Re: Many Wireless Security Breaches Reported At (RSA) Security Conference

2005-03-03 Thread Stefan Kelm
 (As I've said many times, security breaches reported at
 conferences full of security people don't count as a
 predictor of what's out in the real world as a threat.
 But, it makes for interesting reading and establishes
 some metric on the ease of the attack.  iang)

I also recommend the brief discussion between Marcus Ranum and
Bill Cheswick on the very same topic in the aftermath of the
recent USENIX Security Symposium:

  http://www.usenix.org/publications/login/2004-12/openpdfs/wireless.pdf

Cheers,

Stefan.

Unsere Anschrift und Telefonnummer haben sich geaendert!

Stefan Kelm
Security Consultant

Secorvo Security Consulting GmbH
Ettlinger Stra├če 12-14, D-76137 Karlsruhe

Tel. +49 721 255171-304, Fax +49 721 255171-100
[EMAIL PROTECTED], http://www.secorvo.de/
---
PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Many Wireless Security Breaches Reported At (RSA) Security Conference

2005-02-22 Thread Ian G
(As I've said many times, security breaches reported at
conferences full of security people don't count as a
predictor of what's out in the real world as a threat.
But, it makes for interesting reading and establishes
some metric on the ease of the attack.  iang)

http://www.mobilepipeline.com/showArticle.jhtml?articleID=60401970
February 18, 2005
Many Wireless Security Breaches Reported At Security Conference 

By Mobile Pipeline Staff
There were 32 Evil Twin attacks and many other types of security 
breaches aimed at Wi-Fi users of the recently-concluded RSA security 
conference, wireless security vendor AirDefense claimed Thursday.

In an Evil Twin attack, hackers set up bogus access points and try to 
get nearby wireless users to log on either. Then, they can steal 
information that the user transmits The use of this method of attack 
marks a significant shift in how eavesdroppers and hackers are trying to 
steal information from wireless LAN users, according to the company.

Rather than simply scanning for and identifying access points, people 
are now imitating access points, Richard Rushing, AirDefense's chief 
security officer, said in a statement. The same holds true for identity 
theft -- hackers have realized the value is in trying to become the 
access point or station, not merely finding one.

AirDefense regularly monitors the airwaves at industry conferences and 
reports the results afterwards. The company noted that the conference 
organizers made extraordinary efforts to provide secure wireless access, 
including as issuing digital credentials for accessing the wireless 
network used at the conference.

AirDefense acknowledged that the efforts made the conference's wireless 
network secure, but that didn't mean individual users were secure. 
That's because hackers were probing individual users' wireless profiles 
on their laptops, which list previously-used wireless networks. The 
hackers could then use the names of those networks to launch Evil Twin 
attacks.

We cannot stress how important it is for wireless users to clear their 
profile of access points on a regular basis, Rushing said. Wireless, 
by design, will always connect with the strongest signal, even if that 
means abandoning a secure connection.

The Evil Twin attacks mimicked networks such as T-Mobile's and Wayport's 
networks of public Wi-Fi hotspots. That meant that some users who 
previously had accessed those networks were automatically logged on to 
the bogus versions of those networks.

In addition, AirDefense noted that it detected other types of attacks at 
the conference. Specifically, it sand it found 116 attempts to spoof MAC 
addresses and 45 denial-of-service attacks against access points. It 
also found 28 unauthorized access points connected to the conference's 
wireless LAN. The unauthorized access points drew a lot of traffic, the 
company said.

--
News and views on what matters in finance+crypto:
   http://financialcryptography.com/
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]