What SILICA does is not dissimilar to what a good IDS does. It takes a large stream of packets, drops what it can, then parses the rest with stateful protocol matchers and pulls features out of them that it thinks are interesting. It's not looking for security vulnerabilities, of course. It's looking for things like cookies flying by in cleartext, or phone numbers or other pieces of interesting information.
This requires a ton of engineering to get right - and you'll find the most interesting result of this work under the STALKER -> Cookie React menu. There's a new Chrome plugin that comes with SILICA called ACCOMPLICE that automatically will log into websites as people browse them on the wireless networks around you.
Yes, Firesheep and other tools can do this, but they can't really address WEP or WPA networks the way this level of integration can, and this works seemlessly against mobile websites. And, of course, it's tested on high-traffic networks, even on tiny boxes like our one-CPU standard VM on a Mac Air running under VMWare Fusion, which is how I run it personally.
In any case, we hope you enjoy the new release - testing your own wireless is certainly better than having hackers test it for you!
No comments:
Post a Comment