| New User, Welcome! Login |
commercial airport
communication, the NE-SW route, following the valley of the river Doubs,
and linking Germany and North Europe with Lyon and southwest Europe, and
the N-S route linking northern France and the Netherlands with
Switzerland. A key staging post on the Strasbourg-Lyon (Germany-Spain)
route, it also has direct high-speed train (TGV) links with Paris,
Charles de Gaulle International Airport, and Lille. Unusually for a town
of its size, it does not have a commercial airport, though two
international airports, EuroAirport Basel-Mulhouse-Freiburg and Lyon
Saint-Exupry International Airport, can be reached in about 2 hours.
[ - Topics - ]
communication, the NE-SW route, following the valley of the river Doubs,
and linking Germany and North Europe with Lyon and southwest Europe, and
the N-S route linking northern France and the Netherlands with
Switzerland. A key staging post on the Strasbourg-Lyon (Germany-Spain)
route, it also has direct high-speed train (TGV) links with Paris,
Charles de Gaulle International Airport, and Lille. Unusually for a town
of its size, it does not have a commercial airport, though two
international airports, EuroAirport Basel-Mulhouse-Freiburg and Lyon
Saint-Exupry International Airport, can be reached in about 2 hours.
http://frhack.org/venue.html
On 6 Mar 2010, at 02:12, drstrangep0rk@hushmail.com wrote:
Do you have firmware information on which products it affects.
Tested with firmware 7.5 on the latest-generation units. Should work just fine with 7.4.2, on the previous generation. These are the latest versions. I don't know about previous releases for Airport Express, Airport Extreme, or Time Capsule, and what revisions they will be at. They will probably be affected as long as they offer FTP access, which I think was true for Airport Extreme from the beginning.
Cheers,
Sabahattin
The FTP proxy used in Apple's Airport Express, Airport Extreme, Time Capsule and possibly elsewhere doesn't check the client provided address and port given by the FTP PORT command against the IP address of the connecting client, or against the use of privileged ports. (The FTP PORT command is used by a FTP client to tell an FTP server which address and data port to initiate the data connection on.) The FTP proxy is used to provide assistance to clients operating in NAT environments served by the Apple products. FTP servers running behind a NAT with this assistance can have addresses in the command channel rewritten for them so that external clients can reach them when operating in passive mode. The ALG operates as a proxy server, assuming responsibility for connections to the FTP server, and must therefore also handle and modify rewriting of the PORT command. It looks like it might be ftp-proxy from PF.
The effect of this problem is to allow anybody with access to the FTP port forwarded on the exterior side of an Apple Airport product that offers NAT to internal clients, which for a publicly-accessible FTP server is the big bad world, to induce an FTP server operating behind a NAT to send data to arbitrary addresses and ports. This is true even if the FTP server is configured to operate more securely, since it sees connections from the NAT's exterior interface, not the connecting client. This is useful for bouncing anonymous port scans off the victim NAT, or if data is available or can be written to and then read from the FTP server, potentially for anonymous attacks, spam, news floods, and other such badness. Any trust relationship and/or security implied or assumed by a NAT is also gone, since the PORT command can also specify private addresses, inside the NAT, for victimisation. Best of all, the gateway itself makes no log entry concerning FTP connections that have been run through the proxy.
Workarounds: do not use FTP; do not trigger the use of the ALG (FTP proxy) by explicitly using ports other than 21 on the inbound port mapping. If you can't do those things, you can avoid the worst effects of this attack by disabling FTP uploads that can later be downloaded by anonymous users.
Apple likes to keep secrets for the protection of its customers. Since the reasonable release of this advisory removes that protection, confidential information vouchsafed to me can be safely disclosed with no ill effects. Apple has a fix, and according to its last seemingly automatic template message, they are still testing it and do not know precisely when it will be released. This is confidential information. DO NOT DISCLOSE!
Advisory history:
a remote application publishing product that allows people to connect
to applications available from central servers.
One advantage of publishing applications using Presentation Server is
that lets people connect to those applications remotely, from their
homes, airport Internet kiosks, smart phones, and other devices
outside of their corporate networks.
From an end-user perspective, users can log in to their corporate
network from, for example, an airport kiosk, see all of the
applications they would see everyday at work, including Outlook email
ToorCamp is the United State's first ever full-scale hacker camp. Modelled after the camps in Holland and Germany, ToorCamp will focus on all of the technology topics that ToorCon has become famous for but will expand out into other areas of society. ToorCamp will offer 2 days of talks on many different topics -- Security, Internet, Emerging Technologies, Hardware Hacking, and Privacy are just some of the areas we will be covering. ToorCamp will also feature 2 days of hands-on workshops on a multitude of different skills that you may have never found yourself interested in learning about before. Blacksmithing, Lock Picking, Orienteering, Logic Design, Archery -- These are just a few of the topics you can expect.
ToorCamp is run by the same group that runs ToorCon and will also be heavily supported by many other hacker conferences in the US. ToorCamp will be organized as a bunch of different campsites which will be fully run by autonomous groups. We will provide the power and internet -- you provide the rest. We're heavily encouraging groups to build structures, setup art projects, throw parties, and generally do things that will show to the world that US hackers can throw a kickass hacker camp too!
Oh, and did we mention it'll be at a Titan-1 Missile Silo? We've managed to find one of the best locations in the northwest to throw this event. We've partnered with a group of people who are currently retrofitting the Silo into an ultra-secure datacenter so internet connectivity won't be a problem. ToorCamp will be situated in central Washington roughly 3 hours driving distance from Seattle and within 15 minutes drive of a private international airport. Don't miss this once in a lifetime opportunity to make history with us and help launch the first public US hacker camp!
LOGISTICS
ToorCamp will provide many of the basic hacker camp comforts such as:
pre-AIDs key party. Sure, you could bring your RFID readers, your lockpicks or
even your back track DVD but mostly you just need to bring yourself and the
willingness to learn.
For a little con down under we don't do too bad. Previously, Kiwicon has
featured: the Crackstation, iKat (last seen at a airport near you), layer two
telco shenanigans, a video montage of boardrooms across Japan, old school
phreaking on new school kit, exposure of RIM's failure to hide their snooping
capabilities, fun with the SCADA systems, making Microsoft look like turkeys,
nuking various heap protections from space, and of course fucking up the
certificate chain of your new passport.
If you're one of the domains that will be effected, and you're taken
down even though your network / system is stable and working properly,
that would be seen as an unnecessary outage. What happens if the system
doesn't boot back up properly after the power down? Now, the outage is
extended and perhaps critical systems are no longer available. I used a
nuclear power plant as an example, what if it were an airport, or a
city's 911 / Emergency service? Fire Department dispatch system? EMS
system? Do you still think that it's a non issue to take down an entire
system for one faulty domain?
--
Apple release a patch.
o Security-Advisory: TEHTRI-SA-2010-026 - 0day on ThalysNet
TEHTRI-Security found some security issues on Thalys European trains,
with the Internet access on board. To us, many Internet access shared on
airports, stations, trains, in-flights, hotels, etc, are full of
security vulnerabilities, because no penetration test were organized
with IT Security experts before the service is open to the public.
Dealing with ThalysNet, it concerns half a million of end-users.
ThalysNet was contacted.
http://www.univ-orleans.fr/lifo/Manifestations/COLSEC
May 18-22, 2009
The Westin Baltimore Washington International Airport Hotel
Baltimore, Maryland, USA
http://cisedu.us/cis/cts/09/main/callForPapers.jsp
Verified OSX 10.5 is not vulnerable to this attack.
Justin
--
Apple Advocate -- Macbook Pro 17 inch, Airport Express, Xsan, OSX Server, iPod Video, iPhone
.. in internet it is everytime!
----- Original Message -----
From: "Susan Bradley"
To: "Bob Fiero"
|
|
|
