Darwin Mach

You remember about all those scams I was posting about? (Then stopped posting about since I got lazy).

Now there’s a new discovery: A Russian hacker who says he’s in New Zealand is selling the username & passwords of Facebook accounts ranging from $35 to $65, depending on how many friends each account has. He claims he has 1.5 million account credentials, 700,000 of which has already been sold.

Here’s the link to the article’s source: http://www.nzherald.co.nz/connect/news/article.cfm?c_id=1501833&objectid=10640757.

Again, please be very careful when you are using Facebook!

Share on Facebook

I recently broke out my Netgear WNDA3100 adapter that I bought a while ago to replace my old Netgear WG111 that I used to use for cracking wireless networks. Granted, the WG111 was reliable, but the reasons for the replacement are obvious: the WNDA3100 is dual-band and supports 802.11n. But for beginners who don’t want to shell out as much money nor spend extra time getting a wireless card to work properly, the WG111 is still the best choice.

Spend extra time to get the WNDA3100 to work properly? Yes, it didn’t quite readily work with BT4 (and probably not with other distros running the same kernel version). After doing some searching, I found a thread on backtrack-linux.org’s forum that allows my new adapter to work, with full monitor mode & packet injection capabilities. For a matter of record & for easy searching, I’ll document the directions below.

These instructions work for any Atheros AR9170 based cards:

* Arcadyan – WN7512
* Atheros – 9170
* Atheros – TG121N
* AVM – FRITZ!WLAN USB Stick N
* AMV – FRITZ!WLAN USB Stick N 2.4
* Cace – Airpcap NX
* D-Link – DWA 160A1
* D-Link – DWA 160A2
* IO-Data – WNGDNUS2
* Netgear – WNDA3100
* Netgear – WN111 v2
* Planex – GWUS300
* Sphairon – Homelink 1202
* TP-Link – TL-WN821N v2
* Z-Com – UB81 BG
* Z-Com – UB82 ABG
* Zydas – ZD1221
* Zyxel – NWD271N

IMPORTANT: please note that the hardware revisions matter, especially for the WNDA3100 that I’m working with. The WNDA3100v2 uses a Broadcom chipset instead, which has some other issues & corresponding remedies I won’t be discussing here.

Anyways…

1.) Download the patched firmwares ar9170.fw, ar9170-1.fw, and ar9170-2.fw and place them into /lib/firmware.

2.) Download compat-wireless-2.6.32.3.tar.bz2 and untar it to your favorite location.

3.) Run the following in the terminal:
cd compat-wireless-2.6.32.3
make
make install
make unload

*If you get a “No such file or directory” error when you run make, run:
ln -s /usr/src/linux /lib/modules/2.6.30.9/build

I didn’t get the error so I didn’t run it.

4.) Add “blacklist arusb_lnx ” to the end of /etc/modprobe.d/blacklist. This will prevent the loading of the buggy/incorrect drivers and load the proper ones instead.

5.) On line 174 of /usr/sbin/airmon-ng, change “xar9170″ to “xar9170usb”. This will tell airmon from the aircrack suite to use the new drivers.

6.) Save all files and reboot.

Test it using the following:

1.) Plug in your adapter (WNDA3100 in my case) and start the networking service.
/etc/init.d/networking start

2.) Run:
airmon-ng start wlan0
Replace wlan0 with your wireless interface’s name. This will put your card into monitoring mode.

3.) Run:
aireplay-ng -9 wlan0
The -9 parameter means –test for short. This should show you some output with the APs found, whether injection was successful, etc.

Enjoy!

These new firmwares and drivers are likely to be incorporated in a newer version of the kernel, and thus later releases of *nix distros, hopefully eliminating the need for a large portion of this hack.

Share on Facebook

Well you know about the previous Dell Facebook scam? (http://darwin-mach.net/blog/2009/12/10/dell-promotion-facebook-scam/) This one’s worse, but uses the exact same code, which does the exact same thing.

The theme now is that it claims to install “Profile Spy”, to help you see who’s looking at your profile, etc, but THERE IS NO SUCH THING. There’s only a few apps that really do this, but it requires your visitors also install the app, for the sake of their own privacy.

So… about 900,000 people have joined the Facebook group as of writing, and I reported it to Facebook again. We’ll see how long it takes them.

Here’s the link to the most recent scam – http://www.facebook.com/group.php?gid=209645259791 (you have to click on the “read more” link).

There was also another previous one before this one, but after the Dell one, involving “Crimson Labs” and a giveaway of iMacs.

Please! READ EVERYTHING CAREFULLY BEFORE YOU SAY YES. If anything looks suspicious or doesn’t make sense, well…

Share on Facebook