Researchers Hack Wi-Fi driver to Breach Laptop 199
InfoWorldMike writes "Security researchers have found a way to seize control of a laptop computer by manipulating buggy code in the system's wireless device driver, reports Robert McMillan. The hack will be demonstrated at the upcoming Black Hat USA 2006 conference during a presentation by David Maynor, a research engineer with Internet Security Systems and Jon Ellch, a student at the U.S. Naval postgraduate school in Monterey, California. They used an open-source 802.11 hacking tool called LORCON (Lots of Radion Connectivity) to throw an extremely large number of wireless packets at different wireless cards and see if they fail. They declined to disclose the specific details of their attack before the August 2 presentation, but said it was potentially a huge hole because exploiters could simply sit in a public space and wait for the right type of machine to come into range to attack. "This would be the digital equivalent of a drive-by shooting," said Maynor. The victim would not even need to connect to a network for the attack to work, he said."
Great news (Score:4, Funny)
Re:Great news (Score:5, Funny)
Re:Great news (Score:2)
"Backwards compatibility"? A lot of anti-productivity software [microsoft.com] is designed for Windows; it's not just a bunch of old DOS software.
Not that UN*X+X11 doesn't compete [kde.org] there [gnome.org].
At least Apple doesn't bundle much in the way of anti-productivity software [apple.com] with OS X - no Solitaire, for example.
Re:Great news (Score:5, Funny)
(this isn't going to be pretty.... *ducks*)
Re:Great news (Score:2)
Disclosure? (Score:5, Insightful)
Greater problem (Score:5, Insightful)
I am slowly convinced, that any larger piece of C(++)-Code which handles strings, has in fact at least one Buffer overflow.
So, what will happen. The card-manufacturer might fix the bug, nobody updates, and 20 new bugs in other drivers are found, perhaps 10 of them beeing the same bug.
What's really nice about it is that Intel recently claimed, that something like this was not probable.
So, what's the solution?
1. Educate your programmers about the programmers about the language they are using. Most people who write in C(++) don't know anything about how the language works. A C(++) Programmer without firm knownledge of assember on that plattform should never be allowed to write production-grade C(++)-Code.
2. If you cannot educate your programmers, switch your language. There are plenty of Alternatives avaliable. I mean people switched to Java for no appearent reasons. If you switch to, for example, Scheme you will get a clean object oriented language without any large speed penality.
3. Build compatible devices. Make one standard like the old soundblaster one, or the AC97 so all WLAN-cards of a certain class are buildt equal. Then you could even build WLAN functionality into the BIOS. The code would only have to be written once and therefore would be less buggy.
Even Greater Problem (Score:5, Insightful)
I've been working with end users enough at uni and work to realise the most even the slightly geeky user will only ever upgrade their graphics card on their laptop when they are forced too.
This will be a huge problem no matter how you look at it full stop.
While on one hand I can't wait to get my hands on the sploit I'm just thinking how painful this will be unless Windows (and this is the only OS I'm worried about as most Linux and Mac users will get a new driver in their regular updates if they are effected) works out some way to force an update for all wireless drivers out there.
Re:Even Greater Problem (Score:5, Insightful)
even the slightly geeky user will only ever upgrade their graphics card on their laptop when they are forced too.
I know we are talking about exploits here and exploits should be fixed. I disagree, however, that you should upgrade your drivers continuously *without a good reason*.
First it requires you to keep track about all driver releases of your system (if you're a network admin, it might even be many more configurations) Upgrading some point releases will probably not do much.
Second is stability: if your system is stable with your current drivers and performs well, why would you upgrade? Upgrading drivers always jeopardizes your system. Windows might not like the driver or the combination of drivers you need. That's a good reason to standarize the drivers you put on your machines.
Third, you need to realise that a "driver update" might not even concern your hardware device. Many drivers these days are unified. Is a point-release going to affect you at all. For example, if you have an older GeForce MX2, will the latest NVidia driver include *any* changes for you? I doubt it. It might even introduce new bugs because said driver has been optimized for a newer card and breaks compatibility with your older card. The last argument of course, brings us back to point two.
Fourth: many third party drivers are bad as hell and the standard Windows drivers do a good enough job. For many devices, there is no need at all to install drivers in the first place. Do you really install the Logitec drivers for your standard 3-button/scrollwheel mouse? I most certainly do not.
Essentially, it all boils down to: if it ain't broke, don't fix it.
Re:Even Greater Problem (Score:2)
Re:I agree...but I don't...but I do... (Score:4, Interesting)
Of course, users should apply critical updates. Even in a perfect world, where drivers are only changed for critical stuff, the problem is: how are they going to know? You might say "Windows Update", but that only works for Windows drivers and you know as well as I do that most, if not all, drivers are third-party drivers.
My example for Logitec mice stands: I am pretty much the only one that buys a mouse, plugs it in and it works. Other people *think* they need to install *everything* that is on the included CD. It is not the responsibility of Microsoft to push third-party driver updates over Windows Update. It is not their responsibility nor their role.
The only other solution to the problem is: every single driver needs to check the "mothership" for updates every other time. Just like antivirus programs do, just like Windows Update works. I do not even want to imagine what kind of resources that would use, and even less what kind of havoc it might cause because a "bad driver" got released that borks about every second computer in the world. Oh, and I'm ignoring all privacy issue that such a system would bring with it.
Re:I agree...but I don't...but I do... (Score:4, Insightful)
On unix OS's, you can get updates for all your apps and drivers from one place, and the distributor will make the newest versions available for you.
Windows however is very messy and disjointed, you can get updates for the core OS from windowsupdate, but even many microsoft products have to be updated seperately, and forget about any third party apps/drivers you might have installed.
You end up with an update service running for every program you have installed, or having to manually check for, download and install updates which becomes a HUGE pain in the ass when you have lots of apps installed.
MacOS isn't quite as bad, since the software update feature will update all your apple-branded apps as well as the OS, but your still screwed when it comes to third party apps.
Contrast this with a modern linux distro, where 99% of the apps your ever likely to need will come with the distro and be supported/updated by them... And for the remaining 1%, you can usually add additional package sources to your system package manager so you can still update everything in a central and consistent manner.
Re:Even Greater Problem (Score:2, Insightful)
That's because laptop drivers are of notoriously shitty quality. IMHO the non-upgradeability of laptops favors a "whole system" approach over more modular designs. Somehow programmers of drivers for laptop hardware seem to think it's ok to write to one specified configuration, validate the whole system and be done with it. They take all sorts of shortcuts and ignore interoperability design guidel
Laptops are "special" (Score:3, Interesting)
I've been working with end users enough at uni and work to realise the most even the slightly geeky user will only ever upgrade their graphics card on their laptop when they are forced too.
Well considering upgrading the graphics card would take, at the least, a large amount of disassemly and soldering on 99.9% of laptops maybe it's a good thing end users don't try ....
More seriously a lot of the problems with laptops is that vendors, nvidia, ati, intel, et al will not ship drivers for the parts used i
Re:Laptops are "special" (Score:2)
ATI's OEM drivers are universal for desktops. They will run on laptop if and only if the laptop manufacturer pays them a licensing fee. You can use a third party tool to "unlock" the driver, or you can go in and edit the hardware IDs by hand.
Yet Another Reason to prefer Nvidia. I used to be a big ATI fan, but I've since then learned that Nvidia really has its driver handling down, in comparison. ATI's seen massive improvements, but given how far the
Re:Greater problem (Score:5, Insightful)
Anyone ever heard of writing a device driver in a language other than C/C++ (or straight assembly)? I sure haven't. I mean, I suppose theoretically it would be possible, but I really don't think it's practical.
Better to go with option number 1. Don't put up with shitty programmers, just get better ones. If shitty programmers stop getting paid, shitty programmers will stop occurring.
Re:Greater problem (Score:5, Insightful)
Just think of the many DOS 3D-graphics libraries written in Pascal. Those directly accessed your hardware.
Or think of (real) Macintoshes (not those Intel thingies). Their whole firmware is written in Forth. In fact all firmware device drivers of Macs and IBM P-Series as well as Sun computers are written in Forth, it's the "Open Firmware" standard.
In fact, the first Forth system was a computer designed to controll a telescope. The Forth programm directly accessed the hardware, probably via an internal layer of sub-routines.
Then of course, if you have watched TV during the 80s you have probably seen 3D graphics going through a system entirely written in LISP, the LISP-machine.
So, why does nobody use any other language than C for that?
Well first of all, Unix was written in C. In fact it was even the reason why C was invented, to have a platform-independant "assembler" with some very limited high-level functionality.
The same language was also chosen for Windows, as well as Linux.
Now the point is, if you write a device driver for those modern OSes, you will find template programms or tutorials you just fill in your code. Those templates typically are in the language of the OS, which is now typically C.
The problem goes even further. I have seen university students studying informatics, and they don't even know a single language outside the Algol block. (=C, Pascal, C++, Java, VB...) They don't even know Forth or Lisp, let along Prolog. Some of those people have never considered looking out of their boxes into what's beyond Algol.
I'm not saying C is bad per se. What I am saying is that C may be mathematically universal, you can do everything with it in theory, but for any given slightly more complex task it's just not suitable.
If you are not convinced, write a little "derivation"-Programm in C where I can enter something like x^2 and out comes 2*x. Then look into the book "Programming in Prolog" and look at the examples, you will find one the deriving programm there has just a few lines. Maze-solving programms consist of about a handfull of lines plus a pine for every connections.
Now look at C. C seems to be so broken, that not even the compilation process itself is written in C. Look at makefiles. That's a non-algol language only designed to compile C Programms. Isn't that sick?
C is good for number-crunching, but definitely not for anything touching strings.
Re:Greater problem (Score:3, Funny)
While I can't say anything for using C with strings, the real number crunchers of the world agree that God's language is the only appropriate one, fortran.
Re:Greater problem (Score:5, Funny)
No joke. Device drivers should be written in Fortran. Because if there was any bug in the program, the device driver would never ever work in the first place. Not even partially.
I think we have solved the problem here folks. Just remember you saw it here first on slashdot.
Another idea - need to open source you program, but really don't want to - use Cobol.
Re:Greater problem (Score:3, Insightful)
I agreed with you up to this point. Makefiles are used to compile *anything*, not just C programs, so I see no reason why they should be written in C. Further, most C compilers are written in C. And BTW, what language was your Prolog interpreter written in?
C is good for number-crunching, but definitely not for anything
Re:Greater problem (Score:3, Informative)
The real "freedom" in C is pointer arithmetic and unchecked type-casting.
Re:Greater problem (Score:2)
it brings you the freedom to cast an appropriately sized integer to a pointer to access an absoloute memory location (not used much in modern desktop development but bloody important in embedded work).
now C and C++ aren't the only languages that c
Re:Greater problem (Score:2, Informative)
Originally in Fortran [murdoch.edu.au]
Re:Greater problem (Score:3, Interesting)
Why dont all you Lisp, Scheme, Haskell and Java OO-fanboys get together and do it right? Go ahead, start a project on sourceforge, grab some old mobo and implement an OS for it. And while you're at it throw out the BIOS too (Assembler, YUCK!). Given the vast superiority of OO languages that should be cake, isn't it? Just imagine all the productivity gains since you never have to debug all those buf
Re:Greater problem (Score:3, Informative)
http://common-lisp.net/project/movitz/ [common-lisp.net]
there is someone who's working on booting SBCL cores directly with the bootloader in Forth) [it boots, but the cross-compiler has some issues]
there's a version of smalltalk (of squeak?) that runs without any underlying OS.
There were several lisp or scheme *chips* in the 70s and 80s.
Also, what exactly do you see in common between Java and Haskell?
Finally, how in the world is that comment even slightly
Done. (Score:3, Informative)
Regards,
Steve
Forth and open firmware. (Score:5, Insightful)
Second of all, and very importantly, you can fit an entire forth development environment into a few k. Might need 5-10 on these new fangled 32 bit machines. That is the whole thing, no separate compiler, runtime libraries, nothing like that. So, in the time it takes to study the gcc source enough to start porting it to a new architecture, you can write a complete forth interpreter in assembly, burn it to an eprom, and start talking to your new architecture over a serial line.
And as you might expect, much like C, the bare metal is open to you. ! and @ are the commands to store and fetch variables. But they don't just work for variables, they work for any address you want to pass them.
Re:Forth and open firmware. (Score:2)
Insightful!? (Score:3, Informative)
The Borland libraries were written in C and assembler. They had a bit of pascal glue so that you could do graphics from TP/BP.
> Their whole firmware is written in Forth.
Only little more than is needed to post, for example the analogue of a VGA BIOS. Later in boot drivers provided by the OS take over.
> TV during the 80s you have probably seen 3D graphics going through a system entirely written in LISP, the LISP-machine.
What!? Some
Re:Open Firmware (Score:2)
It is possible to write a new driver in Forth, incorporate it into a new Open Firmware image, and burn it into the EEPROM. In fact, it is possible to write an entire OS based upon Forth and replace the OEM's operating
Re:Greater problem (Score:5, Insightful)
At some point, when an entire population of users spends years using a tool wrong, you have to stop blaming the users and start fixing the tools.
Re:Greater problem (Score:2)
I remember a pair of devices we had that were specalized for automation control. the windows drivers were written in Visual Basic.
I did not know any of this until we rebult the machine by hand and after installing the drivers I kept getting an error on loadup. Calling the Vendor they said I needed to
Re:Greater problem (Score:3, Interesting)
They also mention some benchmarks against the current Windows line up with some surprising results.
mod parent down (Score:5, Interesting)
For the record, it is also perfectly possible to write safe C code with a good deal of rigor and some basic knowledge of the platform. You certainly don't need to know how to write at a lower level as long as you understand the concepts involved and the particular features of the hardware. People do it all the time and plenty of libraries exist to enable this.
And finally, people hardly switched to Java for "no apparent reason". It's not in the least my language of choice, but for some groups it has a distinct number of advantages over C or C++. In summary, I'm convinced you have no idea what you're talking about.
Re:mod parent down (Score:2)
Yes, it is.
But neither of those are present in a good chunk of "professional" "programmers"
Re:Greater problem (Score:5, Insightful)
I fail to see how this prevents someone from using libc functions in an unsafe way.
Re:Greater problem (Score:3, Insightful)
Well in that case that would include all your high level language interpreters and
compilers too and possibly the code they generate. After all , at some point someone
has to code to the metal.
>A C(++) Programmer without firm knownledge of assember on that plattform should never be allowed to write production-grade C(++)-Code.
Why? If they're writing device drivers I'd agree , but f
Re:Greater problem (Score:2)
Anyway, there is another way to lessen the impact of crappy drivers...
Get drivers out of the kernel! Yes, folks. Microkernel OS! Treat every process as a principle and grant only the required privileges for operation of the device/application.
I'll wait while you folks code one up for me in your elite programming language. Done yet? C'mon, I don't have all day to wait!
Re:Disclosure? (Score:2)
Contrary to anti-DMCA FUD, the DMCA *allows* this (Score:5, Informative)
Contrary to the FUD spread by DMCA opponents (I am not endorsing the DMCA, merely pointing out that all sides, "good" or "bad" engage in FUD), this is perfectly legal.
Quotes are from http://thomas.loc.gov/cgi-bin/query/F?c105:6:./te
First we have the government exception:
"David Maynor, a research engineer with Internet Security Systems and Jon Ellch, a student at the U.S. Naval postgraduate school in Monterey, California."
(e) LAW ENFORCEMENT, INTELLIGENCE, AND OTHER GOVERNMENT ACTIVITIES- This section does not prohibit any lawfully authorized investigative, protective, information security, or intelligence activity of an officer, agent, or employee of the United States, a State, or a political subdivision of a State, or a person acting pursuant to a contract with the United States, a State, or a political subdivision of a State. For purposes of this subsection, the term `information security' means activities carried out in order to identify and address the vulnerabilities of a government computer, computer system, or computer network.
Then we also have a security research exemption:
`(j) SECURITY TESTING-
`(1) DEFINITION- For purposes of this subsection, the term `security testing' means accessing a computer, computer system, or computer network, solely for the purpose of good faith testing, investigating, or correcting, a security flaw or vulnerability, with the authorization of the owner or operator of such computer, computer system, or computer network.
`(2) PERMISSIBLE ACTS OF SECURITY TESTING- Notwithstanding the provisions of subsection (a)(1)(A), it is not a violation of that subsection for a person to engage in an act of security testing, if such act does not constitute infringement under this title or a violation of applicable law other than this section, including section 1030 of title 18 and those provisions of title 18 amended by the Computer Fraud and Abuse Act of 1986.
`(3) FACTORS IN DETERMINING EXEMPTION- In determining whether a person qualifies for the exemption under paragraph (2), the factors to be considered shall include--
`(A) whether the information derived from the security testing was used solely to promote the security of the owner or operator of such computer, computer system or computer network, or shared directly with the developer of such computer, computer system, or computer network; and
`(B) whether the information derived from the security testing was used or maintained in a manner that does not facilitate infringement under this title or a violation of applicable law other than this section, including a violation of privacy or breach of security.
`(4) USE OF TECHNOLOGICAL MEANS FOR SECURITY TESTING- Notwithstanding the provisions of subsection (a)(2), it is not a violation of that subsection for a person to develop, produce, distribute or employ technological means for the sole purpose of performing the acts of security testing described in subsection (2), provided such technological means does not otherwise violate section (a)(2).
I'd cut and paste more but I think readers will get the point.
Re:Contrary to anti-DMCA FUD, the DMCA *allows* th (Score:2)
Re:Contrary to anti-DMCA FUD, the DMCA *allows* th (Score:2)
No, I think you have greatly distored things with your snipping. Let's see it in context again. Note "the factors to be considered shall include", other factors are not ruled out. Regarding "promote the security of the owner or operator of such computer
DMCA Security research exemption (Score:2)
My reading of the exemption -- and which I believe is the safest reading, in the absence of good guidance by the courts on this matter (that I am aware of) --
Re:Contrary to anti-DMCA FUD, the DMCA *allows* th (Score:5, Informative)
Lawrence Lessig in his book called Free Culture (freely downloadable in pdf, google it) details how is this broken.
The researchers are able to research, but they are not able to publish their findings. So they can't share what they've learned legally. This is the difference between theory and practice.
Allowable disclosure similar to GPL in odd way? (Score:2)
"whether the information derived from the security testing was used solely to promote the security of the owner or operator of such computer, computer system or computer network"
It does sound as if, at a minimum, you can disclose the problem to people who have that system. In an odd way it's similar to the GPL, you
Re:Contrary to anti-DMCA FUD, the DMCA *allows* th (Score:2)
Note that you didn't post reference links, so let's examine that restricting (a)(2) section.
(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that--
(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
(B) has only limited commercially signifi
Re:Contrary to anti-DMCA FUD, the DMCA *allows* th (Score:2)
`(3) FACTORS IN DETERMINING EXEMPTION- In determining whether a person qualifies for the exemption under paragraph (2), the factors to be considered shall include--
`(A) whether the information derived from the security testing was used solely to promote the security of the owner or oper
Dunno about others experiences (Score:2)
Of course I have other problems as the power socket on my laptop is now dodgy so a unit that cost ~$4000 AUD is now useless unless I want to spend ~$1500 AUD to replace its main board all for the sake of a 5 cent socket. Time for some amateur soldering!
Re:Disclosure? (Score:2)
What fun.
Re:Disclosure? (Score:5, Informative)
In order for this hack to work it essential for the wireless driver to handle at least some MAC and encryption functions in software. In that case it is available for a hit simply by the fact of being active, regardless of the connection status. Most modern cards are like this (if not all). Atheros also definitely fits the bill. In fact it is more likely to fit the bill because more bits are implemented in software compared to Centrino. So do a few others.
As far as Centrino you are to some extent right that it is the most likely candidate. The reason for this is that it has "feature" called preassociation. It will search and connect to the strongest AP in the area even if you have set the connection inactive. It is enough to load the driver and not have the antenna off.
Re:Disclosure? (Score:2)
Of course, experience says that when a media article on such problems just says "computers", they are almost always talking about Microsoft software. But we shouldn't assume this, since non-MS systems have occasionally had vulnerabilities. And lately, we've read of a number of problems with "smart phones", including some not running MS software.
Driver problems have often be
Base Station? (Score:3, Interesting)
Re:Base Station? (Score:4, Funny)
Re:Base Station? (Score:3, Funny)
You are welcome to come to our dojo and try through the Exalted Master of Shin-Fu base station. But beware, warrior.
I'll wager... (Score:2, Funny)
Re:I'll wager... (Score:2)
I'm not saying thats the affected configuration, I'm just saying...
Re:I'll wager... (Score:3, Funny)
OpenBSD (Score:5, Interesting)
Re:OpenBSD (Score:5, Insightful)
I'd bet on the latter.
Re:OpenBSD (Score:2)
Re:OpenBSD (Score:2)
Most likely (now that I think about it more) is that the vulnerable wireless hardware is unsupported under OpenBSD, or is supporetd by a not-vulnerable blob-free driver. (Even if the OpenBSD driver is vulnerable, I'd be very surprised indeed if the problem turns out to be exploitable enough to qualify as a remote hole.)
Re:OpenBSD (Score:5, Insightful)
My thoughts exactly. Even if this exploit creeped in to the drivers, it'll be fixed byt tomorrow (or as soon as the ppl explain how the exploit works). Others will be waiting for weeks for a binary release from wifi vendors. And the vendors'll keep quiet about it, because they don't want to lose face.
People call Theo de Raadt a hardass for his stance on blobs. Torvalds calls him "difficult", but in the end he's right.
An OS that wants to be secure can't include code or grant rights to code, of whcih it doesn't know the source. How can you call something secure, if you've got a large piece of code with lots of rights and you don't know what the hell it does?
Fixed in FreeBSD five months ago. (Score:5, Informative)
Security researchers have found a way to seize control of a laptop computer by manipulating buggy code in the system's wireless device driver
Whether this is a new bug or not, it's certainly not a new type of bug.
Re:Fixed in FreeBSD five months ago. (Score:3, Informative)
The stuff they have there, has files with dates going back to 2003 inside the files.
Re:Fixed in FreeBSD five months ago. (Score:2, Informative)
No.. it's not, but in the article says it very clear:
From The Article:
This vuln is for an specific driver, we still don't know what is the flaw either
Clearly the solution is... (Score:4, Funny)
They used an open-source 802.11 hacking tool
Clearly the solution for stopping people finding security holes is to make distributing open source hacking tools illegal. Isn't this already covered by the DMCA or do we need a new law?
Re:Clearly the solution is... (Score:2, Insightful)
Webster to the rescue (Score:5, Funny)
Tool: a handheld device that aids in accomplishing a task
An example of a hacking tool is an ax or hatchet. Almost all laptops seem vulnerable to this hacking tool. One previously unknown exploit is that this hacking tool can make a wired network into a wireless network.
Thank you and good night.
Is this supposed to be sarcastic? (Score:5, Insightful)
When open source hacking tools are made criminal, only criminals have access to security.
I thought the purpose was to find security holes and close them?
I can only hope this is supposed to be sarcastic, but it was modded +4 interesting. With no tags or marks, over the medium it's impossible to tell.
Re:Is this supposed to be sarcastic? (Score:2)
Unfortunately, the sarcasm is that it likely isn't sarcasm.
There is some assumption that if nobody goes looking for the security flaws, the security flaws will cease to exist.
[sarcasm]If you don't go looking for bugs, the bugs won't exist.[/sarcasm]
If you have a bug, the best you can hope for is for the bug to be demonstrated in a spectatular but essentially harmless fashion.
What normally happens is that people get bit without even realizing it.
Re:Is this supposed to be sarcastic? (Score:3, Interesting)
Exactly what I just said, in more words, in a letter to my local MP, about a recently passed act. Except I was talking about hacking tools in general, not open source ones.
ugh. Head in Sand Defense. (Score:5, Insightful)
That's a bad joke, please? Bad because people might get ideas. Makers of crappy devices will soon say much the same. It makes me ill.
The real solution, of course, is to avoid crappy closed source drivers. Efforts such as ndis wrapper, while a nice, bring closed source fragility to free software. Free drivers, when broken will be fixed. Good luck getting a fix for that ancient POS you bought at the CompUSA taken care of.
Sticking your head in the sand won't fix your closed source driver. Free tools will help find the problem. Not having the tool won't make the problem disappear and the kinds of people who would bother with a "drive by" will keep doing it despite any silly laws.
Re:ugh. Head in Sand Defense. (Score:2)
No, but sticking your laptop in the sand might protect you from this remote exploit.
no need (Score:2, Insightful)
Videogames are being used as an excuse way way too much for cont
Re:Clearly the solution is... (Score:5, Interesting)
They are illegal. Not in words on paper, but in practice. Prosecutors like smoking guns, and thats how they use trivial shit. Just get yourself suspected of a related crime, and then have said tools on your laptop."Was there any evidence that the defendant used such tools?" "Yes ma'am, we found something called 'cracklib' on his laptop which is used with other tools to cracking passwords, there is no other reason for it your honor".
I also learned one other thing that day; judges have zero sense of humor. I think its a requirement for the job or something.
Re:Clearly the solution is... (Score:3, Informative)
http://www.publications.parliament.uk/pa/cm200506
Re:Clearly the solution is... (Score:2)
I think gcc, gdb and vim all constitute open source hacking tools... Oh sorry, did you mean cracking tools?
Buffer or Integer overflow? (Score:3, Insightful)
Great! (Score:4, Funny)
Once again.... (Score:5, Insightful)
Unfortunately, any bit of code that runs on your computer is a potential vulnerability. The best possible solution is to minimize what's running, and update quickly if possible... but even that isn't necessarily protection. I seriously believe that the bad guys will always be one step ahead. Makes my career in security a bitch, but at least guarantees a paycheck.
Re:Once again.... (Score:2, Interesting)
So what? (Score:4, Funny)
Save battery = save DoS (Score:5, Insightful)
Presumably you must still have WiFi turned on though. To save battery life, mine is usually off unless I'm connected.
Turn it off! (Score:5, Insightful)
Wait a minute.. (Score:4, Funny)
And that's just cruel. I mean, you fried the guy's BALLS, man.
Drive by shooting? (Score:5, Funny)
In related news, 50cent wants laptops for inner city kids. [cbsnews.com]
Mr. Cent was quoted as saying: Now you can be a victim of a driveby without ever leaving the house, how gangsta is that? Mr. Cent refused to comment whether the laptop will be available with a 1000W sound system or gold plated mouse mouse options.
Diebold's voting machines (Score:5, Interesting)
all things survival (Score:3, Interesting)
In essense, prey evolves defenses to reduce predation.
thus predators must evolve to overcome the defenses
of the prey. same thing here.
with the hardware manufacturers (and their coders):
they've done the "get it working" and the "make it fast" steps.
Now they have to do the "get it right" step.
again we hear of it (Score:5, Interesting)
It's time that access to source code for device drivers was mandated by law: if hardware manufacturers will not supply the source code for their drivers, then they simply should not be allowed to sell the product. It has to be demanded from above, because of the {false, and patently so} perception that releasing driver source code or specifications might benefit competitors: if everyone has to do it then no-one will benefit unfairly.
Now, in the case of wireless devices, there is a definite possibility that the device could be reprogrammed to operate in a different way to that for which type-approval was granted. So it should be made clear that the approval covers the hardware and software as a combination, and altering the software may cause the device to operate in a non-approved manner. Just by the general principle of "innocent until proven guilty", anyone using a modified version of a device driver would only be liable for prosecution if they actually caused undesirable interference. Anyway, this is how it works in industry: type-approval procedures are published, you can certify your own products, but if at a later date they are discovered not to meet the requirements, then it's your responsibility to deal with it.
Legislation is the real risk in this scenario (Score:3, Insightful)
I don't buy it. First, do you really trust the legislative process to meaningfully define (for actual, real-world use in an industry moving 5000mph) terms like "device" and "driver?" It's bad enough when a judge decides to get involved in discussing what is, and is not part of an operating system
fine, make it everything, not just drivers (Score:2)
Then we give customers certain rights in the event of an emergency (security hole in the firewall software, data corrupting bug in the business-critical database, etc.) and in the event that the supplier becomes unable to sell more licenses (bankrupcy, etc.).
Re:fine, make it everything, not just drivers (Score:2)
This is already true when all of the parties involved want it to be true. Plenty of large customers (corporate, government, etc) insist on just that sort of thing, depending on the size and nature of their purchases. Contracts for that sort of access are completely routine.
if we're going to have patents, there's got to be some way to spot violations, right?
The patent holder is just fine scoping around for obvious violations of their patents. Do you really want
Re:fine, make it everything, not just drivers (Score:2)
While this is common in software written by contract, it is unheard of for retail software. Normal consumers don't even get to negotiate the terms of the EULA. Because there is no negotiation and because the balance of power is so slanted, there is a need for the la
Re:Legislation is the real risk in this scenario (Score:2)
You appear to be mixing Parliament with the Courts. Beside which, it would be easy enough to provide a catch-all "if in doubt, supply the source". I think the test is something li
Download link + mirror (Score:5, Informative)
lorcon d/l: http://802.11ninja.net/code/lorcon-current.tgz [11ninja.net]
airbase info: http://www.802.11mercenary.net/ [11mercenary.net]
airbase d/l: http://www.802.11mercenary.net/code/airbase-stabl
code mirror: http://www.qcs-rf.com/slashdot [qcs-rf.com]
Great stuff (Score:2)
Any second thoughts... (Score:2)
OpenBSD's removal of vendors' binary drivers... (Score:5, Insightful)
Why was this announced NOW? (Score:2, Insightful)
The real black-hats who were working on other projects will read this, shift gears, and reproduce the attack within a week or so even without any more details.
A more responsible solution would be to either wait until a patch was released, or if the companies dragged their feet about it, give the companies a month or two's lead time then publicly announce the paper's release along with a
Splinter Cell (Score:2)