than a secured and encrypted network ie on the unsecured one you do not have to prove someone else accessed it.

PS the first step of breaking into people's computers is breaking into their network especially their internal network versus secured beyond the firewall internet connection (well, hopefully at least that). In charged political times and under social economic stresses, these destructive attacks become more prevalent, the real point is innocent until proven guilty needs to be at the forefront of all computer and network based crimes, especially when it comes to confiscation of technological devices for forensic analysis until the investigation is completed months or years later.

Re:

[LingNoi]

Chinese law != US law

What makes you so sure they'd even bother to look for evidence on your local computer?

Re:

[TheLink]

> What makes you so sure they'd even bother to look for evidence on your local computer?

Only if they planted it there ;).

Re:

[TheLink]

Not sure what the cops do in China, but in many parts of the world the police can take your stuff as part of their investigations.

If you're lucky, you might get your stuff back just before it's obsolete...

If you're unlucky, the police might do a bad job of investigating the crime and somehow get child-porn onto your computer.

WEP not secure, use WPA with random key

[Anonymous Coward]

Free Wifi cracking kit: Download here [backtrack-linux.org] and use with brain 1.0 and any USB wireless dongle.

Re:

[Kenz0r]

I've been meaning to buy a wireless dongle for playing around with Backtrack, but I heard not all of them support packet sniffing or packet injection.

Can anyone recommend me a commonly available dongle that would support this, with good Linux drivers?

Re:

[Bert64]

Get an alfa networks 500mw usb dongle... something like this:
http://www.wlanparts.com/product/AWUS036H/ALFA-NETWORK-WLAN-USB-80211g-up-to-500mW-AWUS036H.html?meta=GBASE&metacpg=AWUS036H&utm_source=gbase&utm_medium=CPC&utm_content=&utm_campaign=AWUS036H [wlanparts.com]

Re:

[antdude]

Any USB wirelss dongles? I never got my old Hawking Technology's Hi-Gain USB Wireless-G Adapter (Model: HWU54D; original version) to work under Linux and Backtrack CD. :(

That's for WEP ...

[Agarax]

You don't NEED packet injection, you just need it if you want to break into the network anytime soon. Sitting and listening to normal traffic will eventually get you enough packets to attempt to break it.

For WPA you don't even need packet injection, just deauth a client that is connected, collect their reconnection packets, and then run a dictionary/brute force attack against the handshake.

Re:

[mapkinase]

Aren't there some simple mechanism (like allowing limited number of failures per a time period) to prevent "brute force attacks"?

Re:

[radio4fan]

Aren't there some simple mechanism (like allowing limited number of failures per a time period) to prevent "brute force attacks"?

No, the attack is against the encrypted data in the packets that you collected and stored.

Re:

[lowrydr310]

For WPA you don't even need packet injection, just deauth a client that is connected, collect their reconnection packets, and then run a dictionary/brute force attack against the handshake.

How long would this take on a decent modern machine, say a ~2.5GHz quad core processor?

I'm only curious because I have a 64 character string as my key, with random letters (mixed case) and symbols. I don't have anything to be paranoid about, but I do like security. What I worry about is that a determined cracker could

How hard?

[Elitist_Phoenix]

Seriously. Usb Wifi Dongle + Rainbow Tables DVD + Backtrack = Win?!

Re:

[fl_litig8r]

No. Fail as long as AP is using WPA or WPA2 and a decent non-dictionary passphrase. Rainbow tables don't work on all passwords. Usually they just pre-calculate PSKs using large dictionaries with some minor mangling applied. Also, because the SSID of the AP is hashed into PSK, you need a rainbow table for the specific SSID you are trying to hack. So while some common SSID's like "linksys" or "attwifi" (Google church of the renderlab for most common ssids with pre-made tables) may be more vulnerable, if thei

Video in action

[DNS-and-BIND]

Video of cengwang ka in action here [ku6.com]. Someone whose mandarin is better than mine will have to provide a translation. "Mee-ma" means password. Heck, I might get one just to use it in airports and other places where jerks charge for internet. Evidently they are illegal as taobao.com [taobao.com] (the Chinese ebay) doesn't list them while a simple google search turns up dozens of vendors. I'll have to check on these next time I go to the computer market.

Another notable aspect of this story is that it's actually accurate. China is a blank slate to most Westerners and I have seen journalists fabricate the most outrageous lies simply because it "fits the narrative" (narrative=preconceived ideas). No surprise the guy who wrote this was in Beijing, it's like the world ends for journalists outside the fifth ring road.

Re:

[grumpyman]

It seems to me that a lot of +5 insightful/informative comments here in slashdot about China are nothing more than "narrative" but not based on first-person observation/experience.

Re:

[Mashiki]

First person observation and experience in the old days was called journalism. Now we have reporters travelling the extra bit to make the news, especially when it doesn't fit their narrative.

Re:

[Anonymous Coward]

If you want actual news about China from Chinese folks, try ChinaSMACK [chinasmack.com]. They cover whatever Chinese internet users are talking about. Half of it is tabloid type crap, but it's more authentic than what you get in most newspapers.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Video in action

[Zarel]

You Slashdotters haven't been very nice when talking about my country recently. :( But I'll forgive you. Here's a translation:

woman: "[incoherent] Wi-Fi key cracking kits are an extremely important threat to the safety of the Internet"

woman: "Here, we simply follow these instructions, and then use the CD drive [sic] to access the password cracking software, and five seconds later, it indeed shows us five Wi-Fi access points. Clicking one, the computer starts to automatically crack the password, and after a while, it displays a string of numbers."

man: "[incoherent] Looking at this, does this say that it's done yet?"

other man: "Yeah, it says it's successful; it's connected to the Internet now."

man: "So you can go and browse the web now?"

other man: "Yep, you can, using its [the key cracker's] connection."

other man: "Here, you can see four wireless signals, and the connections are pretty nice, at a speed of [incoherent]."

woman: "Continuing our explanation, these key cracking kits are a type of external Wi-Fi card, but their ability to search for access points is stronger. What's scarier is that it comes with black-hat hacking software, that can let you hack into others' router administration panels. If this kind of tool falls into the wrong hands, it could have serious consequences, such as disruption of service."

other man: "This software is very powerful. This one can crack passwords, and see here, I'm copying this guy's files - copying them to my own computer."

woman: "[some organization I didn't catch the name of] says that Internet hacking incidents are steadily increasing. In actuality, securing a computer is not difficult, and modern OSes have mechanisms to limit how many people can connect, and who has permission to connect."

other man: "Here, they've disabled DHCP and I'm connected, but I can't browse the Web since I don't have an IP address."

woman: "To clarify, Wi-Fi cracking happens overseas as well. Several countries have already enacted laws preventing it; [incoherent] and Singapore, for instance, have made Wi-Fi cracking crimes. England has not only made it illegal, but are actively hunting infringers. However, China still hasn't passed laws regarding it."

caller: "There are two sides to every issue. One one hand, it's password cracking, which is clearly wrong. But on the other hand, it's accessing the Internet for free, which should really be controlled by the owner of the access point and definitely [interrupted]"

TRANSLATION

[vampire_baozi]

Quick translation, since I'm kinda in a hurry (though, c'mon, DNS-and-Bind, you've lived there for 7 years? if I remember from a previous post, and you can't speak fluent mandarin now, plus a few dialects? What have you been doing with your time?)

Anchorwoman: We will now explore the background behind these (Wifi Keys) and the hidden danger they present to internet security.
The journalist installed the Wifi Cracking kit according to the instructions, and then used the Cd-rom to open the password cracking so

I have a question.

[3seas]

Why is china or the people of, so interested in causing problems on the internet?

IS this just a way of rebelling that is safe for them from their government (the party they would really like to rebel against.)

Re:

[DNS-and-BIND]

Why would they want to rebel against the Party? Since Deng Xiaoping hijacked the people's revolution onto the capitalist road back in 1982, things have only gotten better in the PRC. Every year for the past thirty years has been better than the last. They got the Olympics and now the World Expo, and hell even the President of the United States bows his head [youtube.com] in acknowledgement of China's superiority. Obviously the Party is doing something right.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[geekoid]

American politicians are saints compared to most of the world politicians.

Re:

[Reziac]

True enough... Kinda scary, ain't it??

Re:

[geekoid]

You can get a dozen Tube socks for a buck? sweet.

I don't think the clothes price is as cheap as they should be considering the labor costs.

It's still 10 bucks for 3 FotL underwear!

Re:

[h4rr4r]

Dubya kissed him even!

Re:

[DNS-and-BIND]

Like I said, China is a blank slate on which to project what you're really thinking. If you think of racism all the time, then that's how you are going to interpret China. In Eastern cultures, bowing is a sign of either respect (between a student and a teacher) or submission (between an inferior and a superior - which, when you think about it, is exactly what a teacher-student relationship is). Bowing is NOT a local custom, it positively feudal in modern Chinese society. It's one of the things that Mao

Re:

[pipedwho]

WTF? Everyone bows to everyone else over there. Maybe I'm not hanging around in elite enough circles, but people who would be considered far superior socially than whatever standing I have still bow to me (maybe not as low, but they bow none the less). Also if you bow to someone else, they pretty much always bow back to you (and vice versa).

IMO it is definitely used as a sign of respect and/or humility. Refusal to bow is pretty much a sign of contempt and/or arrogance - maybe some people can get away with t

Re:

[TheLink]

I dunno about in China, but from what I see many of the Chinese in my country don't care so much whether you bow or not, what matters at the end of the day is how much discount/profit you give ;).

From what I see that's why the US Gov/leaders can keep playing the "China bogeyman/evil" card to the stupid voters for all they want. Doesn't matter a big deal to the Chinese Government (except as a barter chip in negotiations? ) - as long as the US shuts up on real issues whenever the Chinese government asks wheth

Re:

[vxice]

No we do it here too. We just have been messing with the internet longer so it is no longer news, damn n00bz.

Re:I have a question.

[timeOday]

The summary says what the motive is: to make $24 selling the kits.

There's over a billion of them

[DABANSHEE]

Meaning even if it seems the Chinese have a disproportionately high interest in net vandalism activity or whatever, statistically per capita they may actually have a disproportionately low interest in net vandalism activity or whatever.

Backtrack 4 on ebay

[kaptink]

Out of curiousity I put backtrack in to ebay and what do you know, theres half a dozen backtrack 4 dvds for sale as Hacking Operating System.

But no rerturns accepted!

They should totally market it as...

[Anonymous Coward]

...Kuang Grade Mark Eleven

It goes both ways, you know

[initialE]

As much as you stand to benefit by stealing another person's connection, have you ever considered what would happen if they found out, and started spying on your traffic?

Re:

[mlts]

That's why you always use a proxy server. I don't advocate using other connections because it might be someone who has a clue and a transparent web proxy, and might just be working on a new device (a la Phorm) to intercept and modify traffic en route, so all the slashdot postings posted by users using that AP turn into goatse troll posts.

Best type of proxy server, if you can afford it? I'd probably say bite the bullet, pay the $20 a month and get a linode VM. Here, install and lock down your distro of cho

little techincal knowledge?

[nurb432]

The main piece of the kits, an adapter with a six-inch antenna that plugs into a USB port, comes with a CD-ROM to install its driver and a separate live CD-ROM that boots up an operating system called BackTrack. In BackTrack, the user can run applications that try to obtain keys for two protocols used to secure Wi-Fi networks, WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access). After a successful attack by the applications, called Spoonwep and Spoonwpa, a user can restart Windows and use the revealed key to access its Wi-Fi network.

Ya. sure anyone can do it.

HADOPI

[gmuslera]

Such things could have an interesting effect in France if that law gets approved, specially if punishes you if someone downloads something illegal using your connection, even if the access wasnt enabled but cracked into.

tai gui le!

[Gulthek]

165 yuan is not cheap at all.

If you are still using WEP

[SilverJets]

And your password is as short and simple as "sugar" (from the article) you deserve to be targeted by Chinese script-kiddie hackers.

Re:backtrack? aircrack-ng?

[SomeJoel]

Yeah, hey, look at TFS FFS you SOB:

a user with little technical knowledge can easily steal passwords

Note the lack of an article between "with" and "little".

Re:

[h4rr4r]

I would assume your laptop already has a wireless card, if not I can give you a B one for nothing.

My username at gmail.com if you really want one.

Re:

[h4rr4r]

Yeah, they will have good luck with gmail. Oh noes teh gmail will have more filtering to do, you will surely put google right out of business.

Re:

[h4rr4r]

Indeed. I treasure my gmail account as I treasure the time I spend plundering your mothers anus.

Re:

[Guppy]

Indeed. I treasure my gmail account as I treasure the time I spend plundering your mothers anus.

The above sentence is remarkably funny if read in Sean Connery's voice, directed to an imaginary Alex Trebek.

Re:

[h4rr4r]

It ain't the same because that is not how you make fake vomit. In this case just get the backtrax cd, that is all these kits have.

Re:

[Fnord666]

My wireless router filters devices by mac address.. if I understand it correctly, there's no way for it to be cracked into so long as the filters in my router are enabled. It recognizes my netbook, a skype phone, and an ipod that I own. All other devices will "see" the network but will not be able to access it.. if I understand the way it works correctly anyway. :)

If someone wants to use your network, they will capture packets so that they can see what MACs are authorized. They then alter the MAC address

Re:

[X0563511]

MACs can be sniffed, and spoofed.

The trick is to not use it while the "true" device is (you'll just cause problems)

Re:

[X0563511]

Which is, honestly, a great defense :D

It will certainly keep the casual ones away!

Re:

[Johnno74]

As others have pointed out to you, this is pretty much no security at all, as each of those devices is broadcasting its MAC address with each packet, all someone has to do is sniff one packet and impersonate that MAC address

But if you aren't using WPA or WEP then all the traffic on your wireless network is unencrypted and anyone driving past/sitting in the snow can eavesdrop on your email, harvest account passwords, etc etc.

Of course anything using HTTPs/SSL is still encrypted, but typically pop/imap email