Sunday Apr 29, 2007

SLOTD 2007-04-30: Improved WiFi security in OpenSolaris

This was a great weekend for WiFi on OpenSolaris (and thus future releases of Solaris and Solaris Express) [build 64]. Not only did we get a driver for the Intel Centrino 3945 chipset but more importantly (well at least in the eyes of a security geek like me) we got support for WPA-PSK. I've been working with the project team, not as a core developer - mostly design advice and codereview, on this for quite some time now and I'm really glad to see it integrated I'm really pleased with the architecture and the implementation.

Yeah I know lots of other operating systems had this already and now we do to! This combined with NWAM which integrated its first deliverables into build 62 and we are really going somewhere with usability and security for Solaris on laptops.

Now I can put WPA-PSK on my home router again instead of relying on WEP, not brodcasting my ssid and MAC address restrictions. Meanwhile the project team are now off developing WPA Enterprise support, I expect to work with them a little as they design and implement that support.

- Darren

Sunday Apr 15, 2007

2007-04-16 Security Link Of The Day

First, some news: we have a new look and feel / theme for the blog and in response to a comment from one reader (Hi William!) the "categories" - General, Alerts, News - have all been broken-out in the page header, along with links to the relevant RSS feeds for each.

So if you prefer to separate the Sun Security Alerts from the Security postings, all you need do is bookmark or subscribe to the relevant page / feed. I'd like to thank Chandan for his as-ever superb graphic tastes... Er.. yes, something like that. You know what I mean.

Second: an observation that I should really have followed-up some time ago; I run almost exclusively Solaris upon my laptops, and having developed the habit early-on for some time now I've been faffing with WiFi configuration at a fairly raw level. - I eschew the GUI convenience of inetMenu and the automation of NWAM in favour of handhacked shellscripts.

In these circumstances I have thus become more intimate than most with the output of Solaris's wifi-administration tools.

For ages I've been plagued by offers of Free Public WiFi - for that is the name of the network, one sees it everywhere - whenever I've been scanning for network access, and it finally struck me to actually look the damned things up. There were too many of these networks for them to be a legitimate enterprise.

Instantly I found a blog posting which not merely explained the phenomenon, but also outlined my extant fears and my eventual conclusion too; in short the phenomenon is not a computer-borne virus but a human-borne viral meme which is caused (enabled?) by a XP misfeature:


So what are these things? In doing a search, I found some references in security-related discussion groups to the phenomenon, and lots of instances of people spotting these, even on airplanes. But didn't see what I was afraid I'd find -- that this is some kind of virus or spyware that sets up an ad hoc network as a trap.

It appears to be a manifestation of a feature of Windows that I wrote about earlier this year. When Windows connects to a network, it retains that network's name, or SSID, then broadcasts its as an ad hoc network, essentially inviting a connection. You can find more details here. Microsoft has said it will fix this in the next XP service pack; it's unclear if Windows Vista behaves this way.

So why do you see so many of these? My theory: It's viral, but not a virus!

What's the thing almost everyone wants to find when they open a WiFi-enabled notebook and search for a connection? Why, free public WiFi! If you see that -- and you don't know any better -- you connect to it.

Your notebook then retains that SSID, broadcasting it as an ad hoc network. Others see you, connect to you, pick up the name, and later pass it on. And on and on it goes. Since people travel with their notebooks, it's easy for this to have moved quickly, across the country -- like a cold spreading in the closed confines of an airplane cabin. (continues...)

See also this and this.

As a student of IT security taxonomy, to me this is clearly different from all of the typical viruses, worms and trojans; I feel that 'meme' is the only remaining accurate description, although I'd welcome alternative suggestions.

- alec


This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.


« April 2014