lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.58.0509081708060.7541@kungfunix.net>
Date: Fri Sep  9 03:16:21 2005
From: techn9ne at infiltrated.net (Spinoza DesCartes)
Subject: Worldwide WEP Vulnerability Disclosure


====================
Product:    Remote Wireless Panties
            http://www.kissntellparties.com/wirelessremote.html
Versions:   All
Bug:        DoS vulnerability
Impact:     Attacker's can cause overflow.
Date:       Septmber 08, 2005
Author:     Spinoza DesCartes
	    Perfidious Security Team
            Email: techn9ne@...iltrated.net
====================

///-->
Introduction
///-->

Remote Wireless Panties are something of a novelty used by women
for pleasure. Although this may not be the proper forum for it, it is
nevertheless a security problem. At first I was reluctant to post this
message for fear of ridicule, but I figured I would let the experts handle
this one. Besides it is a wireless issue.

///-->
The bug
///-->

These wireless panties run off of a wireless frequency ranges of
2.400GHz to 2.500GHz which is typical of say a cordless phone
wireless router, etal. When someone uses this product there seems
to be some form of interference coming from multiple wireless
products which causes the product to behave erratic and jack
up its speed.

///-->
The Fix
///-->

Create a Wireless Tunnel between the product and the product's remote
this helps ensure that only the intended product alone understands the
transmitted signals. Tunnled signals are encrypted and unless using
encryption - transmitted data may reach unintended recipients.

Encrypting also ensures that it remains uncorrupted throughout the
connection and allows the user to flexibility move about freely
sending and receiving signals. Temporal Key Integrity Protocol (TKIP)
and in 2004, Advanced Encryption Standard points can be used in
the future as well depending on the need for high level encrption.

///-->
The exploit
///-->

No known exploits exist however cordless telephones, ham radios,
and all other sorts of wireless products seem to interfere with the
product which makes it somewhat of a danger (if viewed this way)
to anyone using the product.

Attacker can adjust speeds, and flicker with the power.

///-->
The fix
///-->

VPN's or WEPS can be used to secure the connection to the product
but one might want to simply avoid using it near other wireless products

///-->
Vendor Status
///-->

Vendor notified

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ