Archive for January, 2006

Winamp and Shoutcast vulnerabilities

Tuesday, January 31st, 2006

In the last several days there have been a couple vulnerabilities disclosed that I should cover. The first up is related to Winamp. Version 5.12 is vulnerable to a problem with the way it handles .pls (playlist) files. This could allow very bad things with a specially crafted pls file. There were some workarounds mentioned, [...]

Linksys BEFW11S4 ver. 4 wireless router locking up (default password and hard reset info too)

Monday, January 30th, 2006

Not long ago a customer offered me a slightly used Linksys BEFW11S4 ver. 4 wireless router for free. He had replaced it with an 802.11g router (this is only a b) shortly after purchase and said if I knew anyone that wanted it I could have it. Well, it’s hard for me to let tech [...]

Network Security – Arp spoofing series

Monday, January 30th, 2006

I think I’ve wrapped up the series on arp spoofing and it’s implications for network security. I know there’s nothing earth shattering here, most network security types are well aware of the problems (and perhaps aware of more sophisticated solutions?). For some though, this series is likely an eye opener as there are myths that [...]

Network Security – how should an open wireless access point be run beside a safe network?

Monday, January 30th, 2006

So, let’s say we want to have an open wireless access point for some reason. (Maybe offering it to guests if you’re a business?) There are certainly a lot of BAD ways to give open wireless access. As we’ve seen in this series so far, it could be quite easy to hijack all connections in [...]

Network security – what does arp spoofing mean for wireless?

Monday, January 30th, 2006

So, if you haven’t already had enough cause to tighten your wireless security…. we’ve been talking about arp poisoning (spoofing) and the basic conclusion is that IF an attacking machine is on the same subnet as your machine (same IP address range), they can “own” all traffic from you machine to the gateway. It doesn’t [...]

Network Security – Defenses against arp spoofing

Monday, January 30th, 2006

So, we’ve spent a couple articles talking about arp spoofing. It sounds really bad, it’s a frighteningly easy way to do a “mitm” or man in the middle attack and anyone using arp spoofing could capture ALL network traffic including passwords. There’s got to be an easy fix right? Um…. well. This is not something [...]

Network Security – so https and ssh are immune to arp spoofing right?

Monday, January 30th, 2006

When a machine has been arp spoofed, ALL network traffic from it is likely passing through a “hostile” machine. So, NO, https and ssh traffic is not immune, it is travelling through a hostile machine. However, it should be encrypted. There are a few exceptions though. SSH version 1 is a broken encryption scheme and [...]

Network Security – Arp spoofing

Monday, January 30th, 2006

So…. what is arp spoofing (poisoning)…. and what are it’s implications? ARP spoofing involves tricking a machine into thinking that you’re machine is, yet another. Let’s put this in IP address terms. Let’s say that 192.168.0.1 is the default gatway on the network and 192.168.0.150 is our target. We are given another network address – [...]

Network Security – Hub or Switch?

Monday, January 30th, 2006

So, for those that have a little bit of knowledge about network hardware, you’ve probably heard this. “You can’t sniff switched networks”…. wrong…. let’s see what this is about. Older networking hardware was dominated by what’s called a hub. This was basically a “dumb” device that when it received data, it would retransmit the data [...]

Network security – how safe is your network? Looking at ARP

Monday, January 30th, 2006

A while back I did a network security series and one of the points that I mentioned was that it’s important to know what is normal for your network. In other words, what machines are NORMALLY connected, what services are normally running, etc. Well, I’m about to start a serious look at something that makes [...]

Google
 
Web www.averyjparker.com

Switch to our mobile site