Mapping Wi-Fi Signals by Light Painting Signal Strength

This is a couple years old, but is just amazing. It is the results of a project to time lapse photograph a representation of Wi-Fi signals using a 4 meter lighted rod. A bank of 80 lights on the rod represent Wi-Fi signal strength of a particular Wi-Fi network around a building. Time lapse photos are taken and when it is put together you get the amazing effect demonstrated in the video.

Very cool!

Thanks to Yuri Chemerkin’s blog for the heads up on this.

Wireless Security – Choosing the best Wi-Fi Password

Running through some tests for an upcoming wireless security book and it really brings home the importance of choosing a good password for your Wi-Fi network.

Currently, the best security setting for your home or office Wi-Fi is WPA2. WPA2 Enterprise is the best if your organization supports it, but WPA2 Personal is great for home and small offices. Do not use WEP. It has been cracked a long time ago, and an attacker does not even have to crack it, the WEP key can be passed just like NTLM passwords.

The most common technique used for WPA/WPA2 hacking is a dictionary attack. The attacker captures a WPA password handshake and passes this through a program that will try numerous passwords from a word list. Here is the key, if the password is not in the word list, they hacker does not get into your system.

Using a lengthy complex password goes a long way in keeping your WPA2 network secure. A combination of upper/lower case letters, numbers and special characters is the best bet. Some prefer using a short sentence that means something to them, while replacing some of the letters with numbers and adding in a few extra characters.

For example: M0untainD3wI$G00d4u!

The nice thing about passwords like this is that it actually means something to you, so it will be much easier to remember.

I just ran one common word list attack against my WPA2 password. It tried over 1 million word combinations from the list with no dice. My network is still secure!

The more un-dictionary looking your password is, the better!

Backtrack 4 Wireless Sniffing with Meterpreter Class

Adrian Crenshaw (aka Irongeek) has posted several videos from the Kentuckiana ISSA 2011 Network Sniffers Class on his website. Topics covered include Wireshark, TCPDump, Meterpreter, ARP Poisoning, Ettercap, Cain, NetworkMinor, Firesheep and Xplico.

Check out Adrian’s website for all the videos, talk slides, and a list of the commands used.