lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri Jun 23 11:23:45 2006 From: seemyhomepage at katsokotisivuilta.ni (Markus Jansson) Subject: Fw: Researchers hack Wi-Fi driver to breach laptop I bet I wasnt the only one just waiting first publications about these kinds of attacks. The drivers of various WiFi hardware are vulnerable and can be exploited very efficiently, even if the computer is not connecting/trying to connect to some network. Only defence is to turn them physically off when you dont need them and limit your usage of them to "somewhere safe". Concidering the range of these devices (BT over a mile away, WLAN even more, HSDPA even much more), threath is serious. http://www.infoworld.com/article/06/06/21/79536_HNwifibreach_1.html "Security researchers have found a way to seize control of a laptop computer by manipulating buggy code in the system's wireless device driver. ... Using tools like LORCON, Maynor and Ellch were able to discover many examples of wireless device driver flaws, including one that allowed them to take over a laptop by exploiting a bug in an 802.11 wireless driver. They also examined other networking technologies including Bluetooth, Ev-Do (EVolution-Data Only), and HSDPA (High Speed Downlink Packet Access). ... The victim would not even need to connect to a network for the attack to work..."You don't have to necessarily be connected for these device driver flaws to come into play," Ellch said. "Just because your wireless card is on and looking for a network could be enough." ... More than half of the flaws that the two researchers found could be exploited even before the wireless device connected to a network." -- ???My computer security & privacy related homepage http://www.markusjansson.net Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy.
Powered by blists - more mailing lists