tutorial

Fw: Trs: MATERI KULIAH III DAN TUGAS T1

2009-02-19T19:03:00.001-08:00

--- On Thu, 2/19/09, MOHAMMAD ISMAIL <ismail_sampang@yahoo.co.id> wrote:

From: MOHAMMAD ISMAIL <ismail_sampang@yahoo.co.id>
Subject: Trs: MATERI KULIAH III DAN TUGAS T1
To: ario_sa@yahoo.com
Date: Thursday, February 19, 2009, 6:55 PM

--- Pada Rab, 18/2/09, Mohamad Sinal <sinal.mohamad@yahoo.com> menulis:
Dari: Mohamad Sinal <sinal.mohamad@yahoo.com>
Topik: Trs: MATERI KULIAH III DAN TUGAS T1
Kepada: ismail_sampang@yahoo.co.id
Tanggal: Rabu, 18 Februari, 2009, 8:28 PM

--- Pada Rab, 18/2/09, Mohamad Sinal <sinal.mohamad@yahoo.com> menulis:

Dari: Mohamad Sinal <sinal.mohamad@yahoo.com>
Topik: MATERI KULIAH III DAN TUGAS T1
Kepada: anwar_ibd3tkj@yahoo.co.id
Cc: asrori_black@yahoo.co.id
Tanggal: Rabu, 18 Februari, 2009, 1:23 PM

Ass. saya kirimkan materi kuliah III untuk perkuliahan yang kosong. Kemudian untuk Tugas T1 nya, mahasiswa harus membuat makalah maksimal 3 halaman tentang hukum teknologi informasi dan etika profesi. Pada saat kuliah dikumpulkan. Mohon email ini juga disampaikan kepada miahasiswa peserta matakuliah HKTI dan ETIKA. Wss. Mohamad Sinal.

materi download disini
http://www.ziddu.com/download/3574907/MATERIIII.ppt.html

Mulai chatting dengan teman di Yahoo! Pingbox baru sekarang!!
Membuat tempat chat pribadi di blog Anda sekarang sangatlah mudah

Berbagi video sambil chatting dengan teman di Messenger.
Sekarang bisa dengan Yahoo! Messenger baru.

Menambah banyak teman sangatlah mudah dan cepat.
Undang teman dari Hotmail, Gmail ke Yahoo! Messenger sekarang!

2009-02-17T19:22:00.001-08:00

Support / Downloads

Drivers (Windows 2000/XP/2003/Vista, 32 and 64 bit)

AirPcap Driver V 4.0 (01/20/2009). Download Release Notes

AirPcap Installation CD ISO image V 4.0 (01/20/2009). Download

TurboCap Driver V 1.2 (01/22/2009). Download Release Notes

TurboCap Installation CD ISO image V 1.2 (01/22/2009). Download

Product Demos

The Network Toolkit Free Edition. Page Link

Development Resources

AirPcap Developer's Pack V 4.0.0 (01/20/2009). Download

airpcap.dll Source Code V 4.0.0 (01/20/2009). Download

Turbocap Developer's Pack V 1.2 (01/22/2009). Download

Per-Packet Information Header specification (07/31/2007). Download

AirPcap-Enabled Open Source Tools

Kismet 2008-05-R1 Windows Installer. Download

Aircrack-ng 0.9.2 with AirPcap support. Download

Wireshark with AirPcap support. Page Link

ngrep 1.45 with AirPcap support. Page Link

WinDump 3.9.5 with AirPcap support. Page Link

Cain & Abel with AirPcap support. Page Link

2009-02-17T19:06:00.001-08:00

Hacking Techniques in Wireless Networks

Prabhaker Mateti

Department of Computer Science and Engineering
Wright State University
Dayton, Ohio 45435-0001

This article is scheduled to appear in "The Handbook of Information Security", Hossein Bidgoli (Editor-in-Chief), John Wiley & Sons, Inc., 2005.

1. Introduction. 2

2. Wireless LAN Overview.. 3

2.1 Stations and Access Points. 3

2.2 Channels. 4

2.3 WEP. 4

2.4 Infrastructure and Ad Hoc Modes. 4

2.5 Frames. 4

2.6 Authentication. 5

2.7 Association. 6

3. Wireless Network Sniffing. 7

3.1 Passive Scanning. 7

3.2 Detection of SSID.. 8

3.3 Collecting the MAC Addresses. 8

3.4 Collecting the Frames for Cracking WEP. 8

3.5 Detection of the Sniffers. 9

4. Wireless Spoofing. 10

4.1 MAC Address Spoofing. 10

4.2 IP spoofing. 10

4.3 Frame Spoofing. 11

5. Wireless Network Probing. 11

5.1 Detection of SSID.. 12

5.2 Detection of APs and stations. 12

5.3 Detection of Probing. 12

6. AP Weaknesses. 12

6.1 Configuration. 12

6.2 Defeating MAC Filtering. 13

6.3 Rogue AP. 13

6.4 Trojan AP. 13

6.5 Equipment Flaws. 13

7. Denial of Service. 14

7.1 Jamming the Air Waves. 14

7.2 Flooding with Associations. 14

7.3 Forged Dissociation. 14

7.4 Forged Deauthentication. 15

7.5 Power Saving. 15

8. Man-in-the-Middle Attacks. 15

8.1 Wireless MITM... 16

8.2 ARP Poisoning. 16

8.3 Session Hijacking. 17

9. War Driving. 17

9.1 War chalking. 17

9.2 Typical Equipment 18

10. Wireless Security Best Practices. 19

10.1 Location of the APs. 19

10.2 Proper Configuration. 19

10.3 Secure Protocols. 20

10.4 Wireless IDS. 20

10.5 Wireless Auditing. 21

10.6 Newer Standards and Protocols. 21

10.7 Software Tools. 21

1. Introduction

Wireless networks broadcast their packets using radio frequency or optical wavelengths. A modern laptop computer can listen in. Worse, an attacker can manufacture new packets on the fly and persuade wireless stations to accept his packets as legitimate.

We use the term hacking as described below.

hacker n. [originally, someone who makes furniture with an axe] 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. 2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming. 3. A person capable of appreciating hack value. 4. A person who is good at programming quickly. 5. An expert at a particular program, or one who frequently does work using it or on it; as in `a Unix hacker'. (Definitions 1 through 5 are correlated, and people who fit them congregate.) 6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example. 7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations. 8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence `password hacker', `network hacker'. The correct term for this sense is cracker.

From The Jargon Dictionary http://info.astrian.net/jargon/

This article describes IEEE 802.11-specific hacking techniques that attackers have used, and suggests various defensive measures. It is not an overview of security features proposed in WPA or IEEE 802.11i. We do not consider legal implications, or the intent behind such hacking, whether malevolent or benevolent. The article's focus is in describing techniques, methods, analyses and uses in ways unintended by the designers of IEEE 802.11.

2. Wireless LAN Overview

In this section, we give a brief overview of wireless LAN (WLAN) while emphasizing the features that help an attacker. We assume that the reader is familiar with the TCP/IP suite (see, e.g., [Mateti 2003]).

IEEE 802.11 refers to a family of specifications (www.ieee802.org/11/) developed by the IEEE for over-the-air interface between a wireless client and an AP or between two wireless clients. To be called 802.11 devices, they must conform to the Medium Access Control (MAC) and Physical Layer specifications. The IEEE 802.11 standard covers the Physical (Layer 1) and Data Link (Layer 2) layers of the OSI Model. In this article, we are mainly concerned with the MAC layer and not the variations of the physical layer known as 802.11a/b/g.

2.1 Stations and Access Points

A wireless network interface card (adapter) is a device, called a station, providing the network physical layer over a radio link to another station. An access point (AP) is a station that provides frame distribution service to stations associated with it. The AP itself is typically connected by wire to a LAN.

The station and AP each contain a network interface that has a Media Access Control (MAC) address, just as wired network cards do. This address is a world-wide-unique 48-bit number, assigned to it at the time of manufacture. The 48-bit address is often represented as a string of six octets separated by colons (e.g., 00:02:2D:17:B9:E8) or hyphens (e.g., 00-02-2D-17-B9-E8). While the MAC address as assigned by the manufacturer is printed on the device, the address can be changed in software.

Each AP has a 0 to 32 byte long Service Set Identifier (SSID) that is also commonly called a network name. The SSID is used to segment the airwaves for usage. If two wireless networks are physically close, the SSIDs label the respective networks, and allow the components of one network to ignore those of the other. SSIDs can also be mapped to virtual LANs; thus, some APs support multiple SSIDs. Unlike fully qualified host names (e.g., gamma.cs.wright.edu), SSIDs are not registered, and it is possible that two unrelated networks use the same SSID.

2.2 Channels

The stations communicate with each other using radio frequencies between 2.4 GHz and 2.5 GHz. Neighboring channels are only 5 MHz apart. Two wireless networks using neighboring channels may interfere with each other.

2.3 WEP

Wired Equivalent Privacy (WEP) is a shared-secret key encryption system used to encrypt packets transmitted between a station and an AP. The WEP algorithm is intended to protect wireless communication from eavesdropping. A secondary function of WEP is to prevent unauthorized access to a wireless network. WEP encrypts the payload of data packets. Management and control frames are always transmitted in the clear. WEP uses the RC4 encryption algorithm. The shared-secret key is either 40 or 104 bits long. The key is chosen by the system administrator. This key must be shared among all the stations and the AP using mechanisms that are not specified in the IEEE 802.11.

2.4 Infrastructure and Ad Hoc Modes

A wireless network operates in one of two modes. In the ad hoc mode, each station is a peer to the other stations and communicates directly with other stations within the network. No AP is involved. All stations can send Beacon and Probe frames. The ad hoc mode stations form an Independent Basic Service Set (IBSS).

A station in the infrastructure mode communicates only with an AP. Basic Service Set (BSS) is a set of stations that are logically associated with each other and controlled by a single AP. Together they operate as a fully connected wireless network. The BSSID is a 48-bit number of the same format as a MAC address. This field uniquely identifies each BSS. The value of this field is the MAC address of the AP.

2.5 Frames

Both the station and AP radiate and gather 802.11 frames as needed. The format of frames is illustrated below. Most of the frames contain IP packets. The other frames are for the management and control of the wireless connection.

Figure 1 An IEEE 802.11 Frame

There are three classes of frames. The management frames establish and maintain communications. These are of Association request, Association response, Reassociation request, Reassociation response, Probe request, Probe response, Beacon, Announcement traffic indication message, Disassociation, Authentication, Deauthentication types. The SSID is part of several of the management frames. Management messages are always sent in the clear, even when link encryption (WEP or WPA) is used, so the SSID is visible to anyone who can intercept these frames.

The control frames help in the delivery of data.

The data frames encapsulate the OSI Network Layer packets. These contain the source and destination MAC address, the BSSID, and the TCP/IP datagram. The payload part of the datagram is WEP-encrypted.

2.6 Authentication

Authentication is the process of proving identity of a station to another station or AP. In the open system authentication, all stations are authenticated without any checking. A station A sends an Authentication management frame that contains the identity of A, to station B. Station B replies with a frame that indicates recognition, addressed to A. In the closed network architecture, the stations must know the SSID of the AP in order to connect to the AP. The shared key authentication uses a standard challenge and response along with a shared secret key.

Figure 2: States and Services

2.7 Association

Data can be exchanged between the station and AP only after a station is associated with an AP in the infrastructure mode or with another station in the ad hoc mode. All the APs transmit Beacon frames a few times each second that contain the SSID, time, capabilities, supported rates, and other information. Stations can chose to associate with an AP based on the signal strength etc. of each AP. Stations can have a null SSID that is considered to match all SSIDs.

The association is a two-step process. A station that is currently unauthenticated and unassociated listens for Beacon frames. The station selects a BSS to join. The station and the AP mutually authenticate themselves by exchanging Authentication management frames. The client is now authenticated, but unassociated. In the second step, the station sends an Association Request frame, to which the AP responds with an Association Response frame that includes an Association ID to the station. The station is now authenticated and associated.

A station can be authenticated with several APs at the same time, but associated with at most one AP at any time. Association implies authentication. There is no state where a station is associated but not authenticated.

3. Wireless Network Sniffing

Sniffing is eavesdropping on the network. A (packet) sniffer is a program that intercepts and decodes network traffic broadcast through a medium. Sniffing is the act by a machine S of making copies of a network packet sent by machine A intended to be received by machine B. Such sniffing, strictly speaking, is not a TCP/IP problem, but it is enabled by the choice of broadcast media, Ethernet and 802.11, as the physical and data link layers.

Sniffing has long been a reconnaissance technique used in wired networks. Attackers sniff the frames necessary to enable the exploits described in later sections. Sniffing is the underlying technique used in tools that monitor the health of a network. Sniffing can also help find the easy kill as in scanning for open access points that allow anyone to connect, or capturing the passwords used in a connection session that does not even use WEP, or in telnet, rlogin and ftp connections.

It is easier to sniff wireless networks than wired ones. It is easy to sniff the wireless traffic of a building by setting shop in a car parked in a lot as far away as a mile, or while driving around the block. In a wired network, the attacker must find a way to install a sniffer on one or more of the hosts in the targeted subnet. Depending on the equipment used in a LAN, a sniffer needs to be run either on the victim machine whose traffic is of interest or on some other host in the same subnet as the victim. An attacker at large on the Internet has other techniques that make it possible to install a sniffer remotely on the victim machine.

3.1 Passive Scanning

Scanning is the act of sniffing by tuning to various radio channels of the devices. A passive network scanner instructs the wireless card to listen to each channel for a few messages. This does not reveal the presence of the scanner.

An attacker can passively scan without transmitting at all. Several modes of a station permit this. There is a mode called RF monitor mode that allows every frame appearing on a channel to be copied as the radio of the station tunes to various channels. This is analogous to placing a wired Ethernet card in promiscuous mode. This mode is not enabled by default. Some wireless cards on the market today have disabled this feature in the default firmware. One can buy wireless cards whose firmware and corresponding driver software together permit reading of all raw 802.11 frames. A station in monitor mode can capture packets without associating with an AP or ad-hoc network. The so-called promiscuous mode allows the capture of all wireless packets of an associated network. In this mode, packets cannot be read until authentication and association are completed.

An example sniffer is Kismet (http://www.kismetwireless.net). An example wireless card that permits RF monitor modes is Cisco Aironet AIR-PCM342.

3.2 Detection of SSID

The attacker can discover the SSID of a network usually by passive scanning because the SSID occurs in the following frame types: Beacon, Probe Requests, Probe Responses, Association Requests, and Reassociation Requests. Recall that management frames are always in the clear, even when WEP is enabled.

On a number of APs, it is possible to configure so that the SSID transmitted in the Beacon frames is masked, or even turn off Beacons altogether. The SSID shown in the Beacon frames is set to null in the hope of making the WLAN invisible unless a client already knows the correct SSID. In such a case, a station wishing to join a WLAN begins the association process by sending Probe Requests since it could not detect any APs via Beacons that match its SSID.

If the Beacons are not turned off, and the SSID in them is not set to null, an attacker obtains the SSID included in the Beacon frame by passive scanning.

When the Beacon displays a null SSID, there are two possibilities. Eventually, an Associate Request may appear from a legitimate station that already has a correct SSID. To such a request, there will be an Associate Response frame from the AP. Both frames will contain the SSID in the clear, and the attacker sniffs these. If the station wishes to join any available AP, it sends Probe Requests on all channels, and listens for Probe Responses that contain the SSIDs of the APs. The station considers all Probe Responses, just as it would have with the non-empty SSID Beacon frames, to select an AP. Normal association then begins. The attacker waits to sniff these Probe Responses and extract the SSIDs.

If Beacon transmission is disabled, the attacker has two choices. The attacker can keep sniffing waiting for a voluntary Associate Request to appear from a legitimate station that already has a correct SSID and sniff the SSID as described above. The attacker can also chose to actively probe by injecting frames that he constructs, and then sniffs the response as described in a later section.

When the above methods fail, SSID discovery is done by active scanning (see Section 5).

3.3 Collecting the MAC Addresses

The attacker gathers legitimate MAC addresses for use later in constructing spoofed frames. The source and destination MAC addresses are always in the clear in all the frames. There are two reasons why an attacker would collect MAC addresses of stations and APs participating in a wireless network. (1) The attacker wishes to use these values in spoofed frames so that his station or AP is not identified. (2) The targeted AP may be controlling access by filtering out frames with MAC addresses that were not registered.

3.4 Collecting the Frames for Cracking WEP

The goal of an attacker is to discover the WEP shared-secret key. Often, the shared key can be discovered by guesswork based on a certain amount of social engineering regarding the administrator who configures the wireless LAN and all its users. Some client software stores the WEP keys in the operating system registry or initialization scripts. In the following, we assume that the attacker was unsuccessful in obtaining the key in this manner. The attacker then employs systematic procedures in cracking the WEP. For this purpose, a large number (millions) of frames need to be collected because of the way WEP works.

The wireless device generates on the fly an Initialization Vector (IV) of 24-bits. Adding these bits to the shared-secret key of either 40 or 104 bits, we often speak of 64-, or 128-bit encryption. WEP generates a pseudo-random key stream from the shared secret key and the IV. The CRC-32 checksum of the plain text, known as the Integrity Check (IC) field, is appended to the data to be sent. It is then exclusive-ORed with the pseudo-random key stream to produce the cipher text. The IV is appended in the clear to the cipher text and transmitted. The receiver extracts the IV, uses the secret key to re-generate the random key stream, and exclusive-ORs the received cipher text to yield the original plaintext.

Certain cards are so simplistic that they start their IV as 0 and increment it by 1 for each frame, resetting in between for some events. Even the better cards generate weak IVs from which the first few bytes of the shared key can be computed after statistical analyses. Some implementations generate fewer mathematically weak vectors than others do.

The attacker sniffs a large number of frames from a single BSS. These frames all use the same key. The mathematics behind the systematic computation of the secret shared key from a collection of cipher text extracted from these frames is described elsewhere in this volume. What is needed however is a collection of frames that were encrypted using "mathematically-weak" IVs. The number of encrypted frames that were mathematically weak is a small percentage of all frames. In a collection of a million frames, there may only be a hundred mathematically weak frames. It is conceivable that the collection may take a few hours to several days depending on how busy the WLAN is.

Given a sufficient number of mathematically weak frames, the systematic computation that exposes the bytes of the secret key is intensive. However, an attacker can employ powerful computers. On an average PC, this may take a few seconds to hours. The storage of the large numbers of frames is in the several hundred-mega bytes to a few giga bytes range.

An example of a WEP cracking tool is AirSnort ( http://airsnort.shmoo.com ).

3.5 Detection of the Sniffers

Detecting the presence of a wireless sniffer, who remains radio-silent, through network security measures is virtually impossible. Once the attacker begins probing (i.e., by injecting packets), the presence and the coordinates of the wireless device can be detected.

4. Wireless Spoofing

There are well-known attack techniques known as spoofing in both wired and wireless networks. The attacker constructs frames by filling selected fields that contain addresses or identifiers with legitimate looking but non-existent values, or with values that belong to others. The attacker would have collected these legitimate values through sniffing.

4.1 MAC Address Spoofing

The attacker generally desires to be hidden. But the probing activity injects frames that are observable by system administrators. The attacker fills the Sender MAC Address field of the injected frames with a spoofed value so that his equipment is not identified.

Typical APs control access by permitting only those stations with known MAC addresses. Either the attacker has to compromise a computer system that has a station, or he spoofs with legitimate MAC addresses in frames that he manufactures. MAC addresses are assigned at the time of manufacture, but setting the MAC address of a wireless card or AP to an arbitrary chosen value is a simple matter of invoking an appropriate software tool that engages in a dialog with the user and accepts values. Such tools are routinely included when a station or AP is purchased. The attacker, however, changes the MAC address programmatically, sends several frames with that address, and repeats this with another MAC address. In a period of a second, this can happen several thousand times.

When an AP is not filtering MAC addresses, there is no need for the attacker to use legitimate MAC addresses. However, in certain attacks, the attacker needs to have a large number of MAC addresses than he could collect by sniffing. Random MAC addresses are generated. However, not every random sequence of six bytes is a MAC address. The IEEE assigns globally the first three bytes, and the manufacturer chooses the last three bytes. The officially assigned numbers are publicly available. The attacker generates a random MAC address by selecting an IEEE-assigned three bytes appended with an additional three random bytes.

4.2 IP spoofing

Replacing the true IP address of the sender (or, in rare cases, the destination) with a different address is known as IP spoofing. This is a necessary operation in many attacks.

The IP layer of the OS simply trusts that the source address, as it appears in an IP packet is valid. It assumes that the packet it received indeed was sent by the host officially assigned that source address. Because the IP layer of the OS normally adds these IP addresses to a data packet, a spoofer must circumvent the IP layer and talk directly to the raw network device. Note that the attacker's machine cannot simply be assigned the IP address of another host X using ifconfig or a similar configuration tool. Other hosts, as well as X, will discover (through ARP, for example) that there are two machines with the same IP address.

IP spoofing is an integral part of many attacks. For example, an attacker can silence a host A from sending further packets to B by sending a spoofed packet announcing a window size of zero to A as though it originated from B.

4.3 Frame Spoofing

The attacker will inject frames that are valid by 802.11 specifications, but whose content is carefully spoofed as described above.

Frames themselves are not authenticated in 802.11 networks. So when a frame has a spoofed source address, it cannot be detected unless the address is wholly bogus. If the frame to be spoofed is a management or control frame, there is no encryption to deal with. If it is a data frame, perhaps as part of an on-going MITM attack, the data payload must be properly encrypted.

Construction of the byte stream that constitutes a spoofed frame is a programming matter once the attacker has gathered the needed information through sniffing and probing. There are software libraries that ease this task. Examples of such libraries are libpcap (sourceforge.net/projects/libpcap/), libnet (libnet.sourceforge.net/), libdnet (libdnet. sourceforge.net/) and libradiate (www.packetfactory.net/projects/libradiate/ ).

The difficulty here is not in the construction of the contents of the frame, but in getting, it radiated (transmitted) by the station or an AP. This requires control over the firmware and driver of the wireless card that may sanitize certain fields of a frame. Therefore, the attacker selects his equipment carefully. Currently, there are off-the-shelf wireless cards that can be manipulated. In addition, the construction of special purpose wireless cards is within the reach of a resourceful attacker.

5. Wireless Network Probing

Even though the attacker gathers considerable amount of information regarding a wireless network through sniffing, without revealing his wireless presence at all, there are pieces that may still be missing. The attacker then sends artificially constructed packets to a target that trigger useful responses. This activity is known as probing or active scanning.

The target may discover that it is being probed, it might even be a honey pot (www.honeynet.org/) target carefully constructed to trap the attacker. The attacker would try to minimize this risk.

5.1 Detection of SSID

Detection of SSID is often possible by simply sniffing Beacon frames as describe in a previous section.

If Beacon transmission is disabled, and the attacker does not wish to patiently wait for a voluntary Associate Request to appear from a legitimate station that already has a correct SSID, or Probe Requests from legitimate stations, he will resort to probing by injecting a Probe Request frame that contains a spoofed source MAC address. The Probe Response frame from the APs will contain, in the clear, the SSID and other information similar to that in the Beacon frames were they enabled. The attacker sniffs these Probe Responses and extracts the SSIDs.

Some models of APs have an option to disable responding to Probe Requests that do not contain the correct SSID. In this case, the attacker determines a station associated with the AP, and sends the station a forged Disassociation frame where the source MAC address is set to that of the AP. The station will send a Reassociation Request that exposes the SSID.

5.2 Detection of APs and stations

Every AP is a station, so SSIDs, MAC addresses are gathered as described above.

Certain bits in the frames identify that the frame is from an AP. If we assume that WEP is either disabled or cracked, the attacker can also gather the IP addresses of the AP and the stations.

5.3 Detection of Probing

Detection of probing is possible. The frames that an attacker injects can also be heard by the intrusion detection systems (IDS) of hardened wireless LAN. There is GPS-enabled equipment that can identify the physical coordinates of a wireless device through which the probe frames are being transmitted.

6. AP Weaknesses

APs have weaknesses that are both due to design mistakes and user interfaces that promote weak passwords, etc. It has been demonstrated by many publicly conducted war-driving efforts (www.worldwidewardrive.org) in major cities around the world that a large majority of the deployed APs are poorly configured, most with WEP disabled, and configuration defaults, as set up the manufacturer, untouched.

6.1 Configuration

The default WEP keys used are often too trivial. Different APs use different techniques to convert the user's key board input into a bit vector. Usually 5 or 13 ASCII printable characters are directly mapped by concatenating their ASCII 8-bit codes into a 40-bit or 104-bit WEP key. A stronger key can be constructed from an input of 26 hexadecimal digits. It is possible to form an even stronger104 bit WEP key by truncating the MD5 hash of an arbitrary length pass phrase.

6.2 Defeating MAC Filtering

Typical APs permit access to only those stations with known MAC addresses. This is easily defeated by the attacker who spoofs his frames with a MAC address that is registered with the AP from among the ones that he collected through sniffing. That a MAC address is registered can be detected by observing the frames from the AP to the stations.

6.3 Rogue AP

Access points that are installed without proper authorization and verification that overall security policy is obeyed are called rogue APs. These are installed and used by valid users. Such APs are configured poorly, and attackers will find them.

6.4 Trojan AP

An attacker sets up an AP so that the targeted station receives a stronger signal from it than what it receives from a legitimate AP. If WEP is enabled, the attacker would have already cracked it. A legitimate user selects the Trojan AP because of the stronger signal, authenticates and associates. The Trojan AP is connected to a system that collects the IP traffic for later analyses. It then transmits all the frames to a legitimate AP so that the victim user does not recognize the on-going MITM attack. The attacker can steal the users password, network access, compromise the user's system to give himself root access. This attack is called the Evil Twin Attack.

It is easy to build a Trojan AP because an AP is a computer system optimized for its intended application. A general purpose PC with a wireless card can be turned into a capable AP. An example of such software is HostAP (http://hostap.epitest.fi/ ). Such a Trojaned AP would be formidable.

6.5 Equipment Flaws

A search on www.securityfocus.com with "access point vulnerabilities" will show that numerous flaws in equipment from well-known manufacturers are known. For example, one such AP crashes when a frame is sent to it that has the spoofed source MAC address of itself. Another AP features an embedded TFTP (Trivial File Transfer Protocol) server. By requesting a file named config.img via TFTP, an attacker receives the binary image of the AP configuration. The image includes the administrator's password required by the HTTP user interface, the WEP encryption keys, MAC address, and SSID. Yet another AP returns the WEP keys, MAC filter list, administrator's password when sent a UDP packet to port 27155 containing the string "gstsearch".

It is not clear how these flaws were discovered. The following is a likely procedure. Most manufacturers design their equipment so that its firmware can be flashed with a new and improved one in the field. The firmware images are downloaded from the manufacturers' web site. The CPU used in the APs can be easily recognized, and the firmware can be systematically disassembled revealing the flaws at the assembly language level.

Comprehensive lists of such equipment flaws are likely circulating among the attackers.

7. Denial of Service

A denial of service (DoS) occurs when a system is not providing services to authorized clients because of resource exhaustion by unauthorized clients. In wireless networks, DoS attacks are difficult to prevent, difficult to stop an on-going attack and the victim and its clients may not even detect the attacks. The duration of such DoS may range from milliseconds to hours. A DoS attack against an individual station enables session hijacking.

7.1 Jamming the Air Waves

A number of consumer appliances such as microwave ovens, baby monitors, and cordless phones operate on the unregulated 2.4GHz radio frequency. An attacker can unleash large amounts of noise using these devices and jam the airwaves so that the signal to noise drops so low, that the wireless LAN ceases to function. The only solution to this is RF proofing the surrounding environment.

7.2 Flooding with Associations

The AP inserts the data supplied by the station in the Association Request into a table called the association table that the AP maintains in its memory. The IEEE 802.11 specifies a maximum value of 2007 concurrent associations to an AP. The actual size of this table varies among different models of APs. When this table overflows, the AP would refuse further clients.

Having cracked WEP, an attacker authenticates several non-existing stations using legitimate-looking but randomly generated MAC addresses. The attacker then sends a flood of spoofed associate requests so that the association table overflows.

Enabling MAC filtering in the AP will prevent this attack.

7.3 Forged Dissociation

The attacker sends a spoofed Disassociation frame where the source MAC address is set to that of the AP. The station is still authenticated but needs only to reassociate and sends Reassociation Requests to the AP. The AP may send a Reassociation Response accepting the station and the station can then resume sending data. To prevent Reassociation, the attacker continues to send Disassociation frames for a desired period.

7.4 Forged Deauthentication

The attacker monitors all raw frames collecting the source and destination MAC addresses to verify that they are among the targeted victims. When a data or Association Response frame is observed, the attacker sends a spoofed Deauthentication frame where the source MAC address is spoofed to that of the AP. The station is now unassociated and unauthenticated, and needs to reconnect. To prevent a reconnection, the attacker continues to send Deauthentication frames for a desired period. The attacker may even rate limit the Deauthentication frames to avoid overloading an already congested network.

The mischievous packets of Disassociation and Deauthentication are sent directly to the client, so these will not be logged by the AP or IDS, and neither MAC filtering nor WEP protection will prevent it.

7.5 Power Saving

Power conservation is important for typical station laptops, so they frequently enter an 802.11 state called Doze. An attacker can steal packets intended for a station while the station is in the Doze state.

The 802.11 protocol requires a station to inform the AP through a successful frame exchange that it wishes to enter the Doze state from the Active state.

Periodically the station awakens and sends a PS-Poll frame to the AP. The AP will transmit in response the packets that were buffered for the station while it was dozing. This polling frame can be spoofed by an attacker causing the AP to send the collected packets and flush its internal buffers. An attacker can repeat these polling messages so that when the legitimate station periodically awakens and polls, AP will inform that there are no pending packets.

8. Man-in-the-Middle Attacks

Man-in-the-middle (MITM) attack refers to the situation where an attacker on host X inserts X between all communications between hosts B and C, and neither B nor C is aware of the presence of X. All messages sent by B do reach C but via X, and vice versa. The attacker can merely observe the communication or modify it before sending it out. An MITM attack can break connections that are otherwise secure. At the TCP level, SSH and VPN, e.g., are prone to this attack.

8.1 Wireless MITM

Assume that station B was authenticated with C, a legitimate AP. Attacker X is a laptop with two wireless cards. Through one card, he will present X as an AP. Attacker X sends Deauthentication frames to B using the C's MAC address as the source, and the BSSID he has collected. B gets deauthenticated and begins a scan for an AP and may find X on a channel different from C. There is a race condition between X and C. If B associates with X, the MITM attack succeeded. X will re-transmit the frames it receives from B to C, and the frames it receives from C to B after suitable modifications.

The package of tools called AirJack (http://802.11ninja.net/airjack/) includes a program called monkey_jack that automates the MITM attack. This is programmed well so that the odds of it winning in the race condition mentioned above are improved.

8.2 ARP Poisoning

ARP cache poisoning is an old problem in wired networks. Wired networks have deployed mitigating techniques. But, the ARP poisoning technique is re-enabled in the presence of APs that are connected to a switch/hub along with other wired clients.

ARP is used to determine the MAC address of a device whose IP address is known. The translation is performed with a table look-up. The ARP cache accumulates as the host continues to network. If the ARP cache does not have an entry for an IP address, the outgoing IP packet is queued, and an ARP Request packet that effectively requests "If your IP address matches this target IP address, then please let me know what your Ethernet address is" is broadcast. The host with the target IP is expected to respond with an ARP Reply, which contains the MAC address of the host. Once the table is updated because of receiving this response, all the queued IP packets can now be sent. The entries in the table expire after a set time in order to account for possible hardware address changes for the same IP address. This change may have happened, e.g., due to the NIC being replaced.

Unfortunately, the ARP does not provide for any verification that the responses are from valid hosts or that it is receiving a spurious response as if it has sent an ARP Request. ARP poisoning is an attack technique exploiting this lack of verification. It corrupts the ARP cache that the OS maintains with wrong MAC addresses for some IP addresses. An attacker accomplishes this by sending an ARP Reply packet that is deliberately constructed with a "wrong" MAC address. The ARP is a stateless protocol. Thus, a machine receiving an ARP Reply cannot determine if the response is due to a request it sent or not.

ARP poisoning is one of the techniques that enables the man-in-the-middle attack. An attacker on machine X inserts himself between two hosts B and C by (i) poisoning B so that C's IP address is associated with X's MAC address, (ii) poisoning C so that B's address is associated with X's MAC address, and (iii) relaying the packets X receives.

The ARP poison attack is applicable to all hosts in a subnet. Most APs act as transparent MAC layer bridges, and so all stations associated with it are vulnerable. If an access point is connected directly to a hub or a switch without an intervening router/firewall, then all hosts connected to that hub or switch are susceptible also. Note that recent devices aimed at the home consumer market combine a network switch with may be four or five ports, an AP, a router and a DSL/cable modem connecting to the Internet at large. Internally, the AP is connected to the switch. As a result, an attacker on a wireless station can become a MITM between two wired hosts, one wired one wireless, or both wireless hosts.

The tool called Ettercap ((http://ettercap.sourceforge.net) is capable of performing ARP poisoning.

8.3 Session Hijacking

Session hijacking occurs in the context of a "user", whether human or computer. The user has an on-going connection with a server. Hijacking is said to occur when an attacker causes the user to lose his connection, and the attacker assumes his identity and privileges for a period.

An attacker disables temporarily the user's system, say by a DoS attack or a buffer overflow exploit. The attacker then takes the identity of the user. The attacker now has all the access that the user has. When he is done, he stops the DoS attack, and lets the user resume. The user may not detect the interruption if the disruption lasts no more than a couple of seconds. Such hijacking can be achieved by using forged Disassociation DoS attack.

Corporate wireless networks are often set up so that the user is directed to an authentication server when his station attempts a connection with an AP. After the authentication, the attacker employs the session hijacking described above using spoofed MAC addresses.

9. War Driving

Equipped with wireless devices and related tools, and driving around in a vehicle or parking at interesting places with a goal of discovering easy-to-get-into wireless networks is known as war driving. War-drivers (http://www.wardrive.net/) define war driving as "The benign act of locating and logging wireless access points while in motion." This benign act is of course useful to the attackers.

9.1 War chalking

War chalking is the practice of marking sidewalks and walls with special symbols to indicate that wireless access is nearby so that others do not need to go through the trouble of the same discovery. A search on www.google.com with key words "war driving maps" will produce a large number of hits. Yahoo! Maps can show "Wi-fi Hotspots" near an address you give.

Figure 3: War Chalking Symbols

9.2 Typical Equipment

The typical war driving equipment consists of a laptop computer system or a PDA with a wireless card, a GPS, and a high-gain antenna. Typical choice of an operating system is Linux or FreeBSD where open source sniffers (e.g., Kismet) and WEP crackers (e.g., AirSnort) are available. Similar tools (e.g., NetStumbler) that run on Windows are available.

War drivers need to be within the range of an AP or station located on the target network. The range depends on the transmit output power of the AP and the card, and the gain of the antenna. Ordinary access point antennae transmit their signals in all directions. Often, these signals reach beyond the physical boundaries of the intended work area, perhaps to adjacent buildings, floors, and parking lots. With the typical 30mW wireless cards intended for laptops, the range is about 300 feet, but there are in 2004 wireless cards for laptops on the market that have 200mW. Directional high-gain antennae and an RF-amplifier can dramatically extend the range.

Figure 4: War Drivers' Equipment

10. Wireless Security Best Practices

This section describes best practices in mitigating the problems described above.

10.1 Location of the APs

APs should be topologically located outside the perimeter firewalls. The wireless network segments should be treated with the same suspicion as that for the public Internet. Additionally, it is important to use directional antennae and physically locate them in such a way that the radio-coverage volume is within the control of the corporation or home.

10.2 Proper Configuration

Statistics collected by www.worldwidewardrive.org show a distressingly large percentage of APs left configured with the defaults.

Before a wireless device is connected to the rest of the existing network, proper configuration of the wireless device is necessary. The APs come with a default SSID, such as "Default SSID", "WLAN", "Wireless", "Compaq", "intel", and "linksys". The default passwords for the administrator accounts that configure the AP via a web browser or SNMP are well known for all manufacturers. A proper configuration should change these to difficult to predict values.

Note that the SSID serves as a simple handle, not as a password, for a wireless network. Unless the default SSID on the AP and stations is changed, SSID broadcasts are disabled, MAC address filtering is enabled, WEP enabled, an attacker can use the wireless LAN resources without even sniffing.

The configuration via web browsing (HTTP) is provided by a simplistic web server built into an AP. Often this configuration interface is provided via both wired connections and wireless connections. The web server embedded in a typical AP does not contain secure HTTP, so the password that the administrator submits to the AP can be sniffed. Web based configuration via wireless connections should be disabled.

WEP is disabled in some organization because the throughput is then higher. Enabling WEP encryption makes it necessary for the attacker intending to WEP-crack to have to sniff a large number of frames. The higher the number of bits in the encryption the larger the number of frames that must be collected is. The physical presence in the radio range of the equipment for long periods increases the odds of his equipment being detected. WEP should be enabled.

The IEEE 802.11 does not describe an automated way of distributing the shared-secret keys. In large installations, the manual distribution of keys every time they are changed is expensive. Nevertheless, the WEP encryption keys should be changed periodically.

10.3 Secure Protocols

If the WEP is disabled, or after the WEP is cracked, the attacker can capture all TCP/IP packets by radio-silent sniffing for later analyses. All the wired network attacks are possible. There are real-time tools that analyze and interpret the TCP/IP data as they arrive.

All protocols that send passwords and data in the clear must be avoided. This includes the rlogin family, telnet, and POP3. Instead one should use SSH and VPN.

In general, when a wireless segment is involved, one should use end-to-end encryption at the application level in addition to enabling WEP.

10.4 Wireless IDS

A wireless intrusion detection system (WIDS) is often a self-contained computer system with specialized hardware and software to detect anomalous behavior. The underlying software techniques are the same hacking techniques described above. The special wireless hardware is more capable than the commodity wireless card, including the RF monitor mode, detection of interference, and keeping track of signal-to-noise ratios. It also includes GPS equipment so that rogue clients and APs can be located. A WIDS includes one or more listening devices that collect MAC addresses, SSIDs, features enabled on the stations, transmit speeds, current channel, encryption status, beacon interval, etc. Its computing engine will be powerful enough that it can dissect frames and WEP-decrypt into IP and TCP components. These can be fed into TCP/IP related intrusion detection systems.

Unknown MAC addresses are detected by maintaining a registry of MAC addresses of known stations and APs. Frequently, a WIDS can detect spoofed known MAC addresses because the attacker could not control the firmware of the wireless card to insert the appropriate sequence numbers into the frame.

10.5 Wireless Auditing

Periodically, every wireless network should be audited. Several audit firms provide this service for a fee. A security audit begins with a well-established security policy. A policy for wireless networks should include a description of the geographical volume of coverage. The main goal of an audit is to verify that there are no violations of the policy. To this end, the typical auditor employs the tools and techniques of an attacker.

10.6 Newer Standards and Protocols

Many improvements in wireless network technology are proposed through proprietary channels (e.g., Cisco Lightweight Extensible Authentication Protocol) as well as through the IEEE. The new IEEE 802.11i (ratified in June 2004) enhances the current 802.11 standard to provide improvements in security. These include Port Based Access Control for authentication, Temporal Key Integrity Protocol for dynamic changing of encryption keys, and Wireless Robust Authentication protocol. An interim solution proposed by vendors is the Wi-Fi Protected Access (WPA), a subset of 802.11i, is only now becoming available in some products. Time will tell if these can withstand future attacks.

10.7 Software Tools

Below we describe a collection of cost-free tools that can be used both as attack tools and as audit tools.

· AirJack (http://802.11ninja.net/airjack/) is a collection of wireless card drivers and related programs. It includes a program called monkey_jack that automates the MITM attack. Wlan_jack is a DoS tool that accepts a target source and BSSID to send continuous deauthenticate frames to a single client or an entire network (broadcast address). Essid_jack sends a disassociate frame to a target client in order to force the client to reassociate with the network, thereby giving up the network SSID.

AirSnort (www.airsnort.shmoo.com ) can break WEP by passively monitoring transmissions and computing the encryption key when enough packets have been gathered.
Ethereal (www.ethereal.com ) is a LAN analyzer, including wireless. One can interactively browse the capture data, viewing summary and detail information for all observed wireless traffic.
FakeAP (ww.blackalchemy.to/project/fakeap) can generate thousands of counterfeit 802.11b access points.
HostAP (www.hostap.epitest.fi) converts a station that is based on Intersil's Prism2/2.5/3 chipset to function as an access point.
Kismet (www.kismetwireless.net) is a wireless sniffer and monitor. It passively monitors wireless traffic and dissects frames to identify SSIDs, MAC addresses, channels and connection speeds.
Netstumbler (www.netstumbler.com) is a wireless access point identifier running on Windows. It listens for SSIDs and sends beacons as probes searching for access points.
Prismstumbler (prismstumbler.sourceforge.net/) can find wireless networks. It constantly switches channels and monitors frames received.
The Hacker's Choice organization (www.thc.org) has LEAP Cracker Tool suite that contains tools to break Cisco LEAP. It also has tools for spoofing authentication challenge-packets from an AP. The WarDrive is a tool for mapping a city for wireless networks with a GPS device.
StumbVerter (www.sonar-security.com/sv.html) is a tool that reads NetStumbler's collected data files and presents street maps showing the logged WAPs as icons, whose color and shape indicating WEP mode and signal strength.
Wellenreiter (http://www.wellenreiter.net/) is a WLAN discovery tool. It uses brute force to identify low traffic access points while hiding the real MAC address of the card it uses. It is integrated with GPS.
WEPcrack (www.wepcrack.sourceforge.net) cracks 802.11 WEP encryption keys using weaknesses of RC4 key scheduling.

11. Conclusion

This article is an introduction to the techniques an attacker would use on wireless networks. Regardless of the protocols, wireless networks will remain potentially insecure because an attacker can listen in without gaining physical access. In addition, the protocol designs were security-naïve. We have pointed out several existing tools that implement attack techniques that exploit the weaknesses in the protocol designs. The integration of wireless networks into existing networks also has been carelessly done. We pointed out several best practices that can mitigate the insecurities.

GLOSSARY

AP: Access Point. Any entity that has station functionality and provides access to the distribution services, via the wireless medium for associated stations.

Association Table: The Association table is within an AP and controls the routing of all packets between the Access Point and the wireless devices in a WLAN.

Basic Service Set: BSS is a collection, or set, of stations that are logically associated with each other and controlled by a single AP. Together, they operate as a fully connected wireless network.

Basic Service Set Identifier (BSSID): A 48-bit identifier used by all stations in a Basic Service Set as part of the frame header.

Beacon: A wireless LAN frame broadcast by access points that signals their availability.

Evil Twin Attack. An unauthorized AP whose goal is to masquerade as an existing legitimate/ authorized AP is called an Evil Twin. The evil twin AP is designed and located so that client stations receive stronger signals from it. Legitimate users are lured into the evil twin, and unknowingly give away user IDs and passwords.

Independent BSS: An IBSS is usually an ad-hoc network. In an IBSS, all of the stations are responsible for sending beacons.

IDS: Intrusion detection system.

MITM: Man in the middle. See Section 8.

Service Set Identifier (SSID): All APs and stations within the same wireless network use an identifier that is up to 32-bytes long.

Social Engineering: Social engineering is a term, coined in jest that refers to all non-technical methods of collecting information about a person so that the passwords the person may use can be predicted. The methods of collection range from dumpster diving, analyzing the publicly available information to making phone calls impersonating others.

STA: A wireless station.

WEP: Wired Equivalent Privacy (WEP) is a shared-secret key encryption system used to encrypt packets transmitted between a station and an AP.

Cross References

The following is a list of other articles in the handbook related to wireless networks. Article numbers are as in the Handbook TOC.

26. Radio Frequency and Wireless Communications Security
27. Propagation Characteristics of Wireless Channels
43. Wireless Local Area Networks
44. Security Issues in Wireless Sensor Networks
46. Mobile IP (Internet Protocol)
48. TCP (Transmission Control Protocol) over Wireless Links
50. Wireless Internet
56. PKI (Public Key Infrastructure)
67. Wireless Application Protocol (WAP)
68. Wireless Networks Standards and Protocol (802.11)
74. Wireless Information Warfare
142. Hacking Techniques in Wireless Networks (mine)
150. Wireless Threats and Attacks
151. WEP (Wired Equivalent Privacy) Security
152. Wireless Security
153. Cracking WEP (Wired Equivalent Privacy)

References

John Bellardo and Stefan Savage, "802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions", 2003, Usenix 2003 Proceedings. http://www.cs.ucsd.edu/users/savage/papers/UsenixSec03.pdf Retrieved Jan 20, 2004.
Jon Edney and William A. Arbaugh, Real 802.11 Security: Wi-Fi Protected Access and 802.11i, 480 pages, Addison Wesley, 2003, ISBN: 0-321-13620-9
Jamil Farshchi, Wireless Intrusion Detection Systems, November 5, 2003, http://www.securityfocus.com/infocus/1742 Retrieved Jan 20, 2004
Bob Fleck and Jordan Dimov, "Wireless Access Points and ARP Poisoning: Wireless vulnerabilities that expose the wired network," October 2001. http://www.cigitallabs.com/resources/papers/download/arppoison.pdf. Retrieved on Jan 20, 2004.
Rob Flickenger, Wireless Hacks: 100 Industrial-Strength Tips & Tools, 286 pages, O'Reilly & Associates, September 2003, ISBN: 0-596-00559-8
Matthew S. Gast, 802.11 Wireless Networks: The Definitive Guide, 464 pages, O'Reilly & Associates, April 2002, ISBN: 0596001835.
Vikram Gupta, Srikanth Krishnamurthy, and Michalis Faloutsos, "Denial of Service Attacks at the MAC Layer in Wireless Ad Hoc Networks", Proceedings of 2002 MILCOM Conference, Anaheim, CA, October 2002.
Chris Hurley, Michael Puchol, Russ Rogers, and Frank Thornton, WarDriving: Drive, Detect, Defend, A Guide to Wireless Security, ISBN: 1931836035, Syngress, 2004.
IEEE, IEEE 802.11 standards documents, http://standards.ieee.org/wireless/ . Retrieved Jan 20, 2004
Tom Karygiannis and Les Owens, Wireless Network Security: 802.11, Bluetooth and Handheld Devices, National Institute of Standards and Technology Special Publication 800-48, November 2002. http://cs-www.ncsl.nist.gov/publications/ nistpubs/800-48/NIST_SP_800-48.pdf . Retrieved Jan 20, 2004
Prabhaker Mateti, TCP/IP Suite, The Internet Encyclopedia, Hossein Bidgoli (Editor), John Wiley 2003, ISBN 0471222011.
Robert Moskowitz, "Debunking the Myth of SSID Hiding", Retrieved on March 10, 2004. http://www.icsalabs.com/html/communities/WLAN/wp_ssid_hiding. pdf.
Bruce Potter and Bob Fleck, 802.11 Security, O'Reilly & Associates, 2002; ISBN: 0-596-00290-4.
William Stallings, Wireless Communications & Networks, Prentice Hall, 2001, ISBN: 0130408646.
War-chalking, http://www.warchalking.org/. Retrieved Jan 20, 2004.
Joshua Wright, "Detecting Wireless LAN MAC Address Spoofing", Retrieved on Jan 20, 2004. http://home.jwu.edu/jwright/

Fw: Pengantar Teknologi Nirkabel BAB III dan IV

2009-02-07T22:26:00.001-08:00

--- On Fri, 2/6/09, erfan rohadi <fan_da@yahoo.com> wrote:

From: erfan rohadi <fan_da@yahoo.com>
Subject: Pengantar Teknologi Nirkabel BAB III dan IV
To: adi_king_07@yahoo.com
Cc: siswanto.mjk@gmail.com, joko_p2007@yahoo.com, ismail_sampang@yahoo.co.id, ario_sa@yahoo.com
Date: Friday, February 6, 2009, 3:21 PM
YTh. Para Mhs.,

Sehubungan dengan datangnya Menkopinfo ke Polinema, Saya mengirimkan materi
perkulihaan tentang Spread Spectrum dan Perangkat infrastruktur LAN Nirkabel.
Silakan dipelajari, pertemuan berikutnya UTS BAB I-BAB IV.
24 Pebruari 2009.

Dosen Pengajar Pengantar Teknologi Nirkabel

presentasi bab  III
http://www.ziddu.com/download/3444594/BABIIIIV.ppt.html

materi
http://www.ziddu.com/download/3444499/BAB3danBab4.doc.html



      

Fw: Pengantar Teknologi Nirkabel BAB III dan IV

2009-02-07T18:27:00.000-08:00

--- On Fri, 2/6/09, erfan rohadi <fan_da@yahoo.com> wrote:

From: erfan rohadi <fan_da@yahoo.com>
Subject: Pengantar Teknologi Nirkabel BAB III dan IV
To: adi_king_07@yahoo.com
Cc: siswanto.mjk@gmail.com, joko_p2007@yahoo.com, ismail_sampang@yahoo.co.id, ario_sa@yahoo.com
Date: Friday, February 6, 2009, 3:21 PM
YTh. Para Mhs.,

Sehubungan dengan datangnya Menkopinfo ke Polinema, Saya mengirimkan materi
perkulihaan tentang Spread Spectrum dan Perangkat infrastruktur LAN Nirkabel.
Silakan dipelajari, pertemuan berikutnya UTS BAB I-BAB IV.
24 Pebruari 2009.

Dosen Pengajar Pengantar Teknologi Nirkabel


      

Fw: Kuliah 67Feb09

2009-02-04T01:14:00.001-08:00

--- On Tue, 2/3/09, ani parastiwi <parastiwi@yahoo.com> wrote:

From: ani parastiwi <parastiwi@yahoo.com>
Subject: Kuliah 67Feb09
To: adi_king_07@yahoo.com, siswanto.mjk@gmail.com, joko_p2007@yahoo.com, ismail_sampang@yahoo.co.id, ario_sa@yahoo.com, endang1a_d3tkj@yahoo.com
Date: Tuesday, February 3, 2009, 6:11 PM

Yth. Mhs TKJ
Karena Politeknik kedatangan Menteri KOMINFO pada hari Sabtu,  dan UAS
mahasiswa reguler di hari Jum'at. Maka Diumumkan kepada  Mahasiswa PJJ-TKJ
bahwa Perkuliahan Tatap Muka pada Hari Jum'at dan Sabtu, 6dan7 Feb 09  diganti
dengan Perkuliahan Media Internet. 
Materi perkuliahan akan dikirim oleh masing-masing dosen ke mahasiswa
koordinator Kota/Kabupaten dan  mahasiswa membahas materi perkuliahan di
ICT-Center. 

Malang, 4Februari2009
Koordinator TKJ
EKOJONO

Catatan: Bagi mahasiswa Kelas III yg sedang mengerjakan Projek Sistem
Informasi, hari Jum'at 6 Feb 09 harap mengumpulkan:
revisi-proposal 
Form Kesediaan Membimbing yang sudah ditanda-tangani 2(dua) dosen pembimbing

untuk mengambil file bisa di download disini:

form pembimbing;          
http://www.ziddu.com/download/3399484/FormPembimbing.doc.html

pengumuman kuliah:
http://www.ziddu.com/download/3399485/PengumumanKuliah67Feb09.doc.html

yang diterima
http://www.ziddu.com/download/3399486/Diterima.xls.html

2009-02-01T03:30:00.001-08:00

ngeBUX akan membayar anda Rp. 150 / click yang anda lakukan,silahkan login dengan menggunakan form disamping,atau apabila anda belum mempunyai Account di ngeBUX,silahkan Register disini.

Selain itu,anda juga akan dibayar Rp. 25 / refferal click,jadi silahkan anda cari bawahan sebanyak-banyaknya.

Contoh Pendapatan anda :

Anda Klik 25 Iklan / Hari : 150×5 = Rp. 3.750 / hari
Anda Punya 20 Bawahan,masing-masing mengklik 25 iklan : Rp. 12.500 / hari
Pendapatan Perhari : Rp. 16.500
Pendapatan perminggu : Rp. 113.750
Pendapatan Perbulan : Rp. 487.500
Pendapatan Pertahun : Rp. 5.460.000

Itulah pendapatan anda pertahun apabila anda mempunyai 20 bawahan yang masing-masing mengklik 25 iklan / hari..bagaimana apabila anda mempunyai 100 bawahan ? waduh…silahkan hitung sendiri pendapatan anda.

* Kami Tidak Menjamin jumlah iklan.

Apabila uang anda sudah mencapai Rp. 50.000,- anda bisa melakukan withdraw setiap hari.

REGISTER SEKARANG,GRATIS!

Fw: Urgent: Proposal Projek Sistem Informasi

2009-01-27T18:01:00.001-08:00

--- On Tue, 1/27/09, ani parastiwi <parastiwi@yahoo.com> wrote:

From: ani parastiwi <parastiwi@yahoo.com>
Subject: Urgent: Proposal Projek Sistem Informasi
To: adi_king_07@yahoo.com, siswanto.mjk@gmail.com, joko_p2007@yahoo.com, ismail_sampang@yahoo.co.id, ario_sa@yahoo.com
Date: Tuesday, January 27, 2009, 12:33 AM

Yth. Para Mahasiswa  Kelas  III  TKJ
Di
Tempat

Setelah evaluasi  proposal, maka diberitahukan kepada saudara mahasiswa untuk
bisa merevisi Projek SI (PSI) dengan tema sebagai berikut:
MATERI  PROPOSAL  PROJEK SISTEM INFORMASI
Macam Sistem Informasi
1	Sistem Informasi Akademik
2	Sistem Informasi Kepegawaian
3	Sistem Informasi Pemnerimaan Siswa Baru
4	Sistem  Informasi Peminjaman dan Pengembalian Koleksi Perpustakaan
5	Sistem Informasi Kesiswaan
6	Sistem Informasi Pembayaran SPP
Berbasis
1	Berbasis Intranet
2	Berbasis  Internet
3	Berbasis SMS
Jenis  Pengembangan Projek
1	Rancang Bangun
2	Perencanaan dan Pembuatan
Contoh
1.Rancang Bangun Sistem Informasi Akademik Berbasis Intranet di SMKN Dimana
2.Perencanaan dan Pembuatan Sistem Informasi Kesiswaan Berbasis SMS di SD
ManaSaja

Bagi mahasiswa yg merasa judul PSI belum sesuai dengan yg di atas, mohon segera
membuat revisi proposal PSI paling lambat  Jum'at, 30Jan09 jam 15.00 dan
dikumpulkan di P. Pairi.

TTD - Panitia PSI 
Andriani Parastiwi

Catatan:  Saat ini ada 11 judul yg membuat Website dan semuanya ditolak dengan
alasan skope PSI terlalu luas dan perlu dipersempit.

2009-01-05T17:34:00.000-08:00

Cara Mencari Uang di Internet dengan Kumpulblogger bag.4

Panduan Mendaftar KumpulBlogger

Apa itu Kumpulblogger.com ?
KumpulBlogger adalah Jaringan Blogger Indonesia untuk mendapatkan alternatif penghasilan tambahan, dengan cara menyediakan spot/ruangan pada blognya sebagai tempat menyampaikan pesan komersial dari Advertiser.

Bagaimana saya bisa bergabung ?
Caranya mudah sekali, Daftar saja pada menu SIGN UP, masukkan alamat email kamu pada kotak yang sudah tersedia(Bukan pada account Log In), lalu klik register kemudian check email Kamu. Kamu akan diberikan password untuk Login. Kamu dapat mendaftarkan lebih dari 1 Blog untuk berpartisipasi dalam jaringan Kumpulblogger.com. Kamu akan diberikan script/code untuk dipasang/install pada Blog Kamu. Kamu dapat memantau hasil perkembangan penghasilan Kamu pada website Kumpulblogger.com.

Berapa penghasilan yang akan saya dapatkan ?
Kamu akan dapet Rp.300 jika ada yang meng klik sekali pada iklan Type Text Links (adalah Iklan berupa Text , sedikit keterangan dan Link), dan Rp.350 untuk Type Mini Banner (adalah Iklan berbentuk Banner Ukuran 125 x 125 pixel). Seratus klik pada Type Text Links berarti Rp.30.00, Seribu klik berarti Rp.300.000 dan seterusnya. Dan jangan sekali-kali meng klik iklan yang tampil di blog Kamu sendiri karena Kumpulblogger.com telah mencatat IP address kamu, klik dari IP address yang sama tidak akan diperhitungkan. Jumlah Klik ditentukan dari Unique IP Address Visitor, Materi Iklan yang pernah diKlik dari IP Address yang sama, tidak akan dihitung.

Segala macam pelanggaran diatas memang tidak akan dilakukan banned, hanya saja pelakunya tidak bisa mendapatkan kesempatan mendapatkan rewards apabila diketahui oleh pihak Kumpulblogger.com.

Kapan saya bisa dibayar ?
Pembayaran, apabila revenue Kamu minimal sudah mencapai 10 ribu rupiah, disarankan untuk menggunakan account Bank BCA atau Paypal untuk menerima pembayaran Kamu.

Berikut ini cara memasukkan code Iklan (script iklan) ke dalam blog Kamu :

1. LOG IN dulu di Kumpulblogger.com (sebelum LOG IN kamu harus sudah SIGN UP terlebih dahulu)
2. Pilih Menu "Tambah Blog" (untuk memasukkan data mengenai Blog Kamu)
3. Masukkan seluruh data sesuai dengan Blog Kamu (form ada dibawah)
4. Submit
5. Pilih menu "Script Text Advertising untuk Blog"
6. Lalu pilih bentuk iklan sesuai selera Kamu
7. Copy kode/scrpit tersebut

Jika Kamu ingin menampilkannya di Friendster, tinggal paste aja code tadi di bawah About me: atau di bawah Who I Want to Meet: melalui Edit Profile. Lalu Save.

Jika Kamu menggunakan Wordpress, tinggal paste aja code tadi dengan masuk Widget, lalu add Text, kemudian paste di situ. Lalu Save Changes.

Jika kamu menggunakan Blogger, Pilih menu "tata letak (Lay out)", pilih "tambah gadget" (add page element)" , pilih "HTML" , Paste kode/script tersebut, Kemudian Save.

Setelah semua di Save buka kembali blog atau Friendster Kamu. maka iklan akan secara otomatis muncul kedalam blog Kamu. Hanya tinggal menunggu ada orang yang mengklik iklan tersebut maka pundi-pundi uang akan mengalir!!!

Selamat Mencoba, dan semoga bermanfaat.

2008-11-30T05:43:00.001-08:00

Darkness by PiZero

Features:

Bitmap + Svg Theme
PiZero.net and Flahorn Icon packs included
Fits both portrait and landscape modes Selengkapnya…

Comments (0) : Add Comment

2008-11-30T05:41:00.001-08:00

Xchange R8 v1.2

Xchange R8 is a simple currency convertor. You can choose 3 currencies to be displayed and for the time being you have two WebServices available: Bank of Romania (for my Romanian friends) and Bank of England (for my other friends). Bank of England currency are accessed via the Export Technologies WebService. Selengkapnya…

2008-11-30T05:39:00.001-08:00

nueLight v2.2

nueLight for the HTC Titan turns your Titan into a versatile flashlight. nueLight uses the flash LED for the camera and can even enter high-beam mode. nueLight also has a morse code function where it will send text you type as morse code over the flash LED. Selengkapnya…

2008-11-15T00:37:00.001-08:00

How to Format a Nokia 6600 Device

Primary Method

1. Turn your device off.
2. Remove SIM card and MMC card (actually, you do not need to remove these, but after format remember to format memory card and reboot phone).
3. Press and hold 3 keys; Green dial key, * Star key, no. 3 key on keypad Together.
4. Turn your device on while you are pressing the three buttons.
5. You should now see "Formatting .." on the Screen! Leave the buttons now.

Alternate Method

1. You can remove the mmc but keep the sim card and restart your phone.
2. Then press the keys *#7370#.
3. The phone would ask a confirmation.
4. Select yes.
5. Then it will ask for a code.
6. The code is 12345 (the default).
7. There you are! your phone will restart with all the phone memory formatted.

TIPS
* You can also use some programs to format the device for you.
* The format will not include the MMC Card, only the device (C Drive)…
* The above method isn't always easy. You can do the format using this simple key combination *#7370# and the phone will prompt you to enter the phone lock code which is 12345 by default.
* Also remember that you can reset your phone but not loose any of your personal files (I.E restore the settings that came when you bought the phone while keeping contacts etc) by following the above procedure but using the code *#7780#

WARNING
* Don't apply these steps if you are not sure what you are doing.
* Make sure you have enough battery power before beginning this procedure.
* Formatting will erase all your contacts/messages, so make a backup of your phone before formatting.
* If have MMC-card make a backup on mmcstore file !

2008-07-10T21:05:00.001-07:00

Visiting Instructor - Psychology

Posted by:
University of West Florida Posted date:
05-Jun-08

2008-07-05T22:50:00.001-07:00

Senior Researcher: Hydrogen Infrastructure Technologies R & D

Posted by:
North-West University Posted date:
05-Jun-08

The North-West University (NWU) and the Council for Scientific and Industrial Research (CSIR) have recently been appointed by the South African Department of Science and Technology (DST) to co-host a Centre of Competence in Hydrogen Production, Storage and Distribution (Hydrogen Infrastructure.) This Centre of Competence is a key component of the South African Hydrogen and Fuel Cells Technologies Research and Development Strategy. An exciting opportunity exists for an expert, in the field(s) of hydrogen production (especially electrolysis), storage and distribution as well as fuel cell technologies, to provide scientific guidance and leadership to the Centre of Competence, create an environment for technology transfer, mentor graduate students and grow the group in line with the DST's, NWU's and CSIRs vision for this Frontier Science and Technology Initiative.

The Hydrogen Infrastructure Centre of Competence will have strong collaboration with relevant national and international research partners and institutions.

Minimum qualifications and experience

PhD in the Natural Sciences or Engineering

At least 5 years experience in the field of hydrogen and/or fuel cell research and development with a strong emphasis on electrochemical processes

At least 2 years experience as a leader of a research group

A track record of publications in high impact journals

Candidates without a PhD, but with at least a masters degree together with substantial applicable experience, may also apply Read more…

[Lowongan Kerja] Pizza Hut

2008-07-05T19:54:00.001-07:00

We are looking for individuals who believe in stiving for Excellence to
become a member of Indonesia's largest Pizza chain.
1. INDUSTRIAL RELATIONS ASSISTANT (IRA) . University degree of
law,minimum 7 years experience in similar position . Male, age 30-45
years old

2. INDUSTRIAL RELATIONS SUPERVISOR (IRS) . University degree of
law,with 3-5 years experience in similar position . Male,age 30-35
years old

3. OUTLET MANAGER (OM-PHD) . Min. D3 graduated,preferabl e from Tourism
School . Male/Female, age max. 35 years old . Having experience in food
service industry/Fast food (as an.Asst. Manager min. 4 years or 2 years
as a Restaurant Manager)

4. SHIFT LEADER (SL-PHD) . Min. D3 graduated,preferabl e from Tourism
School . Male/Female, age max. 30 years old . Having experience in food
service industry min.2 years in supervising with min.20 crews

OTHER REQUIREMENT: . Master in Labor law, manpower decree and
regulations (IRA,IRS). Easy to socialize and possess good
negotiations & assertive communication skills (IRA/IRS). Enjoy
traveling (IRA,IRS). Willing to be placed anywhere in Indonesia
(OM-PHD,SL-PHD) . Height 165 cm (male), 160 (female) (OM-PHD,SL-PHD) .
Must ready work longer hours & weekend/holiday (OM-PHD,SL-PHD) . Fluent
in English both oral & written (IRA,IRS). Excellent computer skill
(Word,Excel, Powerpoint, etc). Strong communication, interpersonal skill &
analytical skill. Full of independent with pleasant
personality, mature,attention to detail and integrity.

Only qualified candidates will be contacted

Please specify your application by putting the code on the left hand
side of the envelope and send complete application, with CV and most
recent photograph within 10 working days of this advertisement to :

Staffing Division-HRDPT. Sarimelati KencanaGhaha Mustika Ratu 8th
floorJl. Gatot Subroto Kav. 74-75Jakarta
12870orrecruitment@ pizzahut. co.id

Lowongan COOK, Urgent!

2008-06-16T09:30:00.001-07:00

Lowongan Cook di Restaurant Italia, Jakarta.
Kriteria :
1. Pria / Wanita
2. Pengalaman dibidangnya minimal 1 tahun (Lebih disukai Italian Food)
3. Bahasa Inggris pasif / aktif
4. Kreatif, Disiplin

silahkan kirim Lamaran, CV dan foto secepatnya ke email : lisa@ismayagroup. com
atau melalui pos dengan mencantumkan kode "cook" di kiri amplop  ke alamat :
Up. Executive Chef
Puro Ristorante e Bar
City Plaza at Wisma Mulia
Jln. Jend Gatot Subroto No.42
Jakarta Selatan 12710

Honesty and Integrity Pre-Employment Tests | 1 July 2008

2008-06-16T09:29:00.001-07:00

A. New survey reveals that?

Young workers (age 18 to 24 years old) in the United States are twice as likely as older colleagues to steal office supplies for home use without thinking it is wrong according to a April 2006 Spherion Workplace Snapshot survey. And all those missing paper clips and pens add up to more than $50 billion a year.

"A lot of people that steal don't consider it stealing. They just consider it taking things or that it's a fringe benefit," said John Case, head of Employeetheft. com, a security consulting firm based in Del Mar, California.

WORKPLACE THEFT

The types of cash, merchandise and property theft respondents most often admitted to were:

- Taking company supplies for personal use (35%)

- Taking merchandise or equipment (17%)

- Giving or receiving refunds for unpurchased items (7%)

- 49 percent of the respondents admitted eating food without paying, many of the employees indicated that they were allowed to

- 44 percent of the employees admitted engaging in some type of cash, merchandise or property theft

ABSENTEEISM AND TARDINESS

- 42 percent of the respondents had come to work late without permission

- 24 percent had left work early without authorization

- 19 percent had abused sick days

- 18 percent had been absent from work without good reason

- In total, 59 percent of the sample admitted to some type of "time theft." Nineteen percent reported that they committed some type of time theft at least once a month.

Source :McGraw-Hill/ London House and National Food Service Security Council survey of restaurant and fast food employees Copyright Â© 1995, McGraw-Hill/ London House

Nonproductive Computer Use at Work

- Very few respondents (2.2%) reported spending more than 12 hours a week using their work computer to catch up on personal tasks (e.g., banking, shopping, vacation planning), with 18% spending at least one hour per week doing so. Approximately 50% indicated that they never used their work computer to catch up on personal tasks.

- Only .4% indicated spending more than 12 hours a week using their work computers to "take breaks" from their day (e.g., sending personal email, surfing the web, playing games). Nearly 17% spent at least one hour per week "taking breaks" while 46% reported never doing so. These latter two questions, combined,

(Source : Nonproductive Computer Use at Work: Results from the 2001 National Work Opinion Survey)

B. What is HIPET?

There is wide-spread concern about the honesty and integrity of employees. Most organizations have serious problems of pilferage, absenteeism, tardiness, employee disagreements that lead to violence, drug and alcohol abuse, and computer misuse. The annual loss from these counterproductive behaviors is estimated in the billions of dollars. There was a clear need for a brief assessment that could be used as part of the pre-employment screening process. HIPET (Honesty and Integrity Pre-Employment Tests) was developed to meet that need.

HIPET assesses six areas of potentially counterproductive behaviors by a self-descriptive inventory that taps six substantive areas of concern as well a Good Impression (validity) scale.

a.. Hostility

b.. Conscientiousness

c.. Integrity

d.. Substance Abuse

e.. Sexual Harassment

f.. Computer Misuse

HIPET is modular with four "core" scales and then three additional scales that can be added as needed. The core assessment is 80 true/false questions and if all the core scales are added, the assessment is 140 questions. The scores produce a HIPET profile which can then be compared to successful and less successful incumbents in a variety of jobs.

Developed in an English and Bahasa Indonesia -language version, this assessment takes only 10-12 minutes to complete. HIPET is a web-based system, but it can be given on paper if necessary (if given on paper, the responses would be entered into the scoring software in order to generating reports).

The HIPET Assessment provides three valuable reports for the user:

a.. Interpretive Report: Describes the score in each scale and what it means.

b.. Graph Report: A quick snapshot of the participant' s scores and what level of concern they fall into.

c.. Behavioral Interview Question Report: Follow-up questions based on which assessment items the participant answered in a "counter-productive " manner.

C. Why HIPET? Learn Why HIPET Assessment beats the competition every time

Features
Benefits

Quick

a.. 8-15 minutes for HIPET Assessment
a.. Get great data quick.

b.. No proctoring required.

Easy to Use

a.. No extensive training.
a.. No professional Interpretation needed.

Descriptive

a.. Rather than just giving a score or a scale for a trait, Clues tells how candidate will function in a job.
a.. No guessing or interpretation necessary. Any person can read and understand the reports.

Business use

a.. Designed specifically for Business Use
a.. Unlike many other tests including Meyers Briggs, 16PF, Caliper, and Berkman which were designed as clinical tools.

Normative Instrument

a.. Normed on general population using latest psychometric principles with the ability to norm for individual clients or groups.
a.. Assessment results reflect comparison to general population as opposed to simply a score.

Faking Scale

a.. Is candidate truthful, or just telling us what they think we want to hear?
a.. Make sure you know the data is accurate

Honesty/Integrity

a.. Measures honesty, dependability and aggression

b.. Includes optional scales for Substance Abuse, Computer Abuse and Sexual Harassment.
a.. The most modern, encompassing honesty
assessment on the market.

Respected Psychologists

a.. Assessments are developed by world renowned and respected psychologists Dr. Leonard Goodstein and Dr. Richard Lanyon.
a.. You gain from their years of experience and
know the assessment is built right.

ROI

a.. Most companies will achieve ROI of well over 60:1 using the Clues assessments
a.. Tools are as cost efficient as they are informative.

Available in Multiple Languages

a.. English

b.. Bahasa Indonesia version
a.. Consistency across the world for multi-nationals

Expected Corporate Benefits From Using CluesAssessments

Â§ Dramatically Reduce Cost Per Hire

Â§ Reduce Turnover Rates By 10-50% in First Year

Â§ Increase Productivity Due to Better Job Fit

Â§ Improved Employee Morale

Â§ Reduce Workers Compensation Costs 5-15%

Â§ Identify Future Leaders and Corporate Bench Strength

D. Falicitator

Mr.Heru Wiryanto

E. Investment

Rp. 2.500.000 per participant including :

- Lunch and Coffee Break

- HIPET Introductory Kit; (includes HIPET Manual, Scoring templates, Assessment Booklets, HIPET Behavioral Interview Guide, includes Scoring Software with Unlimited Version)

F. Participants

HR Practitioner, Loss Prevention Manager, Store Manager, Psychologist, Recruiter, Head Hunters, etc.

G. Venue

IS Plaza Building, Lt.9

No Account
BCA - KCP Ahmad Yani - Bekasi
No. Rek : 739 041 0829 a/n Bahari Antono

Information & Registration

Ms Rani Kartika

08788-1000-100

021-70692748
0815 1049 0007

HRD Forum
IS PLAZA Building 9th Floor, Room 904
Jl Pramuka Raya Kav 151 - Jakarta Timur
Telp: 021- 851-3661 ; 021-857 9510 ; 021 - 856 4666 ext 1053
Fax: 021 - 851 3661 ; 021-857 9510

------------ --------- --------- --------- --------- --------- -

Formulir Pendaftaran HIPET

Nama : ............ ......... ......... ......... ......... ......... .
Perusahaan : ............ ......... ......... ......... ......... ......... .
Alamat : ............ ......... ......... ......... ......... ......... .
Telp/HP : ............ ......... ......... ......... ......... ......... .
Email : ............ ......... ......... ......... ......... ......... .
Tanggal Transfer : ............ ......... ......... ......... ......... ......... .
Form Pendaftaran setelah diisi harap di fax ke 021-851 3661 ; 021-857 9510 atau email ke Event@HRD-Forum. com

------------ --------- --------- --------- --------- --------- -

2008-06-09T22:15:00.001-07:00

Senior Researcher: Hydrogen Infrastructure Technologies R & D

Posted by:
North-West University Posted date:
05-Jun-08

The Hydrogen Infrastructure Centre of Competence will have strong collaboration with relevant national and international research partners and institutions.

Postdoctoral Fellows - Neurological Disease

2008-06-06T03:54:00.001-07:00

Posted by:
Northwestern University

Posted date:
04-Jun-08

POST-DOCTORAL Positions in Neurological Disease

We are seeking highly motivated postdoctoral researchers to join the DiDonato laboratory in the Human Molecular Genetics Program at Childrens Memorial Research Center, Department of Pediatrics, Northwestern University. The overall theme of the laboratory is to decipher the underlying mechanisms of neuromuscular disease and develop treatment strategies. Our major research focus is on spinal muscular atrophy (SMA), a fatal pediatric motor neuron disease, which is caused by low levels of the survival motor neuron (SMN) protein.

Positions are available to 1) decipher the timing and spatial requirements of SMN expression 2) determine the molecular and cellular mechanisms underlying spinal muscular atrophy (SMA) using mouse models 3) to define the regulatory mechanisms that goven SMN expression and test therapies in vivo for their ability to rescue disease phenotype.

In all instances we will use a variety of in vitro and in vivo approaches that utilize a novel series of mice that we have generated. Examples of some of the mouse projects include: determining SMNs temporal and spatial requirements using SMN inducible mice in combination with tissue-specific CRE or tamoxifen-inducible CRE mice. We have projects that are aimed specifically at therapeutic treatments as well.

Applicants should have a PhD, PhD/MD or DVM degree and be proficient in molecular and cell biology techniques. Candidates that have experience in a) developmental neurobiology, b) neuromuscular research C) ES cell manipulation and differentiation or D) in vivo drug studies in mice or E) gene regulation (ChIP, DHS mapping, etc) are especially encouraged to apply.

Application

The positions are available until filled. Start date is flexible and salary is highly competitive. Applicants should be US citizens, permanent residents, or hold a work visa with a 3 year minimum before expiration.

Send CV and a statement of research interests and names of three references to Christine DiDonato at c-didonatonorthwestern.edu

Senior Researcher: Hydrogen Infrastructure Technologies R & D

2008-06-06T03:53:00.001-07:00

Posted by:
North-West University

Posted date:
05-Jun-08

The Hydrogen Infrastructure Centre of Competence will have strong collaboration with relevant national and international research partners and institutions.

Minimum qualifications and experience

PhD in the Natural Sciences or Engineering

At least 5 years experience in the field of hydrogen and/or fuel cell research and development with a strong emphasis on electrochemical processes

At least 2 years experience as a leader of a research group

A track record of publications in high impact journals

Candidates without a PhD, but with at least a masters degree together with substantial applicable experience, may also apply

General requirements

A proven performance record in the form of peer-reviewed publications, integration with the international research community and demonstrated ability to conduct research independently and within multi-disciplinary teams, will be essential. A good understanding of the potential application of the research outputs to the development of the South African economy will be an advantage.

The candidate's ability to network and operate across organisational boundaries will be critical to the success of the Centre. The job will have minimal operational or administrative responsibilities; the candidate must be passionate about pursuing a research and development career and making a significant contribution to science and technology.

Two appointments will be, initially for at least three years, but renewable for an additional term subject to the outcome of a performance review. One appointment will be based at the Potchefstroom campus of the North-West University, South Africa, which is located in the university town of Potchefstroom one and a half hours drive from Johannesburg. Potchefstroom is located in the North-West province of South Africa, which is locally also known as the platinum province as the majority of the worlds platinum is mined and produced here. A second appointment will be based at the CSIRs campus in Pretoria.

Should you be interested and wish to contribute to the success of the NWU/CSIR and a major national initiative of the DST, then please submit your CV, a list of publications and a letter of motivation (maximum three A4 pages) for the attention of Mr Christe de Wit, HR Director, by email to christe.dewitnwu.ac.za

Applications close on 31 July 2008.

By applying for this position at the NWU/CSIR, the applicant understands, consents and agrees that the NWU/CSIR may solicit a credit and criminal report from a registered credit bureau and/or the relevant police service and may also verify the applicants educational qualifications and employment history.

Correspondence will be undertaken with short-listed candidates only.

The NWU/CSIR reserves the right not to make an appointment.

Remuneration

An internationally competitive remuneration package will be paid to the successful candidate.

Visiting Instructor - Psychology

2008-06-06T03:52:00.001-07:00

Posted by:
University of West Florida

Posted date:
05-Jun-08

The Department of Psychology at the University of West Florida seeks candidates for a one-year position as Visiting Instructor (102850).Individuals who have completed the PhD are preferred because teaching assignment may include masters-level graduate courses.However, those who have completed all requirements for the doctorate except the dissertation will also be considered.

The area of concentration may be clinical-counseling or biological psychology.Teaching assignment will likely include 3-4 courses per term at the graduate and/or undergraduate level such as Experimental Psychology and lab, Brain/Behavior/Experience, Cognitive Neuroscience, Psychopathology, Theories of Counseling, or Interventions in Addictions. Participation in departmental activities such as student advising and program assessment is also expected.

Application

Review of applications will begin June 15 and will continue until a successful candidate is chosen.Applicants should submit a letter of intent (including a description of relevant teaching experience), a Curriculum Vitae (CV), and names and contact information for three references via the UniversityТs electronic system at https://jobs.uwf.edu.

UWF is located in Pensacola on Northwest FloridaТs Gulf Coast, with excellent beaches nearby and variety of recreational and cultural activities year-round.The Psychology Department has attractive new facilities with research space, excellent instructional technology and support, and 16 doctoral-level faculty in a variety of areas.We provide undergraduate instruction to over 450 majors and offer the Masters degree with specializations in Clinical-Counseling, General, and Industrial-Organizational Psychology.Our Clinical-Counseling and I-O tracks are accredited by the Masters in Psychology Accreditation Council (MPAC). The Department also houses administrative offices for the Southeastern Psychological Association.For more information about the Department of Psychology, please see our Web site at https://www.uwf.edu/psychology.

For further information, please contact the Search Committee Chair, Dr. Rosemary Hays-Thomas, at rloweuwf.edu or 850-474-2362.

This position requires a criminal background screening.Pursuant to provisions of the Americans with Disabilities Act, any person requiring special accommodations to respond is requested to advise UWF by contacting the UWF ADA Office at 1-850-473-7469 (Voice) or 1-850-857-6114 (TTY).UWF is an Equal Opportunity/Access/Affirmative Action Employer.

Programmer / Data Analyst on Biomedical Image Analysis

2008-06-06T03:51:00.001-07:00

Posted by:
University of North Carolina (UNC)

Posted date:
05-Jun-08

A programmer / data analyst position is available in Biomedical Research Imaging Center (BRIC) at UNC Chapel Hill, for conducting biomedical image analysis research. The successful applicant will be trained to work broadly in biomedical image analysis field, and to help integrate various software packages developed in the research labs. This position needs to work with a multidisciplinary team on biomedical imaging.

The successful applicant must have a master degree in computer science or related engineering fields. He/She must be strong in programming, and familiar with C/C++, Matlab, ITK/VTK, and SPM. Experience with Linux is highly desired. Knowledge on biomedical imaging, computer vision, pattern recognition, and image processing is very helpful.

Application

If interested, please send your resume to Dr. Shen (dgshenmed.unc.edu), and visit UNC IDEA Group (http://bric.unc.edu/IDEAgroup/) for more information.

Postdoctoral Fellow - Computational Biology

2008-06-06T03:50:00.001-07:00

Posted by:
University of Ottawa

Posted date:
05-Jun-08

The Rolland-Lagan lab at the University of Ottawa is specializing in computational and developmental biology. We use a combination of experimental work, microscopy, image analysis and computer simulations to explore developmental mechanisms in two and three dimensions. We are particularly interested in the patterning of branching and network structures in plants and animals and are seeking strong postdoctoral candidates with a biology and/or a computer science background to apply for funding through the University of Ottawa Vision 2010 postdoctoral fellowship competition.

Position is to be taken up by December 31, 2008, and is for two years ($50,000 per year). Candidates must have completed or received a PhD degree no more than two years before the intended application deadline; or be expected to complete their PhD before January 1, 2009.

Application

Please send a pre-application by email (all material in one file) to A.-G. Rolland-Lagan (arollanduottawa.ca). Applications will be evaluated starting June 15th 2008. Applications will be considered until a suitable candidate is found or until August 1st, 2008.

Please include your CV, a description of your research interests, and names and email addresses of three referees. The selected candidate will be encouraged to submit a full application.

For more information, please contact A.-G. Rolland-Lagan (arollanduottawa.ca).

Web links:
Rolland-Lagan lab:
http://www.science.uottawa.ca/~arolland/Index.html (in English)
http://www.science.uottawa.ca/~arolland/Accueil.html (en Franзais)
Vision 2010 Postdoctoral Fellowship:
http://www.grad.uottawa.ca/Default.aspx?tabid=2247