CRIME FW: [Cyber_threats] Daily News 01/09/03

From: George Heuston (GeorgeH@private)
Date: Thu Jan 09 2003 - 18:13:33 PST

  • Next message: Jerry Wheeler: "CRIME FW: CRIME حتى الآن 17 فائز فى مسابقة ملونير ايجيبت"

    -----Original Message-----
    From: NIPC Watch [mailto:nipc.watch@private] 
    Sent: Thursday, January 09, 2003 8:59 AM
    To: Cyber Threats; Information Technology
    Subject: [Cyber_threats] Daily News 01/09/03
    
    
    January 06, Computerworld
    American Airlines secures wireless LANs in Denver. Last January it was
    discovered that the wireless local area networks (LANs) American
    Airlines Inc. had been operating at their Denver International Airport
    (DIA) terminal were highly vulnerable to hackers. White Hat Technologies
    Inc., a Colorado-based security firm, found they had been operating
    without any encryption and had even pasted the IP addresses of curbside
    terminals on the monitors. A test at DIA on December 20 by White Hat was
    unable to detect a single airline wireless network operating without
    encryption protection, said Thubten Comerford, CEO of White Hat. In
    addition, American had not only removed the IP addresses from its
    OneStop self-service kiosks, but it had also added Cisco Systems Inc.'s
    Lightweight Extensible Authentication Protocol (LEAP) authentication
    technology on top of the standard 40-bit Wired Equivalent Privacy (WEP)
    encryption. LEAP is an authentication algorithm that leverages the
    802.1x framework and provides dynamic, per-user WEP keys to protect data
    in transit. On the downside, Comerford said the recent test of the DIA
    facility still managed to pick up a suspected rogue access point (AP),
    as well as a significant number of vulnerable wireless transmissions
    emanating from public traveler lounges and frequent-flier clubs
    throughout the airport. "The biggest danger at DIA is the sniffing of
    sensitive information being transmitted by travelers. Few, if any,
    airports have addressed this security vulnerability, [and] few airports
    or airlines warn travelers of the danger of using the wireless
    networks," Comerford said. Source: http://www.idg.net/go.cgi?id=779363
    
    January 06, CERT/CC
    CERT Vulnerability Note VU#412115: "Network device drivers reuse old
    frame buffer data to pad packets". The Ethernet standard (IEEE 802.3)
    specifies a minimum data field size of 46 bytes. If a higher layer
    protocol such as IP provides packet data that is smaller than 46 bytes,
    the device driver must fill the remainder of the data field with a
    "pad". For IP datagrams, RFC1042 specifies that "the data field should
    be padded (with octets of zero) to meet the IEEE 802 minimum frame size
    requirements." Researchers from @stake Inc., a digital security company
    in Cambridge, Mass, have discovered that, contrary to the
    recommendations of RFC1042, many Ethernet device drivers fail to pad
    frames with null bytes. Instead, these device drivers reuse previously
    transmitted frame data to pad frames smaller than 46 bytes. This
    constitutes an information leakage vulnerability that may allow remote
    attackers to harvest potentially sensitive information. Depending upon
    the implementation of an affected device driver, the leaked information
    may originate from dynamic kernel memory, from static system memory
    allocated to the device driver, or from a hardware buffer located on the
    network interface card. Source: http://www.kb.cert.org/vuls/id/412115
    
    Virus: #1 Virus in USA: WORM_KLEZ.H
    Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus
    Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
    United States]
    
    Top 10 Target Ports: 137 (netbios-ns), 1433 (ms-sql-s), 80 (http), 139
    (netbios-ssn), 445 (microsoft-ds), 4662 (???), 135 (???), 21 (ftp), 53
    (domain), 25 (smtp) Source: http://isc.incidents.org/top10.html;
    Internet Storm Center
    
    _______________________________________________
    Cyber_Threats mailing list
    Cyber_Threats@listserv
    http://listserv.infragard.org/mailman/listinfo/cyber_threats
    



    This archive was generated by hypermail 2b30 : Fri Jan 10 2003 - 10:47:47 PST