lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri Sep  9 14:41:25 2005
From: sil at infiltrated.net (J. Oquendo)
Subject: Worldwide WEP vulnerability


====================
Product:    Remote Wireless Panties
            http://www.kissntellparties.com/wirelessremote.html
Versions:   All
Bug:        DoS vulnerability
Impact:     Attacker's can cause overflow.
Date:       Septmber 09, 2005
Author:     Spinoza DesCartes
	    Infiltrated dot Net Security Team
            Email: techn9ne@...iltrated.net
====================

///-->
Introduction
///-->

Remote Wireless Panties are something of a novelty used by women for
pleasure. Although this may not be the proper forum for it, it is
nevertheless a security problem. At first I was reluctant to post this
message for fear of ridicule, but I figured I would let the experts handle
this one. Besides it is a wireless issue.

///-->
The bug
///-->

These wireless panties run off of a wireless frequency ranges of 2.400GHz
to 2.500GHz which is typical of say a cordless phone wireless router,
etal. When someone uses this product there seems to be some form of
interference coming from multiple wireless products which causes the
product to behave erratic and jack up its speed.

///-->
The Fix
///-->

Create a Wireless Tunnel between the product and the product's remote this
helps ensure that only the intended product alone understands the
transmitted signals. Tunnled signals are encrypted and unless using
encryption - transmitted data may reach unintended recipients.

Encrypting also ensures that it remains uncorrupted throughout the
connection and allows the user to flexibility move about freely sending
and receiving signals. Temporal Key Integrity Protocol (TKIP) and in 2004,
Advanced Encryption Standard points can be used in the future as well
depending on the need for high level encrption.

///-->
The exploit
///-->

No known exploits exist however cordless telephones, ham radios, and all
other sorts of wireless products seem to interfere with the product which
makes it somewhat of a danger (if viewed this way) to anyone using the
product.

Attacker can adjust speeds, and flicker with the power. This can lead to
sensory overload for the client.

///-->
The fix
///-->

VPN's or WEPS can be used to secure the connection to the product but one
might want to simply avoid using it near other wireless products

///-->
Vendor Status
///-->

Vendor notified


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x97B43D89
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89

It is much easier to suggest solutions when you know nothing
about the problem. -- Niklaus Wirth

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ