Tuesday Apr 17, 2007

2007-04-18 Security Link Of The Day

Today's link comes straight from Robin Wilton:

UK's first 'bandwidth theft' arrests

Yesterday's radio news carried this BBC story about two arrests in Worcestershire for theft of network access. Two individuals, in separate incidents, were apparently seen using laptops in parked cars, and subsequently cautioned for the offence of 'dishonestly obtaining electronic communication services with intent to avoid payment'.

I know there are some householders who see this as a 'victimless' activity, and who are happy to leave their wireless access points open for others to access. In some cases I'm sure it is a harmless and indeed neighbourly thing to do... but it's worth reflecting for a moment on some of the other possibilities this opens up.

At the root of it is the fact that this is a form of identity theft.


It strikes me that this is only a step away from prosecuting people for running kismet or even just scanning for local hotspots; of course the law is rarely so starkly black and white ("you scanned for a wireless network to attach to, you're going down...") but it would not surprise me for someone to try and whamp this up to be the next great threat to society...

Databases of registered MAC addresses, anyone?

Sunday Apr 15, 2007

2007-04-16 Security Link Of The Day

First, some news: we have a new look and feel / theme for the blog and in response to a comment from one reader (Hi William!) the "categories" - General, Alerts, News - have all been broken-out in the page header, along with links to the relevant RSS feeds for each.

So if you prefer to separate the Sun Security Alerts from the Security postings, all you need do is bookmark or subscribe to the relevant page / feed. I'd like to thank Chandan for his as-ever superb graphic tastes... Er.. yes, something like that. You know what I mean.

Second: an observation that I should really have followed-up some time ago; I run almost exclusively Solaris upon my laptops, and having developed the habit early-on for some time now I've been faffing with WiFi configuration at a fairly raw level. - I eschew the GUI convenience of inetMenu and the automation of NWAM in favour of handhacked shellscripts.

In these circumstances I have thus become more intimate than most with the output of Solaris's wifi-administration tools.

For ages I've been plagued by offers of Free Public WiFi - for that is the name of the network, one sees it everywhere - whenever I've been scanning for network access, and it finally struck me to actually look the damned things up. There were too many of these networks for them to be a legitimate enterprise.

Instantly I found a blog posting which not merely explained the phenomenon, but also outlined my extant fears and my eventual conclusion too; in short the phenomenon is not a computer-borne virus but a human-borne viral meme which is caused (enabled?) by a XP misfeature:


So what are these things? In doing a search, I found some references in security-related discussion groups to the phenomenon, and lots of instances of people spotting these, even on airplanes. But didn't see what I was afraid I'd find -- that this is some kind of virus or spyware that sets up an ad hoc network as a trap.

It appears to be a manifestation of a feature of Windows that I wrote about earlier this year. When Windows connects to a network, it retains that network's name, or SSID, then broadcasts its as an ad hoc network, essentially inviting a connection. You can find more details here. Microsoft has said it will fix this in the next XP service pack; it's unclear if Windows Vista behaves this way.

So why do you see so many of these? My theory: It's viral, but not a virus!

What's the thing almost everyone wants to find when they open a WiFi-enabled notebook and search for a connection? Why, free public WiFi! If you see that -- and you don't know any better -- you connect to it.

Your notebook then retains that SSID, broadcasting it as an ad hoc network. Others see you, connect to you, pick up the name, and later pass it on. And on and on it goes. Since people travel with their notebooks, it's easy for this to have moved quickly, across the country -- like a cold spreading in the closed confines of an airplane cabin. (continues...)

See also this and this.

As a student of IT security taxonomy, to me this is clearly different from all of the typical viruses, worms and trojans; I feel that 'meme' is the only remaining accurate description, although I'd welcome alternative suggestions.

- alec


This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.


« April 2014