Académique Documents
Professionnel Documents
Culture Documents
code is found, web admins should immediately change all FTP passwords, then
attempt to preserve all logs from the FTP
daemon and web server processes before
running a cleanup script or restoring from
backups. These logs will prove invaluable
in post-mortem analysis and may help
stress the importance of safe computing
procedures by all FTP account holders.
Finally, I cant stress enough the value
of regular, full backups of mission-critical
website code. Infections such as this one
can be cleaned up with scripts, but that
isnt always the case. The best way to protect yourself is to preserve a copy of the
infected code for later analysis, then rapidly
remove any infected pages, replacing them
with code from a known-good source.
2.
3.
4.
References
1. Symantec Security Response and
Hayashi, Kaoru. New Obfuscated
Scripts in the Wild: /*LGPL*/.
Symantec Connect. 8 January 2010.
Symantec. 10 January 2010. <http://
www.symantec.com/connect/blogs/
5.
new-obfuscated-scripts-wild-lgpl>
Unmask Parasites. From Hidden
Iframes to Obfuscated Scripts. Unmask
Parasites. Blog. 23 Dec 2009. 10 January
2010. <http://blog.unmaskparasites.
com/2009/12/23/from-hidden-iframesto-obfuscated-scripts/>
Virustotal.
Virustotal.
MD5:
b6e81eeb807fb07bde48be6b8b5bdead Trojan Horse a variant of Java/
Tro j a n Dow n l o a d e r. A g e n t . N AC
Trojan:Java/Selace.K Virustotal. 10
January 2010. 10 January 2010. <http://
www.virustotal.com/analisis/65b5e1b3a
7376e7c8cd293ebce7a1496f9fcf096554
7e367cd7a2ab5eb56baaf-1263710824>
Adobe. Security Bulletin APSB10-02
Security Advisory for Adobe Reader
and Acrobat. Adobe Security Bulletin.
12 January 2010. 12 January 2010.
<http://www.adobe.com/support/security/bulletins/apsb10-02.html>
JustCoded.
Gumblar-family
virus removal tool JustCoded. 22
December 2009. 12 January 2010.
<http://justcoded.com/article/gumblar-family-virus-removal-tool/>
Network Security
February 2010
WIFI SECURITY
nals. Even if these signals are encrypted,
access to the data inside is only delayed
as long as the encryption key remains
uncompromised. It is sensible to assume
that a key can be found eventually.
DDoS
A second attack against wireless networks is denial of service. Unfortunately,
this is very easy to achieve. In fact, the
very prevalence of wireless technologies can cause denial of service due to
the frequency allocations assigned. The
radio frequency bands used by WiFi networks are 2.4Ghz and 5Ghz. The lower
frequency band particularly is an open
access range that has been made available
for low power use by licensed manufacturers. The end user of the equipment
does not require a licence at the point of
use provided that the power output of
the equipment does not exceed specified
power output.
There are not many of these open
access bands available in the crowded
allocated frequency spectrum2. This
means that vendors of business and consumer radio equipment prize this range
alike. The 2.4Ghz range is not used by
any other more important licensed
radio technologies because it is the harmonic frequency at which water molecules vibrate. This is the way in which
microwave ovens work. They excite the
water molecules inside the food to be
heated at 2.4Ghz. These excited molecules exhibit this additional energy as
heat; the food gets hot and cooks. This
phenomenon can cause problems for
radio transmissions in this frequency
range. If the atmosphere contains a large
amount of moisture (such as in a steamy
kitchen or factory floor) it can become
opaque to these radio waves.
Common technologies using this
frequency range are WiFi, HyperLAN,
Bluetooth, DECT, low-power remote
control of toys such as miniature model
aircraft and cars and microwave ovens.
This over allocation may cause some
disruption and collision between technologies using this frequency range.
In practice, there is surprisingly little
perceived interference because the radio
technologies in use layer error correction
February 2010
Microwave attacks
A second more effective if dangerous
attack is to use an unshielded microwave
generator such as that found in an oven.
This would provide some 800 watts of
output as opposed to a typical WiFi network at five watts maximum; the effect
on WiFi networks would be devastating.
While this sounds extreme it is entirely
possible that this kind of attack might be
used against a city block where the density of wireless networks affected would
be highest.
The third main attack against a wireless
network is to gain unauthorised access.
This attack is widely perpetrated against
home wireless users because a large
number of them do not use any mechanism to secure access to their network.
For most consumer networks, the primary aim of wireless networking is to
allow one more laptops to connect conveniently to a shared internet connection.
If no protection mechanisms are configured then anybody with a suitable wireless device can use that same internet connection for free. Why pay for broadband
yourself when you can borrow bandwidth
from a neighbour? Once worry is that
any illegal activities carried out by the
unwanted visitor using the network can
be attributed to the subscriber.
There is an even more sinister aspect
to this attack even in the home environment, however. Using wireless it is
fundamentally possible to gain access to
systems connected to the target home
Network Security
WIFI SECURITY
the IEEE 802.11 standard as ratified in
19975. It provides data encryption and
access control via authentication. It has
since been shown to exhibit a flawed
design.
Network Security
Cloud-based cracking
Recently, a WPA cracking service running
on a cloud based computing platform has
been released. A user of the service needs
to upload a set of packet data that is then
compared to a set of WPA rainbow tables.
February 2010
WIFI SECURITY
At the time of writing the price of a
cracking run is $17 or $35 depending on
the service level chosen9.
The second mode of operation is an
enterprise model where an Extensible
Authentication Protocol (EAP) module
is used to improve the authentication of
WiFi network clients. EAP is an authentication framework that supports the use
of 802.1x network access control10,11.
This mode of operation is much stronger
in practise than WPA-PSK, but it of
little use to the average home user or
smaller business that does not have the
necessary investment in 802.1x VLAN
capable switches and NAC devices.
In 2008, a flaw was discovered in
TKIP. This is based on a known problem
with the WEP algorithm. The attacker
monitors network traffic until an address
resolution protocol (ARP) packet is captured. An ARP is easily distinguished
even when encrypted. An ARP request
uses a broadcast MAC address as the
destination and is a very short packet.
Using a statistical attack, it is possible
to derive the unknown parts of the ARP
packet. This attack takes just under a
quarter of an hour to work because it
triggers the sixty second network timeout
built into MIChael a number of times
as various keys are computed based on
responses from the protocol. Once this
has been achieved, it is possible to inject
malicious packets into the network12.
WPA2
WPA2 fully implements the IEEE
802.11i standard, including a replacement for TKIP based on the AES block
cipher. This improvement is known as
CCMP13. This protocol, as the time of
writing, is considered fully secure. It is
recommended that all networks implement WPA2 where possible. However, in
practical terms the majority of Windows
XP laptops that the author has encountered do not have the optional WPA2
client software installed.
The installation of this update requires
administrator rights on the laptop in
question meaning that it is unlikely to
be a field upgrade for already deployed
laptops. Newer versions of Windows and
Mac OS X inherently support WPA2.
February 2010
Network Security
11
MOBILE SECURITY
References
1. 802.11, Wikipedia, Jan 25 2010
<http:/ / en.wiki p e di a . or g /wi ki /
IEEE_802.11>
2. UK Frequency Allocation Table,
National Frequency Planning Group,
2008 <http://www.ofcom.org.uk/
radiocomms/isu/ukfat/ukfat08.pdf>
3. Man arrested over wi-fi theft, BBC
News, August 22 2007, http://
news.bbc.co.uk/1/hi/england/london/6958429.stm
4. Communications Act 2003, Office
of Public Sector Information, 2003,
<http://http.hmso.gov.uk/acts/
acts2003/20030021.htm>
5. IEEE Std 802.11-1997 Information
Technologytelecommunications And Information exchange
Between
Systems-Local
And
Network Security
February 2010