How ARP works, and how ARP cache poisoning works

One subject beginning networking students invariably struggle with is how Layer 2 maps to Layer 3 (see if you’re not familiar with the OSI model) using the Address Resolution Protocol, ARP. MAC lives at Layer 2, the Data Link layer, while IP addressing happens one layer up, at Layer 3.

Dry facts: every network card (NIC) comes with a Media Access Control (MAC) address burned into firmware at the factory. The vendor’s ID takes up the first 24 bits of a MAC address, and each individual card has a “unique” 24-bit address, for a total MAC address length of 48 bits.

The trick is, these Layer 2 addresses are the “street addresses” of any Ethernet network, but they live invisibly under the Layer 3 IP addresses everyone’s used to using. IP addresses are like airline flight numbers: they’re for much larger-scale travel (as in the Internet).

These numbers, both MAC and IP, are cached by every local computer, and here’s where the games begin. It’s quite easy to “poison” the ARP cache, thus misdirecting traffic through intermediate machines, for instance, or allowing one machine to “hijack” another machine’s network session.

Find out more with this simple, clear article:

[ CompTIA A+, Hacker Highschool ]


“You Could Be at Risk of State Sponsored Attacks” – Google

Department of Saw This Coming: reports:

In June, many Google users were surprised to see an unusual greeting at the top of their Gmail inbox, Google home page or Chrome browser. “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.”

Ohkaaaaay. Just to be clear, we are all participants in the rising cyber war. If you’re using Google Anything, you are a more attractive target. But don’t take it from me.



Install or Update Software With Ease

Imagine you have a new workstation and you need to install Firefox, Skype, iTunes, VLC, Flash, Java, Picasa, Reader, Dropbox, WinRAR, PuTTY, Malwarebytes, FileZilla, ImgBurn, KeePass and Microsoft Security Essentials. If you’re an Information Technology Professional with exposure to patch management or system configuration, imagining this won’t be the problem; the problem is the amount of time it takes to download each of these applications individually and install them. You are also faced with the same dilemma if you are responsible for keeping applications up to date on a computer. Those of you who have multiple new machines and don’t have the luxury of deploying disk images or using a nice piece of patch management or application management software such as Microsoft’s SCCM or GFI’s LanGuard Network Security Scanner are really going to be interested in this time-saving, nifty piece of software called Ninite that allows you to easily and quickly install or update software in one fell swoop.

It’s really easy to get started with Ninite. All you need to do is visit the Ninite website and select all of the applications that you wish to install or update. Once you are finished, click the download button and download a custom installer that contains all of the good stuff you need to install or update the applications that you selected in the previous step. Once the download is complete, launch the installer and let Ninite go to town. If the software that you selected is not yet installed, Ninite will download the software and install it. If the software is already installed on your machine, Ninite will simply update it. If your software is already up to date, Ninite will let you know. You can choose from several different categories of software to install, which includes: Web Browsers, Messaging, Media, Runtimes, Imaging, Documents, Security, File Sharing, Utilities, Compression and Developer Tools. There is also a suggestion form on the Ninite website that gives you the ability to suggest an app.

According to Co-founder Sascha Kuzins, they are planning to add support for custom apps so that users can add their own installers. The home version of the software is free, and the pro version for businesses is very affordable. The pro version also has the added benefit of allowing you to do silent installs, eliminate update notifications, perform a network discovery and deploy or update software to multiple machines from a central location. I was also impressed by the fact that you are not required to create an account or sign up for anything and both 32 and 64-bit versions of Windows are supported. Ninite will also install software in your computer’s language.

I have tried both the home and pro version of Ninite and I can see this tool saving end users and administrators time on updating or installing software. As always, the best way to get the feel of the software is to try it out for yourself. You can download the home version or the free trial of the pro version from

Human Vulnerabilities: Fear of Looking Stupid

Exploitable Human Vulnerabilities Department:

Recently I put out a call to subscribers to help me build a taxonomy of human vulnerabilities. ISECOM actually has one, which I’ll be accessing and studying soon. In the mean time, I’ll post some of the responses. For instance, long-timer SubnetD suggests:

What about fear on the part of the end user about being made fun of for not knowing about something. Many users come from environments in which anything less than proficiency with computers gets you labelled a newb and made fun of. So what do they do? I’ll tell you: if they see something suspicious, they keep their mouth shut because they don’t want to be made to feel stupid in front of the almighty IT guy. I’ve seen it happen and heck I’ve even participated in both sides, superior and newb. You and I both know the the end user is your best layer of security, that’s why we talk about educating them. But how do you foster an environment that makes them come forth and participate?

Thank you, SubnetD, for so accurately stating the underlying issue: fostering an environment in which users know when something’s wrong, and are willing to report it.

Where to Find Things Out: People

A Diverse Miscellany of Resources on People in Albuquerque and Beyond

Obviously you should start with the search engines:
Google, Yahoo, Bing at the very least.

Continue with the social networks:
LinkedIn, Facebook, MySpace, Twitter at the very least,
plus, and

The Albuquerque Journal’s Online Archives: Stories, email and pictures since 1995.
Subscription required for most material.

Journal Watchdog: DWI Resource Center, arrest data, MADD, Courts, business records, even airplane marking identification.

InvestiDate: How to Investigate Your Date.
More of a “how-to” than a direct resource, but the webinar classes look promising. Search criminal records by name.

Data on criminals who live in your neighborhood:

State District and magistrate courts: Criminal and civil cases by party name or case number.

Bernalillo County: Searchable records for Bernalillo County Metropolitan Court.

Municipal Courts: Online municipal court databases. Most municipal courts don’t have websites; you may have to visit in person.

The National Center for State Courts,, helps locate state and federal courts. lists local courts.

Search for properties and their owners at the Bernalillo County Property Tax Search page:

To research attorneys, see

To research doctors, see the AMA site at


Resources: Security Standards

Which security standards apply to you? Research this carefully. Here are some of the critical ones:

FIPS 140

This standard comes from the US Government and governs how sensitive (federal) information must be encrypted. Administrations like the VA and the SSA are most concerned with this.


The Health Insurance Portability and Accountability Act is all about medical records. If you’re involved in medical care, you have some onerous HIPAA requirements. If you aren’t, but somehow possess other people’s medical records (as a lawyer might, for instance) most of it does not apply. But beware of (truly massive) civil liability.

SAS 70

The Statement on Auditing Standards No. 70 is a financial and accounting standard that might concern IT practitioners charged with data preservation and integrity.

Automated Wi-Fi Scanning with Wi-fEye



Wi-fEye provides a nice terminal interface for automating a variety of wireless network scans.


I ran into this article on about Wi-fEye:

and had to try the tool, and I must say I’m impressed. When you open it you’re presented with a series of “Choose One: ” menus, which mask the huge array of exploits in this package. You can hijack HTTP sessions, snatch URLs from wi-fi and open them in your browser, do nmap scans, change your MAC address, and even perform one of the most insidious exploits, using evilgrade to create fake software updates that look and act like the real thing.

Read the article linked above, then trot on out and download it. It’s a natural add-on to BackTrack..

Home Page:

Official Website:
Download page:
Video tutorial:


(In)Secure Knowledge

(In)Secure Knowledge

What you don’t know will hurt you. What you know will hurt you too.

Tell us all about it here.