Next Page >>
wireless technology
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless
LAN Controllers
Advisory ID: cisco-sa-20090204-wlc
http://www.cisco.com/warp/public/707/cisco-sa-20090204-wlc.shtml
------
* Marvell Driver EAPoL-Key Length Overflow
Summary:
--------
* The wireless drivers in some Wi-Fi access points (such as the
MARVELL-based Netgear WN802T) do not correctly parse malformed EAPoL-Key
packets. This packet is used for unicast/multicast key derivation (which
are called 4-way handshake and group key handshake) of any secure
wireless connection (WPA-PSK, WPA2-PSK, WPA-EAP, WPA2-EAP).
------
* Marvell Driver Null SSID Association Request Vulnerability
Summary:
------
* The wireless drivers in some Wi-Fi access points (such as the
MARVELL-based Netgear WN802T) do not correctly parse SSID information
element included in association requests. Most information elements are
used by the wireless access point and clients to advertise their
capabilities (regarding rates, network name, cryptographic
capabilities...). More precisely, the SSID is used by the access point
------
* Atheros Driver Reserved Frame Vulnerability
Summary:
--------
* The wireless driver in some Wi-Fi access points (such as the
ATHEROS-based Netgear WNDAP330) do not correctly parse malformed
reserved management frames.
Assigned CVE:
-------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory:
Cisco Wireless Control System Conversion Utility Adds Default Password
Advisory ID: cisco-sa-20071010-wcs
http://www.cisco.com/warp/public/707/cisco-sa-20071010-wcs.shtml
------
* Marvell Driver Multiple Information Element Overflows
Summary:
--------
* The wireless drivers in some Wi-Fi access points (such as the
MARVELL-based Linksys WAP4400N) do not correctly parse information
elements included in association requests. Most information elements are
used by the wireless access point and clients to advertise their
capabilities (regarding rates, network name, cryptographic capabilities...).
------
* Atheros Vendor Specific Information Element Overflow
Summary:
--------
* The wireless drivers in some Wi-Fi access points (such as the
ATHEROS-based Linksys WRT350N) do not correctly parse the Atheros vendor
specific information element included in association requests. This
information element is used by wireless devices to advertise Atheros
specific capabilities.
------
* Marvell Driver Malformed Association Request Vulnerability
Summary:
--------
* The wireless drivers in some Wi-Fi access points (such as the
MARVELL-based Linksys WAP4400N) do not correctly parse some malformed
802.11 frames.
Assigned CVE:
-------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
Advisory ID: cisco-sa-20090727-wlc
http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Wireless Control System Tomcat mod_jk.so
Vulnerability
Advisory ID: cisco-sa-20080130-wcs
http://www.cisco.com/warp/public/707/cisco-sa-20080130-wcs.shtml
Hi everyone, i just like to announce officially the release of our
wireless keyboard sniffer Keykeriki.
An addition to the official press release;
Website: http://www.remote-exploit.org/Keykeriki.html
Video with some demonstration available on website as well
Contact: hardhack@remote-exploit.org
The first lot of pre-fab PCBs will arrive until the end of this week.
==================================================
INFO
==================================================
The wireless client, WeFi v3.3.3.0 is susceptible to a local information disclosure due to irresponsible coding. Earlier versions may also be affected.
==================================================
DISCUSSION
==================================================
Due to the WeFi client storing the keys in memory, a dump is able to show valid WEP, WPA and WPA2 keys that can be used by a local attacker. This information can often be found around the 044296C0 offset. An attacker could easily dump the credentials from memory whilst walking past a laptop with an autorun U3 USB. The file that keeps the keys in memory is as follows:
DETAILS
Extensible Authentication Protocol (EAP) is a framework used for
authentication in wireless and
point-point connections (RFC 3748). Aruba Mobility Controller accepts
EAP frames on both wireless
interfaces (via its thin APs) and wired interfaces (via devices
connected to untrusted physical
ports on the controller). In 802.11 networks, EAP frames are only used
SEC Consult Security Advisory < 20090429-0 >
=======================================================================
title: Proxy bypass vulnerability & plain text passwords
in LevelOne AMG-2000
product: LevelOne AMG-2000 Wireless AP Management Gateway
vulnerable version: Firmware <=2.00.00build00600
impact: critical
homepage: http://www.level1.com
found: 2008-12-16
by: J. Greil / SEC Consult / www.sec-consult.com
lower levels. People attending this course will receive decaped parts,
large format prints of the die, flash drives with high-resolution
pictures of the die, and hands-on access to chip reverse engineering
equipment.
Building/Hacking Open Source Embedded Wireless Routers
Instructor: Ken Caruso & Matt Westervelt
Availability: 9 seats left
This workshop is setup to teach people how to deploy real-world large
scale wireless networks using open source hardware and software.
lower levels. People attending this course will receive decaped parts,
large format prints of the die, flash drives with high-resolution
pictures of the die, and hands-on access to chip reverse engineering
equipment.
Building/Hacking Open Source Embedded Wireless Routers
Instructor: Ken Caruso & Matt Westervelt
Availability: 9 seats left
This workshop is setup to teach people how to deploy real-world large
scale wireless networks using open source hardware and software.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Multiple Ralink wireless drivers: Execution of arbitrary
code
Date: July 12, 2009
Bugs: #257023
ID: 200907-08
-------------------------
Multiple vulnerabilities in WiFi router COMTREND CT-536/HG-536+
II. BACKGROUND
-------------------------
The CT-536 is an 802.11g (54Mbps) wireless and wired Local Area
Network (WLAN) ADSL router. Four 10/100 Base-T Ethernet and single USB
ports provide wired LAN connectivity with an integrated 802.11g WiFi
WLAN Access Point (AP) for wireless connectivity. The CT-536 ADSL
router provides state of the art security features such as WPA data
encryption; Firewall, VPN pass through.
SUMMARY
A Denial of Service (DoS) vulnerability was discovered during standard
bug reporting procedures. A malformed 802.11 association request frame
causes a crash on the Access Point (AP) causing a temporary DoS
condition for wireless clients. Prior successful security association
with the wireless network is not required to cause this condition. The
AP recovers automatically by restarting itself.
AFFECTED ArubaOS VERSIONS
| Software | |
|----------------------------+-------------------------------|
| Cisco Wide Area File | CSCtd04106 |
| Services Software (WAFS) | |
|----------------------------+-------------------------------|
| Cisco Wireless Control | CSCtd01625 |
| System | |
|----------------------------+-------------------------------|
| Cisco Wireless LAN | CSCtd01611 |
| Controller (WLAN) | |
|----------------------------+-------------------------------|
--------------------------------------------------------------------------
Trango Broadband Wireless
M5830 Series Rogue SU Authentication Bug
Date : 15 December, 2009
By: Blair - jediblair@gmail.com
--------------------------------------------------------------------------
Background
====================================================
Security Research Advisory
Vulnerability name:
"3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass"
Advisory number: LC-2008-05
Advisory URL: http://www.ikkisoft.com
====================================================
1) Affected Hardware/Software
=========================
WBR-3460A comes with firmware version 1.00.06 installed, this happens to be the only available version that is not affected by the vulnerability described below, however it lacks of WPA2-PSK support and also of external/internal port mapping in Virtual servers configuration page, amongst other things.
II Background:
==============
The Level-One WBR-3460A is an ADSL2/2+ Modem/Wireless Router which runs Linux BusyBox v0.61.pre on a 32-bit RISC 4KEc V4.8 processor at 211 BogoMIPS, it incorporates 14 MB of RAM and four 10/100 Ethernet ports.
III Description:
================
Performing an nmap scan on the internal address I came up with the following:
- Security Management
- Social Engineering
- Virtualisation
- VoIP Technology
- Web Security
- Wireless Technology
Please note, that we are a non-product, non-vendor biased security
conference and do not welcome vendor pitches in the conference talks or
trainings. We will provide an opportunity for vendor self presentation
through sponsorship and vendor booths in the conference lounge, where
Over the past few years, ToorCon has been known for providing hands-on workshops which focus on teaching a wide range of skills in a small classroom environment. The main goal is to teach the basics and provide the audience with the tools to expand on their knowledge on their own after the 2-day workshop is over. We have an exciting list of workshops to choose from this year:
Software Defined Radio Workshop
Instructor: Michael Ossman
Includes: Use of a USRP (If you would like a USRP kit included in your training cost, please contact us)
Software Defined Radio (SDR) techniques are rapidly becoming essential to all areas of wireless security research. Recent attacks on Bluetooth, GSM, wired and wireless keyboards, implantable medical devices, RFID, and more have been made possible by software radio. A combination of lectures, software exercises, and over-the-air projects, this workshop will provide the hands-on background in digital signal processing and radio engineering required to apply software radio techniques to practical hacking of diverse wireless systems. If you have experience developing software but lack experience with radio technology and digital signal processing, this workshop is for you.
Application Security Workshop
Instructor: Jared DeMott
Includes: CD with VMWare images and printed training materials
There are four technical skills required by security researchers, software quality assurance engineers, or developers concerned about security: Source code auditing, fuzzing, reverse engineering, and exploitation. All these skills and more are covered. C/C++ code has been plagued by security errors resulting from memory corruption for a long time. Problematic code is discussed and searched for in lectures and labs, with WebGoat introduced as well. Fuzzing is a topic book author DeMott knows about well. Mutation file fuzzing and framework definition construction (Sulley and Peach) are just some of the lecture and lab topics. When it comes to reversing C/C++ (Java and others are briefly discussed) IDA pro is the tool of choice. Deep usage of this tool is covered in lecture and lab. Exploitation discussions and labs are the exciting final component. You’ll enjoy exploiting BSD local programs to Vista browsers using the latest techniques.
session hijacking, buffer overflow, denial of service, social
engineering, etc.). Collaborative organizations require better
security properties (strong authentication, efficient encryption,
Mandatory Access Control, integrity, non-repudiation and
availability). Nowadays, collaborative organizations use new
technologies such as mobile devices, smartcards, wireless networks,
high performance networks, grid computing, multi-agent systems,
peer-to-peer systems, sensor networks. These environments introduce
new needs, requirements and difficulties related to security. Hence,
collaborative organizations and technologies face several challenges in
the field of security.
- Security Management
- Social Engineering
- Virtualisation
- VoIP Technology
- Web Security
- Wireless Technology
Please note, that we are a non-product, non-vendor biased security
conference and do not welcome vendor pitches in the conference talks or
trainings. We will provide an opportunity for vendor self presentation
through sponsorship and vendor booths in the conference lounge, where
> metrics. It provides 17 modules like Visibility Audit, Trust
> Verification, Property Validation, and Competitive Intelligence
> Scouting, each which describes multiple attacks (called Tasks), for 5
> different interaction types with a target (called Channels) organized by
> technical knowledge and equipment requirements as Human, Physical,
> Telecommunications, Data Networks, and Wireless. An example attack task
> under the Wireless Channel for Trust Verification states, “Test and
> document the depth of requirements for access to wireless devices within
> the scope with the use of fraudulent credentials.” As if that wasn’t
> already deep, it even waxes security philosophy with things like,
> “Compliance requirements which enforce protection measures as a
Conference Tracks (17 – 18 Nov, 2009)
You can submit your response for any the following three conference tracks
* CT 1 - Application, Database & Web Security
* CT 2 - Infrastructure Security (Network / Wireless/ Bluetooth / Malware / Forensics / Cyber- terrorism / Physical Security / Information warfare etc.)
* CT 3 - Risk Management / Compliance
Session will have to be delivered in any one of the following Session format for Conference talks:
thinking, and trust metrics. It provides 17 modules like Visibility
Audit, Trust Verification, Property Validation, and Competitive
Intelligence Scouting, each which describes multiple attacks (called
Tasks), for 5 different interaction types with a target (called
Channels) organized by technical knowledge and equipment requirements
as Human, Physical, Telecommunications, Data Networks, and Wireless.
An example attack task under the Wireless Channel for Trust
Verification states, “Test and document the depth of requirements for
access to wireless devices within the scope with the use of fraudulent
credentials.” As if that wasn’t already deep, it even waxes security
philosophy with things like, “Compliance requirements which enforce
Next Page>>
|
