Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

C. J. Kelly

A Day in the Life of an Information Security Officer

Don't go wireless at Black Hat

19 comments

IT TOPICS:Security

I am attending the Black Hat conference in Las Vegas and one of the things I decided against is taking my laptop and wireless card. I don't want to end up on the wall of shame. If you go wireless at Black Hat, you will be sure to find your user names and passwords advertised at Black Hat as having been compromised. It's a game of sorts. I was not confident enough to brazenly offer up my user names and passwords.

This article reminded me of the dangers of going wireless at Black Hat or anywhere for that matter.

Apparently, "Security researchers David Maynor and Jon Ellch performed a digital drive-by Wednesday at the Black Hat USA conference. Their target: an Apple Computer Inc. MacBook." The researchers found ways of seizing control of Windows and Linux laptops as well.

The flaw is with the wireless device drivers, not with the Mac OS per se. "Maynor and Ellch's presentation got high marks from last year's most-talked-about Black Hat presenter, Michael Lynn, who was sued by Cisco after disclosing vulnerabilities in Cisco's Internetworking Operating System. 'That was pretty awesome,' Lynn said, as the two were mobbed by show attendees after their talk."

I am glad I am not wireless at Black Hat.

Email this

Digg this

What People Are Saying

Add new comment

How come you were so quick

Submitted by Anonymous on August 20, 2006 - 10:07 P.M.

How come you were so quick to pick up on the story of a Macbook being hacked?

Yet slow when it's been revealed as being fake? Maynor lied when he said he was using Apple's own wireless drivers and Krebs misrepresented the facts.

http://www.macworld.co.uk/news/index.cfm?NewsID=15605&Page=1&pagePos=12

Report this comment

The basic concept of

Submitted by Anonymous on August 5, 2006 - 11:01 P.M.

The basic concept of information flow means , its transfer to an intended recipient with others being kept out from prying in. If information is flowing in a channel wired or wireless and people use means electronic or otherwise to break in, then it is obvious that the channel is being monitored, altered or otherwise taken control of. The nature of communication necessitates the need for security, breaking in through the security barrier and so on so where is the great SURPRISE that it can be broken into ? Does it take Black Magic to break into a wireless channel ? The nature of communication means people are trying to protect and people are trying to break into. The game is eternal. Good to be obvious to facts and not cover facts with fancy, fiction and finally white house on top

Report this comment

I have an 80 gig laptop

Submitted by Greg McBride on August 5, 2006 - 10:52 P.M.

I have an 80 gig laptop harddrive with 40gigs left.

I am looking to have a two hard drive laptop but cannot find any answers.

It needs to be completed for the harddrive will freeze if a solution isn't found
E-mail gmcbride@optonline.net

Please forward information regarding this topic Thanks

GREG

Report this comment

If the problem lies with the

Submitted by HomeSecurity on August 5, 2006 - 8:10 A.M.

If the problem lies with the wireless device drivers, i.e. we know where the problem is, what are the manufacturers doing to prevent this?

Report this comment

Thanks to Aruba Networks'

Submitted by Anonymous on August 5, 2006 - 3:20 A.M.

Thanks to Aruba Networks' hardware at this years BlackHat users will had a much more secure experience. Including a seperation of each wireless user on the the network so they cannot "see" each other, and a search and destroy of rouge APs through a pinpoint DOS. Nice stuff

Report this comment

The fact that Linux is also

Submitted by Louis Bertrand on August 4, 2006 - 9:43 A.M.

The fact that Linux is also vulnerable should be on the wall of shame. Linux distros accept binary-only "blob" drivers from hardware vendors and rollover and die just as easily as Windows.

Users of open source must demand specifications and documentation from hardware vendors, not buggy code running with kernel privilege.

Report this comment

If you're just realizing

Submitted by Avrie00 on August 4, 2006 - 8:18 A.M.

If you're just realizing regular wireless is "sucureless" and now you'ld have to be clueless not to ... you should see how easy it is hack bluetooth. When you combine wireless and bluetooth in a mobile device you might as well paint a bullseye on your forehead. There are so many hardware flaws it doesn't matter what security protocols you're running. The manufacturers need to address this problem from the ground up. There isn't going to be a service pack to fix this problem.

Report this comment

The NSA already knows what

Submitted by Anonymous on August 4, 2006 - 8:03 A.M.

The NSA already knows what your next 3 meals are probably going to be.

Report this comment

So the NSA are using this

Submitted by me on August 4, 2006 - 7:55 A.M.

So the NSA are using this system to their advantage too as well the hackers for bad groups? Wow. Scary.

Report this comment

Please... The proper

Submitted by Anonymous on August 3, 2006 - 10:12 P.M.

Please...

The proper terminology is: "wireful"

Report this comment

Your next stop ... the Password Zone

Latest threat vector: Our mobile devices

Obama Drupal-ing around; whitehouse.gov goes open source

Testing Microsoft Security Essentials and the Hosts file

LIVE Nov 10, 2009 12:00 PM ET

Architecting Business Intelligence Applications for Change: The Open Solution

LIVE Nov 12, 2009 02:00 PM ET

The State of PCI DSS Compliance at Organizations Today
Download this resource today!

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Why Email Must Operate 24/7 and How to Make This Happen
Learn how to avoid an email outage by implementing a hosted email continuity solution.

Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!

All White Papers | All Webcasts