Due every Sunday night by midnight.
Week 1:The most popular form of network access right now is wireless - so it's time to look at the security issues associated with using the air as your media for data transmission. My article explains the term "Bluejacking" which is basically a method of sending annoying messages to Bluetooth devices in your physical vicinity. It's not a real security threat - the article says it's more of an annoyance like ringing a doorbell and running away.
http://electronics.howstuffworks.com/bluejacking.htm (Read the 1st two pages, they are short ) then watch the video at this link: http://www.youtube.com/watch?v=vkAjPWNSIsg&feature=related (also very short)
The vulnerability exists because bluetooth is always on by default and available for associaton. The solution is to turn off your bluetooth when you don't need it. For instance, my iphone only needs bluetooth when I am using my headset in the car. Otherwise, I can disable that function and that will keep me safe from Bluejacking.
So, your job is to:
- find a website / article about a wireless vulnerability - give us the link
- describe the problem AND
- tell us how to protect against it.
8 comments:
http://www.computerarticles.co.uk/bluejacking-and-bluesnarfing/
BlueSnarfing takes advantage of vulnerabilities in susceptible handsets. It can gain access to confidential data within the phone like the contact list, pictures, videos and text messages. In some cases BlueSnarfer can dial numbers without the owner of the phone knowing. The best way to stop this is to keep your bluetooth off. If you have to use bluetooth make sure you are asked first before receiving messages.
1. http://www.wardrive.net/wardriving/faq
2. Wardriving is when a person, or group, drive around in a car looking for open wireless networks, also called wireless access points (WAPs). A stumbling utility on the computer they use detects these points and records them as being public.
3. The way to stop wardriving is that people should hide the SSID, so the WAP won't be discoverable. Also, putting a password on your wireless will prevent others from connecting to your network.
http://www.wired.com/threatlevel/2011/04/gonzalez-plea-withdrawal/
Article about the TJX Mastermind that pleaded guilty, says he was authorized to do what he was doing. towards the end explains how he got screwed over by the goverment. and that they told him that if he ever got caught, they would intervene and save him, which obviously they didn't, so this all could of been avoided by not trusting the government in the first place.
1. http://higherlogicdownload.s3.amazonaws.com/ACAMS/e91557e6-bbb6-4fc9-9b7c-eef66256706a/UploadedImages/pdf%20downloads/Chapters/NewYork/James_Verini_NYT_Article_The%20Great_Cyberheis_11-10-10.pdf
2. A coterie of hackers parked outside various Marshalls stores, cracked the wifi network, navigated the network and created logins and passwords to get in when they wanted. Then they accessed the national servers and used a VPN to do their work and this helped protect them from being caught. They used similar methods to attack various other stores like Office Max, Barnes and Noble, Target and many others.
3. This can be stopped by creating a more secure wireless network: not broadcasting the SSID, having a strong password using some form of WPA, and surrounding WAPs that hold sensitive data with concrete or plaster walls to stop the wireless signal from reaching beyond the walls of the store. However, the VPN they used could have only been detected if HIDS were used in the national TJX data center, because this data was encrypted and only HIDS can monitor this, while NIDS cannot.
My vulnerability is Rouge Access Points. The basic idea is that either an attacker or stupid user plugs in an unauthorized 802.11 wireless access point. This "rouge" access point allows an attacker to bypass any wireless security that the network admin has, giving easier access to network resources. It also allows an attacker to sniff any traffic that goes through the WAP. The article, http://www.wi-fiplanet.com/tutorials/article.php/1564431, provides several methods of protection, mainly taking an inventory of your network on a regular basis, as well as user training and increasing physical security.
http://www.infosecurity-magazine.com/view/783/wpa-cracked
WPA CRACK : Attention WPA has been cracked this article explains. Hackers manipulate this by using QoS channel to bypass basic WPA settings to create a legitimate access point. To protect from this vulnerably is by using a stronger encryption like WPA2.
http://www.eweek.com/c/a/Security/SCADA-Attacks-Holiday-Shopping-Android-Malware-Lead-Weeks-Security-News-735960/
A SCADA, or supervisory control and data aquisition attack takes advantage of computer run systems, used by water, electric and other utility companies that are protected by low levels of passwords, such as those with only three characters as was the case with a water utility breach in Springfield , Illinois. A way to stop wireless SCADA attacks is to use complex character(8 or more) passwords and have computer setting change passwords at reasonable intervals frequently. LOL at tommy
http://www.securityfocus.com/news/192
War Driving is a tactic used by many people that allows them to find wireless access points by driving around in a car. They use antennas inside their car to find these points.
Changing the name of your wireless network to a different name can help, but most importantly people should be using password to secure their Wireless networks.
Post a Comment