Next Page >>
wireless network
* Software Engineering and Security
* Honeypots/Honeynets
* Spyware, Phishing and Botnets (Distributed attacks)
* Newly discovered vulnerabilities in software and hardware
* Electronic/Digital Privacy
* Wireless Network and Security
* Attacks on Information Systems and/or Digital Information Storage
* Electronic Voting
* Free Software and Security
* Assessment of Computer, Electronic Devices and Information Systems
* Standards for Information Security
- Software Engineering and Security
- Honeypots/Honeynets
- Spyware, Phishing and Botnets (Distributed attacks)
- Newly discovered vulnerabilities in software and hardware
- Electronic/Digital Privacy
- Wireless Network and Security
- Attacks on Information Systems and/or Digital Information Storage
- Electronic Voting
- Free Software and Security
- Assessment of Computer, Electronic Devices and Information Systems
- Standards for Information Security
Cisco WCS systems that have not been converted from a CiscoWorks WLSE using the
conversion utility are not affected by this problem. Additionally, Cisco WCS
systems that have been converted from a CiscoWorks WLSE using the conversion
utility for version 4.2 or later are not vulnerable.
For more information about Cisco Unified Wireless Network Software Release 4.2,
visit:
http://www.cisco.com/en/US/products/ps6973/prod_bulletin0900aecd806b7f8a.html
No other Cisco products are currently known to be affected by this
* Software Engineering and Security
* Honeypots/Honeynets
* Spyware, Phishing and Botnets (Distributed attacks)
* Newly discovered vulnerabilities in software and hardware
* Electronic/Digital Privacy
* Wireless Network and Security
* Attacks on Information Systems and/or Digital Information Storage
* Electronic Voting
* Free Software and Security
* Assessment of Computer, Electronic Devices and Information Systems
* Standards for Information Security
A Denial of Service (DoS) vulnerability was discovered during standard
bug reporting procedures. A malformed 802.11 association request frame
causes a crash on the Access Point (AP) causing a temporary DoS
condition for wireless clients. Prior successful security association
with the wireless network is not required to cause this condition. The
AP recovers automatically by restarting itself.
AFFECTED ArubaOS VERSIONS
DETAILS
ArubaOS and AirWave maintain information on all wireless network SSIDs
and APs visible
on the wireless network and the general vicinity. This information is
used for security
and reporting purposes. An attacker could plant an AP with maliciously
crafted SSID and
* Software Engineering and Security
* Honeypots/Honeynets
* Spyware, Phishing and Botnets (Distributed attacks)
* Newly discovered vulnerabilities in software and hardware
* Electronic/Digital Privacy
* Wireless Network and Security
* Attacks on Information Systems and/or Digital Information Storage
* Electronic Voting
* Free Software and Security
* Assessment of Computer, Electronic Devices and Information Systems
* Standards for Information Security
Direct Download: http://chmag.in/issue/jun2011.pdf
Articles in the magainze:-
Tech Gyan - Pentesting your own Wireless Network
Tool Gyan - Wi-Fi tools
Mom's Guide - Wireless Security - Best Practices
Legal Gyan - Copyrights and cyber space
Matriux Vibhag - Forensics with Matriux Part - 2
Poster of the month - Can you cage a Wi-Fi signanl ?
>> :: Description ::
>>
>> I have found Android device's behavior which I deem it is inappropriate.
>> I am not sure if it can be classified as a vulnerability. The problem
>> appears when an Android device have connected to hidden SSID wireless
>> networks. The default behavior of most OSes is to shout out to see if
>> there is an expected hidden SSID over there. A legitimate access point
>> would reply with a probe response. However, a rouge access point could
>> also reply with a fake probe response and continue further negotiation
>> until it captures WPA handshake. Android devices will automatically and
>> gratefully accept the fake response while other OSes, including Windows,
:: Description ::
I have found Android device's behavior which I deem it is inappropriate.
I am not sure if it can be classified as a vulnerability. The problem
appears when an Android device have connected to hidden SSID wireless
networks. The default behavior of most OSes is to shout out to see if
there is an expected hidden SSID over there. A legitimate access point
would reply with a probe response. However, a rouge access point could
also reply with a fake probe response and continue further negotiation
until it captures WPA handshake. Android devices will automatically and
gratefully accept the fake response while other OSes, including Windows,
Scope
-----
In particular, we are looking for topics in the following domains:
* Operating system and application security
* Wired and wireless network security
* Mobile communication security
* Forensics and anti-forensics
* Digital privacy and anonymous communication
* Reverse engineering of software and hardware
* Malware collection and analysis
2046 Dec-24-2001 00:02:42 calibra.dat
lftp 192.168.1.1:~>
It is possible to download igwpricf.dat file (and another) where plain-text password to web access and wireless network are keeping.
rafal@localhost ~ $ strings igwpricf.dat
Linksys
IntotoSoft
A Denial of Service (DoS) vulnerability was discovered during standard
bug reporting procedures. A malformed 802.11 probe request frame causes
a crash on the Access Point (AP) causing a temporary DoS condition for
wireless clients. Prior successful security association with the
wireless network is not required to cause this condition. The AP
recovers automatically by restarting itself.
AFFECTED ArubaOS VERSIONS
During the buildup at the CCC 27c3 congress in Berlin we noticed several Apple Macbooks kernel paniced while connected to the wireless network. We identified the cause of this issue and we are able to reproduce this as well.
It seems to be limited to the aluminum unibody Macbooks, running OS X 10.6.5 with the following Broadcom wireless chip:
Card Type: AirPort Extreme (0x14E4, 0x8D)
Firmware Version: Broadcom BCM43xx 1.0 (5.10.131.36.1)
The problem occurs when 802.11n MCS0 (Modulation and coding scheme) is disabled on a Cisco Wireless Controller. This scheme is mandatory according to the IEEE standard (802.11n-2009, page 265). Deselecting this MCS is available through the web interface (both WCS and WLC) and the console without a notification about the fact that it is mandatory:
(Cisco Controller) >config 802.11a disable network
* Code Analysis
* Forensics and Anti-Forensics
* Embedded Device Security
* Web Application Security
* Network Traffic Analysis
* Wireless Network Security
* Cryptography and Cryptanalysis
* Social Engineering
* Law Enforcement Activities
* Telecommunications Security (SS7, 3G/4G, GSM, VOIP, etc)
- The D-Link RangeBooster G™ WBR-2310 with enhanced 108 features the
industry’s first default 108Mbps* “Dynamic Mode” that allows clients
to always operate at the highest possible speeds while automatically
identifying and recognizing other D-Link RangeBooster G™ products for
highest performance capability and seamless access to the wireless
network in a homogeneous environment.
[Bug Description]
- The Embedded Web Server does not sanitize correctly a crafted GET
request leading to Denial-of-Service.
whether your computer or network can be attacked from the Internet (using any one of
the known or unknown binary planting bugs).
You should also know that any network-based countermeasure (such as blocking SMB and
WebDAV at the perimeter) will stop protecting you when you connect your computer to
another network, such as a hotel-provided or public wireless network. Running the
test in various setups you're using might therefore be a good idea.
Additional information here:
http://blog.acrossecurity.com/2010/08/online-binary-planting-exposure-test.html.
Background
==========
NDISwrapper is a Linux kernel module that enables the use of Microsoft
Windows drivers for wireless network devices.
Affected packages
=================
-------------------------------------------------------------------
A privilege escalation vulnerability exists only in WLC software version
4.2.173.0, and could allow a restricted user (i.e., Lobby Admin) to gain
full administrative rights on the affected system.
Note: Wireless network users are not affected by this vulnerability.
This vulnerability is documented in Cisco Bug ID CSCsv62283 and has
been assigned the Common Vulnerabilities and Exposures (CVE) identifier
CVE-2009-0062.
Security issues were identified and fixed in networkmanager:
GNOME NetworkManager before 0.8.6 does not properly enforce the
auth_admin element in PolicyKit, which allows local users to bypass
intended wireless network sharing restrictions via unspecified vectors
(CVE-2011-2176).
Incomplete blacklist vulnerability in the svEscape function in
settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME
NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when
CVE Id : CVE-2008-4395
Debian Bugs : 504696
Anders Kaseorg discovered that ndiswrapper suffers from buffer overflows
via specially crafted wireless network traffic, due to incorrectly
handling long ESSIDs. This could lead to the execution of arbitrary
code.
For the oldstable distribution (etch), this problem has been fixed in
"AMG-2000 is an AP Management Gateway dedicatedly designed for small to
medium-sized network deployment and management, making it an ideal solution
for easily creating and extending WLANs in SMB offices. With its user
management features, administrators will be able to manage the whole process
of wireless network access. In addition, Access Point (AP) management
functions allow administrators to discover, configure, update, and monitor all
managed APs from a single secured interface, and from there, gain full control
of entire wireless network."
Spoof Eye-Fi listener on local or remote network.
In addition to these issues, there are several wireless related risks associated
with the Eye-Fi sending out probe requests. Using Karma like programs, a rouge
wireless network can be setup, through which the Eye-Fi card will automatically pass
the images, allowing them to be capture.
More details on this program and the vulnerabilities are located at:
http://www.informit.com/articles/article.aspx?p=1174944
information.
Background
==========
Wicd is an open source wired and wireless network manager for Linux.
Affected packages
=================
-------------------------------------------------------------------
CVE-2009-4027
Lennert Buytenhek reported a race in the mac80211 subsystem that
may allow remote users to cause a denial of service (system crash)
on a system connected to the same wireless network.
CVE-2009-4536 & CVE-2009-4538
Fabian Yamaguchi reported issues in the e1000 and e1000e drivers
for Intel gigabit network adapters which allow remote users to
o Code Analysis
o Forensics and Anti-Forensics
o Embedded Device Security
o Web Application Security
o Network Traffic Analysis
o Wireless Network Security
o Cryptography and Cryptanalysis
o Social Engineering
o Law Enforcement Activities
o Telecommunications Security (SS7, 3G/4G, GSM, VOIP, etc)
An issue was discovered in 2.6.32.x kernels, which sets unsecure
permission for devtmpfs file system by default. (CVE-2010-0299)
Additionally, it was added support for Atheros AR2427 Wireless
Network Adapter.
To update your kernel, please follow the directions located at:
http://www.mandriva.com/en/security/kernelupdate
_______________________________________________________________________
o Code Analysis
o Forensics and Anti-Forensics
o Embedded Device Security
o Web Application Security
o Network Traffic Analysis
o Wireless Network Security
o Cryptography and Cryptanalysis
o Social Engineering
o Law Enforcement Activities
o Telecommunications Security (SS7, 3G/4G, GSM, VOIP, etc)
4. Or they could download a backup copy of the configuration file for the device (the same file can be obtained by viewing the contents of "/tmp/nvram"); by viewing that file one can easily extract the ADSL account logins or any other information is curious about, as everything is stored in plaintext - once again)
IV Vulnerability Exploited Successfully:
========================================
1. While we were connected through the Ethernet interface, and
2. While we were connected via the security-enabled (WPA2-PSK) wireless network we had setup (and our wireless NIC's MAC address was in the list of the trusted MACs)
V Proof of Concept:
===================
tasos@nyx:~$ telnet 192.168.0.1
Trying 192.168.0.1...
o Code Analysis
o Forensics and Anti-Forensics
o Embedded Device Security
o Web Application Security
o Network Traffic Analysis
o Wireless Network Security
o Cryptography and Cryptanalysis
o Social Engineering
o Law Enforcement Activities
o Telecommunications Security (SS7, 3G/4G, GSM, VOIP, etc)
Next Page>>
|
