lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri Jun 23 11:23:45 2006
From: seemyhomepage at katsokotisivuilta.ni (Markus Jansson)
Subject: Fw: Researchers hack Wi-Fi driver to breach
	laptop 

I bet I wasnt the only one just waiting first publications about these 
kinds of attacks. The drivers of various WiFi hardware are vulnerable 
and can be exploited very efficiently, even if the computer is not 
connecting/trying to connect to some network. Only defence is to turn 
them physically off when you dont need them and limit your usage of them 
to "somewhere safe". Concidering the range of these devices (BT over a 
mile away, WLAN even more, HSDPA even much more), threath is serious.



http://www.infoworld.com/article/06/06/21/79536_HNwifibreach_1.html
"Security researchers have found a way to seize control of a laptop 
computer by manipulating buggy code in the system's wireless device driver.
...
Using tools like LORCON, Maynor and Ellch were able to discover many 
examples of wireless device driver flaws, including one that allowed 
them to take over a laptop by exploiting a bug in an 802.11 wireless 
driver. They also examined other networking technologies including 
Bluetooth, Ev-Do (EVolution-Data Only), and HSDPA (High Speed Downlink 
Packet Access).
...
The victim would not even need to connect to a network for the attack to 
work..."You don't have to necessarily be connected for these device 
driver flaws to come into play," Ellch said. "Just because your wireless 
card is on and looking for a network could be enough."
...
More than half of the flaws that the two researchers found could be 
exploited even before the wireless device connected to a network."



-- 
???My computer security & privacy related homepage
http://www.markusjansson.net
Use HushTools or GnuPG/PGP to encrypt any email
before sending it to me to protect our privacy.

Powered by blists - more mailing lists