Microsoft security engineer shows simple wireless network break-in tools

I love security. I really need to get a good job back in the computer security industry. If I could track down a decent job in security, I’d get to play with cool software like the wireless security breaking tools demonstrated by Microsoft’s Marcus Murray (more information on this session on Murray’s blog).

ORLANDO – During an updated version of one of the more popular sessions at TechEd each year, senior security engineer and Microsoft MVP Marcus Murray did attendees a major service by demonstrating that hacking into a network is not really an art, and in some ways, not even much of a science.

His “Why I Can Hack Your Network in a Day” session is actually something of a misnomer, as many of the tools he uses (including one written by SysInternals guru-turned-Microsoft fellow Mark Russinovich) can enable individuals to work their way to revealing the passwords of domain administrators in closer to 15 minutes.

Of course, this is just a case of technology allowing transfer of skill – one security expert figures out the vulnerability, encases it in a point-and-click tool, and shares with the world. But it is still interesting to see what is going on in the back-and-forth of improved security/improved breaking of security fight. As always, security experts will look at the exploited vulnerabilities, come up with ways to reduce or eliminate them, improve protocols, and release equipment with the improved protocols. This will be followed by the break-in experts analyzing the new protocols, looking for direct and secondary/side-channel attacks, determining weaknesses, exploiting those weaknesses, and releasing simple tools that allow less skilled attackers break the security. Around and around it goes, until the eventual heat death of the universe or until we all start communicating via telepathy (which will probably get hacked somehow, in which case evolution will create better telepaths, and so on).

[tags]Microsoft security engineer demonstrates wireless hacking tools[/tags]