Slashdot Mirror
Researchers Hack Wi-Fi driver to Breach Laptop
InfoWorldMike writes "Security researchers have found a way to seize control of a laptop computer by manipulating buggy code in the system's wireless device driver, reports Robert McMillan. The hack will be demonstrated at the upcoming Black Hat USA 2006 conference during a presentation by David Maynor, a research engineer with Internet Security Systems and Jon Ellch, a student at the U.S. Naval postgraduate school in Monterey, California. They used an open-source 802.11 hacking tool called LORCON (Lots of Radion Connectivity) to throw an extremely large number of wireless packets at different wireless cards and see if they fail. They declined to disclose the specific details of their attack before the August 2 presentation, but said it was potentially a huge hole because exploiters could simply sit in a public space and wait for the right type of machine to come into range to attack. "This would be the digital equivalent of a drive-by shooting," said Maynor. The victim would not even need to connect to a network for the attack to work, he said."
I'm glad I still run DOS. No wireless support means I'm safe from these dirty hackers, and any sort of modern productivity.
Slashdot - where whining about luck is the new way to make the world you want.
I wonder why they haven't disclosed the details. Hopefully they contacted the card manufacturer in order to get a new driver prepared for the masses before they uncover the full exploit at the conference.
~ C.
I wonder if this could be used to attack a wired network through a venerable basestation?
lemonade was a popular drink and it still is
I'm willing to put $50 down to say that affected manufacturers include my mine.
The problem is greater than that. It's probably not a single instance of wireless drivers that has such a bug, but in fact an extremely widespread problem.
I am slowly convinced, that any larger piece of C(++)-Code which handles strings, has in fact at least one Buffer overflow.
So, what will happen. The card-manufacturer might fix the bug, nobody updates, and 20 new bugs in other drivers are found, perhaps 10 of them beeing the same bug.
What's really nice about it is that Intel recently claimed, that something like this was not probable.
So, what's the solution?
1. Educate your programmers about the programmers about the language they are using. Most people who write in C(++) don't know anything about how the language works. A C(++) Programmer without firm knownledge of assember on that plattform should never be allowed to write production-grade C(++)-Code.
2. If you cannot educate your programmers, switch your language. There are plenty of Alternatives avaliable. I mean people switched to Java for no appearent reasons. If you switch to, for example, Scheme you will get a clean object oriented language without any large speed penality.
3. Build compatible devices. Make one standard like the old soundblaster one, or the AC97 so all WLAN-cards of a certain class are buildt equal. Then you could even build WLAN functionality into the BIOS. The code would only have to be written once and therefore would be less buggy.
Given how the exorbitant price for Blackhat includes that for free, it's not like it wont appear over on the Riviera hours if not a day after.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
Er,
"Given how the exhorbitant price for Blackhat includes Defcon admission for free..." is how it should have read.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
Helps explain OpenBSD's stance on not having blobs, they'd have been able to audit the driver code, and fix it quicker to boot.
Ok, this might be a different bug; but FreeBSD fixed a remote kernel code execution bug which affected systems scanning for existing 802.11 wireless networks. The bug was discovered and reported to the FreeBSD Security Team by Karl Janmar.
Security researchers have found a way to seize control of a laptop computer by manipulating buggy code in the system's wireless device driver
Whether this is a new bug or not, it's certainly not a new type of bug.
Tarsnap: Online backups for the truly paranoid
No one will update. And I'm serious; no one .
I've been working with end users enough at uni and work to realise the most even the slightly geeky user will only ever upgrade their graphics card on their laptop when they are forced too.
This will be a huge problem no matter how you look at it full stop.
While on one hand I can't wait to get my hands on the sploit I'm just thinking how painful this will be unless Windows (and this is the only OS I'm worried about as most Linux and Mac users will get a new driver in their regular updates if they are effected) works out some way to force an update for all wireless drivers out there.
I ate your fish.
Security researchers have found a way to seize control of a laptop computer
...
They used an open-source 802.11 hacking tool
Clearly the solution for stopping people finding security holes is to make distributing open source hacking tools illegal. Isn't this already covered by the DMCA or do we need a new law?
I'll probably be modded down for this...
A native code exploit in kernel space?! GASP! Nobody saw that coming!
Now I can't use Wifi until August. Thanks a lot.
I cried real tears when Li Mu Bai died.
But attempting to update the wireless driver on my XP laptop was the one thing that invariably made it flakey necessitating painful uninstalls and reinstalls to make it happy again. If an updated driver were released I might skip it just based on the fact.
Of course I have other problems as the power socket on my laptop is now dodgy so a unit that cost ~$4000 AUD is now useless unless I want to spend ~$1500 AUD to replace its main board all for the sake of a 5 cent socket. Time for some amateur soldering!
Boffoonery - downloadable Comedy Benefit for Bletchley Park
Clearly the solution for stopping people finding security holes is to make distributing open source hacking tools illegal. Isn't this already covered by the DMCA or do we need a new law?
When open source hacking tools are made criminal, only criminals have access to security.
I thought the purpose was to find security holes and close them?
I can only hope this is supposed to be sarcastic, but it was modded +4 interesting. With no tags or marks, over the medium it's impossible to tell.
http://www.debunkingskeptics.com/
Security is an intuitive thing. I'm not saying this could be avoided, but you can bet that I've always turned off my wireless card when I'm not using it. I never heard of anyone doing this before, but I've always figured it was possible.
;-)
Unfortunately, any bit of code that runs on your computer is a potential vulnerability. The best possible solution is to minimize what's running, and update quickly if possible... but even that isn't necessarily protection. I seriously believe that the bad guys will always be one step ahead. Makes my career in security a bitch, but at least guarantees a paycheck.
That's a bad joke, please? Bad because people might get ideas. Makers of crappy devices will soon say much the same. It makes me ill.
The real solution, of course, is to avoid crappy closed source drivers. Efforts such as ndis wrapper, while a nice, bring closed source fragility to free software. Free drivers, when broken will be fixed. Good luck getting a fix for that ancient POS you bought at the CompUSA taken care of.
Sticking your head in the sand won't fix your closed source driver. Free tools will help find the problem. Not having the tool won't make the problem disappear and the kinds of people who would bother with a "drive by" will keep doing it despite any silly laws.
Friends don't help friends install M$ junk.
What's the point of thiCan you satisfi your women? cheap meds!^D^Dexiy
I guess it's not necessarily a bad thing that they do something so controversial every year, such as releasing vulnerabilities before they're fixed, but I'm beginning to wonder if they do it just for the attention. Something like this should be addressed before it's released, IMHO.
I seem to recall something similar happening at Blackhat last year, although I can't remember exactly what. All I remember is it was the talk of Defcon for the first night I was there.
Presumably you must still have WiFi turned on though. To save battery life, mine is usually off unless I'm connected.
A perfect example of why you should ALWAYS disable your WiFi adapter when you aren't using it.
So the researchers blew up the compromised laptop in a Japanese conference as proof-of-concept? Im confused.
And that's just cruel. I mean, you fried the guy's BALLS, man.
Like... nVidia "crappy" drivers, for example?
In related news, 50cent wants laptops for inner city kids.
Mr. Cent was quoted as saying: Now you can be a victim of a driveby without ever leaving the house, how gangsta is that? Mr. Cent refused to comment whether the laptop will be available with a 1000W sound system or gold plated mouse mouse options.
So, when do the researchers get formally indicted under the DMCA? It's a legitimate question.
m p/~c105JANxzK:e11962:
Contrary to the FUD spread by DMCA opponents (I am not endorsing the DMCA, merely pointing out that all sides, "good" or "bad" engage in FUD), this is perfectly legal.
Quotes are from http://thomas.loc.gov/cgi-bin/query/F?c105:6:./te
First we have the government exception:
"David Maynor, a research engineer with Internet Security Systems and Jon Ellch, a student at the U.S. Naval postgraduate school in Monterey, California."
(e) LAW ENFORCEMENT, INTELLIGENCE, AND OTHER GOVERNMENT ACTIVITIES- This section does not prohibit any lawfully authorized investigative, protective, information security, or intelligence activity of an officer, agent, or employee of the United States, a State, or a political subdivision of a State, or a person acting pursuant to a contract with the United States, a State, or a political subdivision of a State. For purposes of this subsection, the term `information security' means activities carried out in order to identify and address the vulnerabilities of a government computer, computer system, or computer network.
Then we also have a security research exemption:
`(j) SECURITY TESTING-
`(1) DEFINITION- For purposes of this subsection, the term `security testing' means accessing a computer, computer system, or computer network, solely for the purpose of good faith testing, investigating, or correcting, a security flaw or vulnerability, with the authorization of the owner or operator of such computer, computer system, or computer network.
`(2) PERMISSIBLE ACTS OF SECURITY TESTING- Notwithstanding the provisions of subsection (a)(1)(A), it is not a violation of that subsection for a person to engage in an act of security testing, if such act does not constitute infringement under this title or a violation of applicable law other than this section, including section 1030 of title 18 and those provisions of title 18 amended by the Computer Fraud and Abuse Act of 1986.
`(3) FACTORS IN DETERMINING EXEMPTION- In determining whether a person qualifies for the exemption under paragraph (2), the factors to be considered shall include--
`(A) whether the information derived from the security testing was used solely to promote the security of the owner or operator of such computer, computer system or computer network, or shared directly with the developer of such computer, computer system, or computer network; and
`(B) whether the information derived from the security testing was used or maintained in a manner that does not facilitate infringement under this title or a violation of applicable law other than this section, including a violation of privacy or breach of security.
`(4) USE OF TECHNOLOGICAL MEANS FOR SECURITY TESTING- Notwithstanding the provisions of subsection (a)(2), it is not a violation of that subsection for a person to develop, produce, distribute or employ technological means for the sole purpose of performing the acts of security testing described in subsection (2), provided such technological means does not otherwise violate section (a)(2).
I'd cut and paste more but I think readers will get the point.
I stopped using their blobs last year, the nv driver is plenty good enough. If you are concerned over your video game scores, you might consider..growing up as an alternative solution. Believe it or not, there is still a lot of "computing" you can do without blobs, and then there's meat space, where maybe you can learn to drive and work on a real car, or learn ballistics and shoot a real gun at the range, or actualy go outside and meet someone.
Videogames are being used as an excuse way way too much for continuing support binary blobs and things like MS career crooked company products.
in the 60s too much drugs and very little work
70's was too much disco and way too much really bad clothing
90's was way too much monetary greed and outright stupidity
The 2000s now are saturated with bread and circuses, despite all the real work that needs to be done and real world problems that need to be addressed-and also what happens to folks physically and psychologically (yes, admit it, it's true) when they spend the bulk of their free time sittin on their butt playing video games. Go outside once in awhile,get some exercise, stop rewarding the lard builders, humans have been kept amused for millenia without that sort of nonsense.
To me if there is an upgrade that is vital/important (and not cosmetic) users should upgrade to it. Though to me upgrades for vital/important things should only exist if the conditions 'if it isn't borken don't fix it' are met. So while I agree with you I also think that users should follow important updates and when needed upgrade. Unfortunately I'm shot down as the market doesn't follow my thinking/logic as they release utter crap as an important update so users learn to ignore them.
:P
So I agree with you in reality though in thoery I disagree.
Though while reading my, badly spelt and lacking grammar wise, post please assume I'm talking in the case of a critical update like the one in question - Which I think my logic should apply to without fail. And again, sorry grammar nazi's...I already know I've done wrong!
I ate your fish.
Don't they have Wifi too? And I bet this is old news for NSA, Mossad and the like.
Timo's Audio Software http://www.esseraudio.com
3(A) pretty much excludes full disclosure, or even any kind of public disclosure, doesn't it? Specifically "the information derived ... used solely to promote the security of the owner ... or shared directly with the developer".
http://outcampaign.org/
seems to me like this is right out of Darwin's Law.
In essense, prey evolves defenses to reduce predation.
thus predators must evolve to overcome the defenses
of the prey. same thing here.
with the hardware manufacturers (and their coders):
they've done the "get it working" and the "make it fast" steps.
Now they have to do the "get it right" step.
Understanding is much like a 3-edged-sword. in this: there are always 2 sides and the truth.
Since when was Scheme object-oriented? Also, as a Schemer, I can say that in most cases there *is* a large speed penalty involved, often on the order of a magnitude (or worse). It's much more of an issue if the speed hit matters than pretending it doesn't exist.
For the record, it is also perfectly possible to write safe C code with a good deal of rigor and some basic knowledge of the platform. You certainly don't need to know how to write at a lower level as long as you understand the concepts involved and the particular features of the hardware. People do it all the time and plenty of libraries exist to enable this.
And finally, people hardly switched to Java for "no apparent reason". It's not in the least my language of choice, but for some groups it has a distinct number of advantages over C or C++. In summary, I'm convinced you have no idea what you're talking about.
Hopefully you contacted the card manufacturer in order to get a new driver prepared for yourself before the full exploit is disclosed.
Hey don't blame me, IANAB
3(A) pretty much excludes full disclosure, or even any kind of public disclosure, doesn't it? Specifically "the information derived ... used solely to promote the security of the owner ... or shared directly with the developer".
...", this does not prevent public disclosure, fixes or workarounds developed by the FOSS community promote the security of the owner or operator.
No, I think you have greatly distored things with your snipping. Let's see it in context again. Note "the factors to be considered shall include", other factors are not ruled out. Regarding "promote the security of the owner or operator of such computer
`(3) FACTORS IN DETERMINING EXEMPTION- In determining whether a person qualifies for the exemption under paragraph (2), the factors to be considered shall include--
`(A) whether the information derived from the security testing was used solely to promote the security of the owner or operator of such computer, computer system or computer network, or shared directly with the developer of such computer, computer system, or computer network; and
`(B) whether the information derived from the security testing was used or maintained in a manner that does not facilitate infringement under this title or a violation of applicable law other than this section, including a violation of privacy or breach of security.
Again we hear of a vulnerability and again it is one which need never have existed in the first place. We know a song about that!
It's time that access to source code for device drivers was mandated by law: if hardware manufacturers will not supply the source code for their drivers, then they simply should not be allowed to sell the product. It has to be demanded from above, because of the {false, and patently so} perception that releasing driver source code or specifications might benefit competitors: if everyone has to do it then no-one will benefit unfairly.
Now, in the case of wireless devices, there is a definite possibility that the device could be reprogrammed to operate in a different way to that for which type-approval was granted. So it should be made clear that the approval covers the hardware and software as a combination, and altering the software may cause the device to operate in a non-approved manner. Just by the general principle of "innocent until proven guilty", anyone using a modified version of a device driver would only be liable for prosecution if they actually caused undesirable interference. Anyway, this is how it works in industry: type-approval procedures are published, you can certify your own products, but if at a later date they are discovered not to meet the requirements, then it's your responsibility to deal with it.
Je fume. Tu fumes. Nous fûmes!
Hacking: to make chopping strokes or blows
Tool: a handheld device that aids in accomplishing a task
An example of a hacking tool is an ax or hatchet. Almost all laptops seem vulnerable to this hacking tool. One previously unknown exploit is that this hacking tool can make a wired network into a wireless network.
Thank you and good night.
Just a typo: Lots of Radion Connectivity should read Lots of Radio Connectivity
lorcon info: http://www.802.11mercenary.net/lorcon/e .tar.gz
lorcon d/l: http://802.11ninja.net/code/lorcon-current.tgz
airbase info: http://www.802.11mercenary.net/
airbase d/l: http://www.802.11mercenary.net/code/airbase-stabl
code mirror: http://www.qcs-rf.com/slashdot
There are only 10 types of people in the world: Those who understand binary, and those who don't.
The reason that forth is such a great choice for firmware and embedded systems is twofold. First of all, it is fairly fast. There can be a lot of indirection, but it is localized to a small amount of memmory.
Second of all, and very importantly, you can fit an entire forth development environment into a few k. Might need 5-10 on these new fangled 32 bit machines. That is the whole thing, no separate compiler, runtime libraries, nothing like that. So, in the time it takes to study the gcc source enough to start porting it to a new architecture, you can write a complete forth interpreter in assembly, burn it to an eprom, and start talking to your new architecture over a serial line.
And as you might expect, much like C, the bare metal is open to you. ! and @ are the commands to store and fetch variables. But they don't just work for variables, they work for any address you want to pass them.
Actually, you're wrong.
Lawrence Lessig in his book called Free Culture (freely downloadable in pdf, google it) details how is this broken.
The researchers are able to research, but they are not able to publish their findings. So they can't share what they've learned legally. This is the difference between theory and practice.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
This is why I hang out on slashdot. If you'll recall, I commented about this a while ago. Frankly, I can't wait to see the presentation and the ensuing fallout.
Your sig(k) has been stolen. There is a puff of smoke!
...about those RDMA-enabled ethernet cards?
There's no failure quite as dissatisfying as a complete and total solution to the wrong problem.
I can follow everything in the article but this: The two researchers used an open-source 802.11 hacking tool called LORCON (Lots of Radion Connectivity) to throw an extremely large number of wireless packets at different wireless cards. Wouldn't you need to know the adress and presence of the card before you can throw packets at it? Not every card uses Ad-Hoc mode, most of them only try to find access points to connect to hence not even responding to non-related traffic. I find the lack of such essential details "puzzleing" and given my cynical nature I can't help wonder if this isn't but a big scheme to get people to attend the conference. I know I won't :-)
I've been working with end users enough at uni and work to realise the most even the slightly geeky user will only ever upgrade their graphics card on their laptop when they are forced too.
Well considering upgrading the graphics card would take, at the least, a large amount of disassemly and soldering on 99.9% of laptops maybe it's a good thing end users don't try ....
More seriously a lot of the problems with laptops is that vendors, nvidia, ati, intel, et al will not ship drivers for the parts used in laptops, instead they provide them to the laptop vendors. Who, after a year, stop bothering. Trying to find an up to date video driver for my Toshiba is next to impossible, because Toshiba never released any, so I'm stuck with a driver that's well over a year old and has problems in some games. But their viewpoint is, of course, only support the latest and greatest, make people update the hardware. The only hope you have are the people out there who hack the standard driver packages to work with laptop vendor specific device IDs.
If MS had followed through on the idea of including cerified drivers in windowsupdate it would have solved a lot of problems, but very few vendors support it.
... is starting to look a lot better every day.
> Just think of the many DOS 3D-graphics libraries written in Pascal.
The Borland libraries were written in C and assembler. They had a bit of pascal glue so that you could do graphics from TP/BP.
> Their whole firmware is written in Forth.
Only little more than is needed to post, for example the analogue of a VGA BIOS. Later in boot drivers provided by the OS take over.
> TV during the 80s you have probably seen 3D graphics going through a system entirely written in LISP, the LISP-machine.
What!? Some of the Symbolics Lisp Machines were used for animation, but the vast majority (of the small number made) were used for AI research, but that is tangental.
Further is your serial port driver going to be solving mazes or replacing mathmatica anytime soon? Also I use make for much more than compiling C programs. Funny how that that is, make has the single good idea from prolog and is useful outside toy experiments in computational logic.
Basically the reason drivers are written in C is that it is much like using assembler but with the benefit of being massively more portable.
The Open Firmware on PPC Macs is only used while booting. When Mac OS X loads, it loads its own drivers (written in C most likely).
4. executing the drivers with substantially reduced privileges.
Not to ignite the usual microkernel vs. monolithic discussion but executing the driver in userspace would result in a lot less damages in case the driver gets hacked.
Actually, I'm starting to think that any such information to the manufacturer should be disclosed only if the drivers are released as open source. That way, white hats could even submit the fixes.
And otherwise, if they choose to keep their secrets, the hackers should, too, that's only fair. Let the closed driver companies deal with their own problems, after all that is what they asked to do!
It's time that access to source code for device drivers was mandated by law: if hardware manufacturers will not supply the source code for their drivers, then they simply should not be allowed to sell the product
I don't buy it. First, do you really trust the legislative process to meaningfully define (for actual, real-world use in an industry moving 5000mph) terms like "device" and "driver?" It's bad enough when a judge decides to get involved in discussing what is, and is not part of an operating system, as if such things weren't ever going to change.
I'd rather let demonstrably crappy manufacturers get the reputation they deserve, and let the market sort it out. Don't buy hardware from people whose practices your don't like.
Further: what possible guarantee is there that drivers, having been open-sourced, will go out the door without any vulnerabilities? The concern here isn't whether the bug(s) will be fixed (it/they will), but whether everyone will patch. That concern would still be there even if the same open-source world that has produced all sorts of other buggy/vulnerable releases/products had access to drivers for something produced and shipped in a very short design/marketing life cycle. None of those risks go away, but in your scenario, you now have congress-creatures (egads!) talking about which hunks of code are, or are not "drivers." Now that is a vulnerability I can do without.
Don't disappoint your bird dog. Go to the range.
I found some of the posts very funny, but there was little meat in posts. I guess the details are too thin to have anything concrete, however we need quite a few questions answered:
Have card vendors been notified?
Have the vendors responded?
Are the vendors planning on releasing updated drivers?
Will updates be provided before August (I hope so)?
Does this affect only Windows, or is Linux vulnerable if ndiswrappers are used with these cards?
Can this be used to install a rootkit on Linux?
Are there any fully open source Linux drivers that work with these cards (ready or in development)?
Does this problem exist with open source Linux drivers as well?
I, for one, have had a very skeptical view of wireless, but like it for its simplicity and ease of use at home. It allows me to really use my laptop as a laptop (of course, after the Japanese exploding laptop, that is in question). We really need microkernel-like isolation for network drivers (separate address space, not kernel's space).
Better to use a persistent link: H.R. 2281.
Note that you didn't post reference links, so let's examine that restricting (a)(2) section.
(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that--
(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
(B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or
(C) is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.
Clearly, publishing this research would violate this clause as it is a service that is primarily designed to circumvent a technological measure, AND has limited commerical value---violating both (a)(2)(A) and (a)(2)(B).
The DMCA is widely loathed for a reason.
No, but sticking your laptop in the sand might protect you from this remote exploit.
-- It only takes 20 minutes for a liberal to become a conservative thanks to our new outpatient surgical procedure!
If you find a flaw in an application on my computer that would expose data or worse, I want to fucking know about it!!! Vendor, my ass, tell the users so they can take steps to mitigate the problem, even if it means not running an app or (in the case of OS or network code) yanking the ethernet.
As it is, if you're using wi-fi (what a stupid stupid word) you can't know if you're vulnerable or not.
Worse, not only are they not telling what product(s) is/are affected, they said how they found the vuln. You can bet your britches that somebody else knows.
To hell with the vendor, tell me first. If I know that there is a serious flaw in (for instance) Firefox, I can simply switch to a different browser temporarily.
Instead of protecting the vulnerable equipment's/driver's vendor against monetary loss, protect ME against data loss. The flaw isn't my damned fault and I shouldn't have to suffer for it.
If I know about the vuln I have choices.
Now, to be safe you have to not use wi-fi whether your machine is affected or not. This is incredibly irresponsible.
Of course, you wouldn't expect the atendees of a black hat conference to be responsible, upstanding folk, would you?
(MRC="external"
I still think the security research exemption is pretty narrow. Note the use of the word "solely" before the phrase "promote the security of the owner or operator of such computer...". It would seem to me that if you disclosed the exploit at a 'Black Hat' conference, you would pretty much blow the 'solely promoting security' exemption out of the water.
My reading of the exemption -- and which I believe is the safest reading, in the absence of good guidance by the courts on this matter (that I am aware of) -- is that you're allowed to conduct security testing, and then use the results of such testing to harden your own systems, or communicate with the developer to fix the hole, but that if you were to publicly disclose it, then you might lose your defense that the testing was for the 'sole purpose' of hardening your system or fixing the software, and was instead being done for personal gain via publicity, etc.
Basically, the DMCA was not written with the idea of OSS in mind; most of the exemptions including the security/research ones are designed to cope with software written by commercial develeopers that is closed source, with a clear reporting chain that bugs can be submitted to in order for the software to be fixed, without full public disclosure being necessary or desirable.
That doesn't mean that a court might not find that full public disclosure was permitted under the security exemption, but there's also the possibility, if you got a judge who insisted on an absolutely strict interpretation and was totally ignorant of OSS issues, that they might not, and depending on how the disclosure was handled, the researcher/s could find themselves in hot water.
I don't think the issue is quite as clear cut as you're making it out to be.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I use linux, no one can break into my computer, those blobs are super secure...
Q:How many prolog programmers does it take to screw in a
lightbulb?
A: No.
Source must be provided for inspection. (if we're going to have patents, there's got to be some way to spot violations, right?)
Then we give customers certain rights in the event of an emergency (security hole in the firewall software, data corrupting bug in the business-critical database, etc.) and in the event that the supplier becomes unable to sell more licenses (bankrupcy, etc.).
Announcing this NOW but delaying the actual results until AUGUST will just mimic the "Patch Tuesday" effect only in spades.
The real black-hats who were working on other projects will read this, shift gears, and reproduce the attack within a week or so even without any more details.
A more responsible solution would be to either wait until a patch was released, or if the companies dragged their feet about it, give the companies a month or two's lead time then publicly announce the paper's release along with a list of cards affected, then a few days later release the full paper. This gives the companies some lead time to fix the problem and the customers a few day's lead time to replace or disable their wireless devices without giving the black-hats enough time to cause widespread damage.
Now, suppose these guys actually told the companies about this in May. Fine. But do we really have to give the black-hat community over a month to develop an exploit? No. Release the paper or at the very least the names of the affected cards later this week at the earliest.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
And I thought the remote hacking in "Splinter Cell: Chaos Theory" was far-fetched...
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
http://jnode.org/
Regards,
Steve
The researchers are able to research, but they are not able to publish their findings. So they can't share what they've learned legally. This is the difference between theory and practice.
"whether the information derived from the security testing was used solely to promote the security of the owner or operator of such computer, computer system or computer network"
It does sound as if, at a minimum, you can disclose the problem to people who have that system. In an odd way it's similar to the GPL, you do not have to give source to someone who is not a user of your software.
Clearly, publishing this research would violate this clause as it is a service that is primarily designed to circumvent a technological measure, AND has limited commerical value---violating both (a)(2)(A) and (a)(2)(B).
`(3) FACTORS IN DETERMINING EXEMPTION- In determining whether a person qualifies for the exemption under paragraph (2), the factors to be considered shall include--
`(A) whether the information derived from the security testing was used solely to promote the security of the owner or operator of such computer, computer system or computer network, or shared directly with the developer of such computer, computer system, or computer network; and
`(4) USE OF TECHNOLOGICAL MEANS FOR SECURITY TESTING- Notwithstanding the provisions of subsection (a)(2), it is not a violation of that subsection for a person to develop, produce, distribute or employ technological means for the sole purpose of performing the acts of security testing described in subsection (2), provided such technological means does not otherwise violate section (a)(2).
I honestly do not believe it is all that clear. From (3)(A) it seems that at a minimum you could publish to owners and users even when taking the narrowest interpretation. Under (4) it seems you could publish a test case for people to use on their own systems.
They probably meant Common Lisp's Object System, failing to differentiate CL and Scheme. However, what's the difference really between an actor and an object? There's no MOP involved, but you still end up with instanciation, and heck you can even do inheritence.
what the hell is a 'junk character', anyway?
Ummm who dies if you hack a laptop? Lets not make it sound worse then it is. Thats as bad as calling 'piracy' a form of terrorism.
---- Booth was a patriot ----
Its more like "we weren't stupid enough to add a hole like that to our OS in the first place". They don't use binary drivers from vendors, so your first thought is out. And the second one doesn't even make sense, there's nothing for them to have fixed.
"count the percentage of open/closed source drivers that are vulnerable"
You mean count the number of good versus crappy drivers that are vulnerable, and report who they are, no matter the source or process, don't you?
Just because OS is a good development method doesn't mean it cranks out great code every time.
Behold, this dreamer cometh. Come now, and let us slay him... and we shall see what will become of his dreams.
I've been hoping for Linux to come around for about 8 years now... and to DATE... I still cant get a version that doesnt have some kinda GCC compile error, or missing files needed for my Linux lunch, therefore, I, Linux, am going on strike... yadda yadda yadda...
Dammit, I am dearly hoping that Linux will come together SOMEDAY... but dont even for a second consider that Linux updating utilities are going to fix a driver problem in any way shape or form! At least not RELIABLY... I have three distros running at home and its mainly because I want to maintain a general feel for the progress of Linux so I am ready to use it when it is ready to be used.
But for now... the HD TV entertainment/DVD watching machine is XP, the Gaming machine is XP, the work machine for Office and Email and IMs to coworkers is XP, the Server for my little Website and Email is XP with its single instance IIS running flawlessly for over a year now, the domain server to limit access to shares at home is Server 2003, my Laptop for surfing the internet from the patio via 802.11g is XP, the two machines for the kids are XP and my Lady's laptop is XP. Why, because nothing else reliably works!
Quit singing the Linux song... it DOESNT WORK!
It ONLY works for UBER geeks who are the male version of teenage wannabe princess drama queens... whose lives are never complete unless something needs to be fixed and it stands to take a crisis management team to accomplish it.
Linux Schminux... I HATE Microsoft... but it WORKS... and thats more than you can say for Linux.
Quit singing that Linux song, learn to CODE and FIX LINUX ALREADY! MAKE IT WORK!
You want protection? You're supposed to get a patent.
Time "obscuring the derivitive nature of what you're producing" is wasted time. You don't need to hide any ideas, and you can't hide any code. The innovator should be working on the next big thing, which will make his old product obsolete.
In any case, it's the overall well-being of society that counts. This includes the economy, which would certainly benefit from the extra competition.
House is an operating system written in Haskell.
Given how the exorbitant price for Blackhat includes Defcon admission for free, it's not like it wont appear over on the Riviera hours if not a day after.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
> "This would be the digital equivalent of a drive-by shooting,"
Umm.... More like sitting on a corner with your gun in hand, waiting for a Red Pontiac Grand Am to Drive by. Of course, we don't know what model was affected, so it could be "any American car," or it could be "Lavender Peugots"
If you're talking about their network drivers, you're completely right. If you have an nForce card, use the open-source drivers--forcedeth for Linux and OpenBSD's nfe for BSD variants. Their video drivers are pretty good although nv is always getting better.
Please, for the good of Humanity, vote Obama.