Focus on Apple
Re: Hijacking a Macbook in 60 Seconds or Less Aug 10 2006 11:50AM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (1 replies)
Re: Hijacking a Macbook in 60 Seconds or Less Aug 10 2006 03:11PM
Howard Oakley (h oakley btconnect com) (4 replies)
Re: Hijacking a Macbook in 60 Seconds or Less Aug 11 2006 12:23PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (1 replies)
Re: Hijacking a Macbook in 60 Seconds or Less Aug 11 2006 03:22PM
Roy Atkinson (roy atkinson jax org) (2 replies)
Re: Hijacking a Macbook in 60 Seconds or Less Aug 11 2006 06:51PM
Chris Pepper (pepper reppep com) (1 replies)
RE: Hijacking a Macbook in 60 Seconds or Less Aug 11 2006 08:10PM
Todd Woodward (todd_woodward symantec com) (1 replies)
Re: Hijacking a Macbook in 60 Seconds or Less Aug 11 2006 09:31PM
Sam Pierson (samuel pierson gmail com) (2 replies)
Re: Hijacking a Macbook in 60 Seconds or Less Aug 11 2006 10:05PM
Howard Oakley (h oakley btconnect com)
RE: Hijacking a Macbook in 60 Seconds or Less Aug 11 2006 09:50PM
Todd Woodward (todd_woodward symantec com) (1 replies)
Re: Hijacking a Macbook in 60 Seconds or Less Aug 12 2006 09:12PM
Bill Weiss houdini+focus-apple (at) clanspum (dot) net [email concealed] (houdini+focus-apple clanspum net) (1 replies)
Re: Hijacking a Macbook in 60 Seconds or Less Aug 14 2006 07:04AM
fwa266m mac com (1 replies)
Re: Hijacking a Macbook in 60 Seconds or Less Aug 14 2006 01:36PM
David Maynor (dmaynor gmail com) (1 replies)
Re: Hijacking a Macbook in 60 Seconds or Less Aug 14 2006 01:59PM
Massimo Marino (fwa266m mac com) (1 replies)
Re: Hijacking a Macbook in 60 Seconds or Less Aug 14 2006 03:08PM
David Maynor (dmaynor gmail com) (1 replies)
Re: Hijacking a Macbook in 60 Seconds or Less Aug 15 2006 08:51AM
Nicolas RUFF (nicolas ruff gmail com) (1 replies)
Re: Hijacking a Macbook in 60 Seconds or Less Aug 15 2006 01:01PM
David Maynor (dmaynor gmail com) (1 replies)
Re: Hijacking a Macbook in 60 Seconds or Less Aug 20 2006 07:21AM
Nicolas RUFF (nicolas ruff gmail com)
Re: Hijacking a Macbook in 60 Seconds or Less Aug 11 2006 05:36PM
Sam Pierson (samuel pierson gmail com)
Re: Hijacking a Macbook in 60 Seconds or Less Aug 10 2006 06:42PM
Paul Schmehl (pauls utdallas edu)
Howard Oakley wrote:
> On 10/8/06 12:50, Radoslav Dejanoviæ wrote:
>
>> This IS really bad for companies, for they can throw away their security
>> measures if all it takes to get the data is a vulnerable computer
>> reachable from the car parked outside the well guarded building.
>
> How many corporates actually use wireless networking inside their firewalls
> etc.?
>
> Unless they have very remote locations, I'd certainly never advise them to.
>
Why is that?

We run and 8021.x wireless network on our entire campus. It's
accessible from anywhere, inside or outside, and fully encrypted with
AES and rotating keys (every 15 minutes.)

This exploit makes all that security null and void.

And I'd venture to say there are quite a few companies around the world
that have wireless networks inside their firewalls. Almost all of edu does.

--
Paul Schmehl (pauls (at) utdallas (dot) edu [email concealed])
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
0? *?H?÷
 ?0?1 0 +0? *?H?÷
 ?N0?Ø0?A Aì=§?ÄöÕ ÝÑe0
 *?H?÷
0Á1 0 UUS10U
VeriSign, Inc.1<0:U 3Class 2 Public Primary Certification Authority - G21:08U 1(c) 1998 VeriSign, Inc. - For authorized use only10U VeriSign Trust Network0
990331000000Z
090330235959Z0ê1'0%U
The University of Texas System10U VeriSign Trust Network1;09U 2Terms of use at https://www.verisign.com/rpa (c)991200U )Class 2 CA - OnSite Individual Subscriber1-0+U$The University of Texas at Dallas CA0?0
 *?H?÷
0?¿êï?ë
Áù"ÁÑÁÌÛzÚ¾6Òp`0`åàS/5ôɨ)ÖÞ=ó?d}¾Ñ?Tx?ÿ¢xñû?«Ãü?LÂIA
áÀÒ¥×ü~ÿBQNtóÕhs¥]1øæ)%c¨#?Dj?°9ñïÛFXú¸ÏKózÁ¢I??#Cº?2?£¥0¢0
)U"0 ¤010UPrivateLabel1-1400 `?H?øB0DU =0;09 `?H?øE0*0(+https://www.verisign.com/RPA0U
0ÿ0 U0
 *?H?÷
S µÜ²¶?Ñ P?É8yÜȲI¿¸S?o?̲äz|ü£è_a^_??ZÒ?"ñ¼íñT¶T¦T¡T¼iÇ!7¢?9?§¬ ?è?]?
H9Y?$ C¼??Ü?táæã¾j¤?11#%?¯º,Q?Y¦£?Ò´ÎT0?s0?Ü 0?8âöØúÇ'Æ?EÐÀ0
 *?H?÷
0ê1'0%U
The University of Texas System10U VeriSign Trust Network1;09U 2Terms of use at https://www.verisign.com/rpa (c)991200U )Class 2 CA - OnSite Individual Subscriber1-0+U$The University of Texas at Dallas CA0
060721000000Z
070721235959Z0ô1'0%U
The University of Texas System1-0+U $The University of Texas at Dallas CA1F0DU =www.verisign.com/repository/CPS Incorp. by Ref.,LIAB.LTD(c)9910U Mail Stop - UTD10U Paul Schmehl1!0 *?H?÷
 pauls (at) utdallas (dot) edu0 [email concealed]?0
 *?H?÷
0?«P? L;帽?¿ÿN?C4ÓÝj¿©DQ?BùTÍn?"Î?æQ?#Ç>ª¯DéÙ2+Ù³¤±E:
??¸z??8?ù"Ö"è½ÎpXµX
 ?±ù
â$¶3\?
­Z?³µ%÷öÍïn;õv»¢èwfcÅ?í¡b?F?¥£? 0?0 U00U0pauls (at) utdallas (dot) edu0 [email concealed]?$U ?0?0? `?H?øE0?0++https://www.verisign.com/rpa-
kr0Ò+0ÅÂNOTICE: Private key may be recovered by VeriSign's customer who may be able to decrypt messages you send to certificate holder. Use is subject to terms at https://www.verisign.com/rpa-kr (c)99.0 `?H?øB?0uUn0l0j h f?dhttp://onsitecrl.verisign.com/TheUnive
rsityofTexasSystemTheUniversityofTexasatDallasCA/LatestCRL.crl0 U
 0U%0++0
 *?H?÷
5ð·
ku¶ºCO\ê¹ïG?ìEzBü?³^¬À?÷¥2üë&Ö?JFâ ?ЪuPPé̲ù+Ê%?ÝÌ&©mT¼¶¦ûÇh
?û¦°}ò?Í?Q??©°ú+büWýè÷ÅÏqXXJȨ¯ÆV6UÕ!ת ¸0?÷0?` G@±-
¸ñ ? µ_=c0
 *?H?÷
0ê1'0%U
The University of Texas System10U VeriSign Trust Network1;09U 2Terms of use at https://www.verisign.com/rpa (c)991200U )Class 2 CA - OnSite Individual Subscriber1-0+U$The University of Texas at Dallas CA0
060721000000Z
070721235959Z0ô1'0%U
The University of Texas System1-0+U $The University of Texas at Dallas CA1F0DU =www.verisign.com/repository/CPS Incorp. by Ref.,LIAB.LTD(c)9910U Mail Stop - UTD10U Paul Schmehl1!0 *?H?÷
 pauls (at) utdallas (dot) edu0 [email concealed]?"0
 *?H?÷
?0?
?¸lðíSvN½Ùê7·a_^
¬e7@Ëm#¼eþqb ?fjl2íO'©?·R?,ǹàg<Ò?©÷SÒ?0Âò?}F,¾hz ÒÄlþ?NrÔFæÊ?x¬ÖìlÀPe§Û9TS¢$ú?
1Ǥà=?¿:.ãnáÆè×iü¬£ÎJÜ®¢md)?1¼ÖtÁé'?¼áfm8Z?É?«±§P?\/(=&ü?h<|Q?
ýqºBâë&à?ìÅâ§P¡Çv)cfÉO>¥ ó96S)Çtä?ÉU_õp\?ý´óßZ?
ÝÙI]® ñK?e??zc¯Æ·!ÐÓ £? 0?0 U00U0pauls (at) utdallas (dot) edu0 [email concealed]?$U ?0?0? `?H?øE0?0++https://www.verisign.com/rpa-
kr0Ò+0ÅÂNOTICE: Private key may be recovered by VeriSign's customer who may be able to decrypt messages you send to certificate holder. Use is subject to terms at https://www.verisign.com/rpa-kr (c)99.0 `?H?øB?0uUn0l0j h f?dhttp://onsitecrl.verisign.com/TheUnive
rsityofTexasSystemTheUniversityofTexasatDallasCA/LatestCRL.crl0 U
?0U%0++0
 *?H?÷
=Pjcrª?:%ºs#NèÜ?EÈÈ´RB֐Ó)'ÖW¥ÉTѹ?v>Ï!É?og<\ê/¦?
ò?fb¸h¯!¦Â`úØ???õ?/)#ìD??»»3ø?J´Í}ÌÀ36'3?u?zÝ?¯©bn?Ku9¤ô|
MG1?0?0ÿ0ê1'0%U
The University of Texas System10U VeriSign Trust Network1;09U 2Terms of use at https://www.verisign.com/rpa (c)991200U )Class 2 CA - OnSite Individual Subscriber1-0+U$The University of Texas at Dallas CAG@±-¸ñ ? µ_=c0 + ?Ý0 *?H?÷
 1  *?H?÷
0 *?H?÷
 1
060810184258Z0# *?H?÷
 1ð þ?Ü;?Ä?D%³ox¢0R *?H?÷
 1E0C0
*?H?÷
0*?H?÷
?0
*?H?÷
@0+0
*?H?÷
(0? +?71?0ÿ0ê1'0%U
The University of Texas System10U VeriSign Trust Network1;09U 2Terms of use at https://www.verisign.com/rpa (c)991200U )Class 2 CA - OnSite Individual Subscriber1-0+U$The University of Texas at Dallas CA0?8âöØúÇ'Æ?EÐÀ0? *?H?÷
  1? ÿ0ê1'0%U
The University of Texas System10U VeriSign Trust Network1;09U 2Terms of use at https://www.verisign.com/rpa (c)991200U )Class 2 CA - OnSite Individual Subscriber1-0+U$The University of Texas at Dallas CA0?8âöØúÇ'Æ?EÐÀ0
 *?H?÷
?,kf?Q;_Ñ?êFk÷(?ÝÆ ßòÝ'c¥ñ?Gc?2«­`?gã~­g§¸`×Û?.?"¥çøì]?4û?#$z°³"érÛ?ñ]ÕöÔì¶
3"ýf¼6)?Êa?%Uú©_ Q¦m.ì9Oñ?F¼ûÃ/µÅï|Ñê?æ¬? °?þ}Ï8>T?õ^òÊ[mØR?3h?r÷
MO
xËýwF¸Éɬ6LÎÁJSDÔqboÏ?gÏæ
Íìõ?u?Ë`jBG¬(C?D¨¤:pξ}v.NR?ü5Ï×U4âG¹´¢Æh9ÌdÇÈî

[ reply ]
Re: Hijacking a Macbook in 60 Seconds or Less Aug 10 2006 05:38PM
Michael Edwards (medwards digital-legal com) (1 replies)
How to persuade someone to switch off wireless Aug 11 2006 12:11PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr)
Re: Hijacking a Macbook in 60 Seconds or Less Aug 10 2006 04:42PM
mfossi securityfocus com (1 replies)
Re: Hijacking a Macbook in 60 Seconds or Less Aug 10 2006 05:55PM
Howard Oakley (h oakley btconnect com)


 

Privacy Statement
Copyright 2010, SecurityFocus