Hummmm....does this sound suspicious? Have to wonder about this third-party wireless card they used.
What do you think, Lee? Jane Begin forwarded message: > From: *Richard <rlkgroups at yahoo.com> > Date: August 8, 2006 1:52:57 AM EDT > To: wwwac at lists.wwwac.org > Subject: [wwwac] Researchers show 'systemic' vulnerability in wireless > computers > > http://news.lp.findlaw.com/ap/ht/58/08-03-2006/d1f500266bd7d457.html > Thursday, Aug. 3, 2006 > Researchers show 'systemic' vulnerability in wireless computers > By DAN GOODIN AP Technology Writer > > (AP) - LAS VEGAS-Some computers with wireless Internet capabilities are > vulnerable to attacks that could expose passwords, bank account details > and other sensitive information even if the machines aren't actually > online, researchers said. > > The researchers demonstrated the vulnerability at a computer-security > conference in Las Vegas Wednesday, showing how to take complete control > of a MacBook from Apple Computer Inc. But the two researchers, David > Maynor, 28, and Jon Ellch, a 24-year-old who prefers to go by his > hacker handle Johnny Cache, said the technique will work on an array of > machines, including those that run Microsoft Corp.'s Windows and the > free Linux operating system. > > "The problem itself isn't really an Apple problem," said Maynor, a > researcher at SecureWorks Inc., a network-monitoring company. "This is > a systemic problem across the industry." > > The technique, detailed during the first day of the Black Hat > conference, has broad implications for the large number of people who > over the past five years have grown accustomed to connecting to the > Internet wirelessly while sitting in airports, hotels and cafes. > > "It's an alarming weakness," said Phil Zimmermann, a software engineer > who specializes in data security. "Now I would rather connect using an > ethernet cable," he said, referring to the term for wired Internet > connections. > > Maynor and Cache showed a room of about 300 attendees a video in which > they dropped what is known as a "root kit" into a MacBook by exploiting > a weakness found in a wireless card, a component that uses radio waves > to connect to the Internet. A root kit is a virtually undetectable > program that criminals can use to do things such as log passwords and > gain access to sensitive files. > > Maynor was able to create, read and delete files on the Apple laptop. > The MacBook, which was running a fully patched version of the latest > Apple operating system, showed no indication that it had been > compromised. > > The MacBook used in the demonstration was not using the wireless gear > that shipped with the computer. Instead, they used a third-party > wireless card that they declined to name. > > Apple spokeswoman Lynn Fox declined to comment. > > The researchers were not identifying the makers or models of wireless > devices that are vulnerable, so that manufacturers have a leg up on > criminals who might use that information to exploit the > vulnerabilities. But Maynor said the flaws are so common that he'd have > no trouble walking into the typical Internet cafe and finding someone > vulnerable. > > "I have no doubt," he said in an interview following his presentation. > > He said the technique could be useful in targeting specific people or > specific groups of people who are in close proximity to an attacker - > for instance, a cafe that is frequented by executives of a particular > company. > > The researchers declined to demonstrate the attack live because they > said radio receivers in the room could allow people to detect their > techniques and use them to commit crimes. > > A computer need not be connected to the Internet to be infected. All > that's required is that it have certain wireless devices installed and > that those devices be turned on. > > Wednesday's demonstration came four days after Intel Corp., the world's > biggest chip maker, released security fixes for wireless capabilities > it includes with many of the laptop processors it sells. One of the > vulnerabilities fixed would have allowed someone to gain control over a > computer using the Intel wireless gear. > > Maynor said during his presentation that he and Cache did not provide > technical details of the attack to Intel but couldn't rule out a > connection between the findings and the Intel patch. > > "It's pretty interesting, the timing of it," Maynor said. "It seemed a > bit suspicious." > > -------------------------------------------------------------- > http://RLKI.com - R.L. KUPER, Inc. - Management Consulting > http://B2BNY.com - Where Business People Meet (TM) > http://TheKuperReport.com - The KUPER Report > http://ThisIsMyStore.com - The Place To Shop (TM) > http://TreasureZoom.com - The Place To Shop For Collectibles(TM) > http://ThisIsMyStore.com/sales.html - What's on Sale? > http://ThisIsMyStore.com/jobs.html - Shop for Jobs or Employees > http://ReadTheOpEdPage.com -- The Op Ed Page > -------------------------------------------------------------- > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > > ## The World Wide Web Artists' Consortium - http://www.wwwac.org/ > ## > ## To Unsubscribe, send email to: wwwac-unsubscribe at lists.wwwac.org > ## > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 5519 bytes Desc: not available Url : http://www.math.louisville.edu/pipermail/macgroup/attachments/20060809/e58c400b/attachment.bin
