Information Security all in one place!

Wi-Fi

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers


Cisco WLCs and Cisco WiSMs are responsible for system-wide wireless
LAN functions, such as security policies, intrusion prevention, RF
management, quality of service (QoS), and mobility.

These devices communicate with controller-based access points over any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure using the Lightweight Access Point Protocol (LWAPP) and the Control and Provisioning of Wireless Access Points (CAPWAP) protocol.

The Cisco Wireless LAN Controller (WLC) product family is affected by
the following vulnerabilities:

* Cisco Wireless LAN Controllers HTTP Denial of Service Vulnerability
* Cisco Wireless LAN Controllers IPv6 Denial of Service Vulnerability
* Cisco Wireless LAN Controllers WebAuth Denial of Service Vulnerability
* Cisco Wireless LAN Controllers Unauthorized Access Vulnerability

Cisco has released free software updates that address these vulnerabilities. Workarounds are available that mitigate some of these vulnerabilities.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-wlc

Affected Products

The Cisco WLC product family is affected by multiple vulnerabilities. Affected versions of Cisco ASA Software vary depending on the specific vulnerability.

Vulnerable Products

Each of the following products is affected by at least one of the vulnerabilities covered in this Security Advisory:

* Cisco 2000 Series WLC
* Cisco 2100 Series WLC
* Cisco 2500 Series WLC
* Cisco 4100 Series WLC
* Cisco 4400 Series WLC
* Cisco 5500 Series WLC
* Cisco 500 Series Wireless Express Mobility Controllers
* Cisco Wireless Services Modules (WiSM)
* Cisco Wireless Services Modules version 2 (WiSM version 2)
* Cisco NME-AIR-WLC Modules for Integrated Services Routers (ISRs)
* Cisco NM-AIR-WLC Modules for Integrated Services Routers (ISRs)
* Cisco Catalyst 3750G Integrated WLCs
* Cisco Flex 7500 Series Cloud Controllers

Measures to mitigate these risks can be found here: http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20120229-wlc

Advertisements

Android: Malware Magnet


In the last seven months of 2011, malware targeting the Android platform jumped 3,325 percent!

According to Juniper Networks‘ Mobile Threat Report, malware targeting the Android OS grew by 3,325 percent in the last seven months of 2011.

“Android malware accounted for about 46.7 percent of unique malware samples that targeted mobile platforms, followed by 41 percent for Java Mobile Edition,” writes eWeek’s Fahmida Y. Rashid.

Android System architecture

Android System Architecture

“The explosion in Android malware is a direct result of the platform’s diverse and open marketplace where developers are free to post their apps as well as growing market share, according to Juniper,” Rashid writes. “Google‘s market share in the mobile space, at 46.9 percent, is statistically the same as the proportion of Android malware detected by Juniper.”

 

Read More: 2011 Android Report: Malware

 

 

 


5 Steps for analyzing your WLAN


Assessing Your Wireless Network Security

Wireless network penetration testing—using tools and processes to scan the network environment for vulnerabilities—helps refine an enterprise’s security policy, identify vulnerabilities, and ensure that the security implementation actually provides the protection that the enterprise requires and expects. Regularly performing penetration tests helps enterprises uncover WLAN network security weaknesses that can lead to data or equipment being compromised or
destroyed by exploits (attacks on a network, usually by “exploiting” a vulnerability of the system),Trojans (viruses), denial of service attacks, and other intrusions.

Here is a great article I was reading on Cisco blogs and found it useful to post. Enjoy!

5 Steps for Assessing Your Wireless Network Security

Sampa Choudhuri – Network security is a never-ending task; it requires ongoing vigilance. Securing your wireless network can be particularly tricky because unauthorized users can quietly sneak onto your network, unseen and possibly undetected. To keep your WLAN secure, it’s important to stay on top of new wireless vulnerabilities. By regularly performing a vulnerability assessment on your wireless network, you can identify and close any security holes before a hacker can slip through them.

With a WLAN vulnerability assessment, you’re figuring out what your wireless network looks like to the outside world on the Internet. Is there an easy way in to your network? Can unauthorized devices attach themselves to your network? A WLAN vulnerability assessment can answer these questions—and more.

Teaser:

1. Discover wireless devices on your network. You need to know everything about each wireless device that accesses your network, including wireless routers and wireless access points(WAPs) as well as laptops and other mobile devices. The scanner will look for active traffic in both the 2.4GHz and 5GHz bands of your 802.11n wireless network. Then, document all the data you collect from the scanner about the wireless devices on your network, including each device’s location and owner.

English: A Linksys wireless-G router.

2. Hunt down rogue devices. Rogue devices are wireless devices, such as an access point, that should not be on your network. They should be considered dangerous to your network security and dealt with right away. Take your list of devices from the previous step and compare it to your known inventory of devices. Any equipment you don’t recognize should be blocked from network access immediately. Use the vulnerability scanner to also check for activity on any wireless bands or channels you don’t usually use.

Read the 5 Steps here:

http://blogs.cisco.com/smallbusiness/5-steps-for-assessing-your-wireless-network-security/


Mobile Tech plays key role in Super Bowl ads:


Mobile highlights in Super Bowl commercials

Football was the main attraction during yesterday’s Super Bowl XLVI, but the commercials in between the plays also captured many viewers’ attention. The mobile industry was front-and-center during many of those commercials as it attempted to get some Super Bowl attention with a range of mobile-focused ads and technologies. It’s no real surprise that advertisers are keen to tap into users’ mobile interests; nearly 40 percent of respondents used mobile devices in response to TV ads during the game, according to mobile ad network provider InMobi, and 45 percent estimated that they would spend 30 minutes or more on their mobile devices during the game.

Super Bowl XLVI

Another major step forward in the mobile technology trend came from website vendor GoDaddy, which displayed a QR code during the entire duration of its cloud-focused Super Bowl commercial.Perhaps the best example of the mobile trend during the Super Bowl came from Best Buy, which is working to expand sales of mobile phones and smartphones through its retail locations. The company used its 30 seconds of Super Bowl glory to showcase mobile innovators–including  Instagram founder Kevin Systrom and Shazam creators Chris Barton and Avery Wang–in an effort to highlight the continued advances in mobile technology. The unspoken point, presumably, is that Best Buy is aware of trends in mobile technology and is well suited to help shoppers determine which phone to buy.

 Mobile Innovators

But Super Bowl ads weren’t the only place where mobile shined. The game was available on Verizon Wireless (NYSE:VZ) phones through its NFL Mobile app. And for those not on Verizon, the NFL itself created the free Super Bowl XLVI Guide app for viewers to obtain information on the game’s teams and players. There’s even a $1.99 app for iOS devices that allows users to view Super Bowl commercials and share them with friends.

Doritos made use of a Siri sound-alike

Football (Chase QuickPay)


802.1X password exploit on many HTC Android devices


802.1X password exploit on many HTC Android devices

Please read carefully:

There is an issue in certain HTC builds of Android that can expose the
user’s 802.1X Wi-Fi credentials to any program with basic WI-FI
permissions.  When this is paired with the Internet access
permissions, which most applications have, an application could easily
send all stored Wi-Fi network credentials (user names, passwords, and
SSID information) to a remote server.  This exploit exposes
enterprise-privileged credentials in a manner that allows targeted
exploitation.

Severity: Critical

Device Vendor : HTC

Confirmed Devices with vulnerability:

Desire HD  (both “ace” and “spade” board revisions) – Versions FRG83D, GRI40
Glacier – Version FRG83
Droid Incredible – Version FRF91
Thunderbolt 4G – Version FRG83D
Sensation Z710e – Version GRI40
Sensation 4G – Version GRI40

English: Wordmark of HTC. Trademarked by HTC.

Image via Wikipedia

Desire S – Version GRI40
EVO 3D – Version GRI40
EVO 4G – Version GRI40

Vulnerability Details:  

There is an issue in certain HTC builds of Android that can expose the
user’s 802.1X password to any program with the
“android.permission.ACCESS_WIFI_STATE” permission. When paired with
the “android.permission.INTERNET” permission, an app could easily send
user names and passwords to a remote server for collection. In
addition, if the SSID is an identifiable SSID (“Sample University” or
“Enterprise XYZ”), this issue exposes enterprise-privileged
credentials in a manner that allows targeted exploitation.

Although the published Android APIs don’t provide access to the 802.1X
settings, it is possible to view the settings with the .toString()
member of the WifiConfiguration class. The resulting output will look
something like this:

* ID: 2 SSID: “ct” BSSID: null PRIO: 16
KeyMgmt: WPA_EAP IEEE8021X Protocols: WPA RSN
AuthAlgorithms:
PairwiseCiphers: CCMP
GroupCiphers: WEP40 WEP104 TKIP CCMP
PSK:
eap: PEAP
phase2: auth=MSCHAPV2
identity: [Your User Name]
anonymous_identity:
password:
client_cert:
private_key:
ca_cert: keystore://CACERT_ct

On most Android devices, the password field is either left blank, or
simply populated with a “*” to indicate that a password is present.
However, on affected HTC devices, the password field contains the
actual user password in clear text.

This is sample output from a Sprint EVO running Android 2.3.3:
* ID: 0 SSID: “wpa2eap” BSSID: null PRIO: 21
KeyMgmt: WPA_EAP IEEE8021X Protocols: WPA RSN
AuthAlgorithms:
PairwiseCiphers: CCMP
GroupCiphers: WEP40 WEP104 TKIP CCMP
PSK:
eap: TTLS
phase2: auth=PAP
identity: test
anonymous_identity:
password: test
client_cert:
private_key:
ca_cert: keystore://CACERT_wpa2eap

Updating and more help can be found here:

Google has made changes to the Android code to help better
protect the credential store and HTC has released updates for all
currently supported phone and side-loads for all non-supported phone.

Android Market

Image via Wikipedia

Customer with affected versions can find information from HTC about
updating their phone at: http://www.htc.com/www/help/

Google has also done a code scan of every application currently in the
Android Market and there are no applications currently exploiting this
vulnerability.

Additional Contacts and Credit:

Credit: Chris Hessing from The Open1X Group (http://www.open1x.org) who is
currently working on Android, iOS, Windows, Mac OSX, and Linux 802.1X
tools for Cloudpath Networks (http://www.cloudpath.net/) discovered
this password exploit.

Contacts:

Chris Hessing
Senior Engineer, Cloudpath Networks (chris.hessing@cloudpath.net)
Chief Architect, Open1X Group (chris@open1x.org)
Bret Jordan CISSP
Senior Security Architect, Open1X Group (jordan@open1x.org)


Symantec says “Android Malware!” – True or False


driver_updater.gif

Symantec‘s classification of thirteen apps as malware has been criticized by Android security specialist Lookout who says that they are not malware but rather the integration of an aggressive ad network package which “should be taken seriously”. Lookout, like Symantec, also provides anti-virus software for Android.

Symantec had identified 13 apps which included the advertising package of the Apperhand network and classified it as malignant, warning that it had already infected up to five million Android devices. Apperhand sends a hash of the device’s IMEI to a server in order to uniquely identify the user and then configures the device to receive advertising via push messages. It also adds a shortcut to the launcher for Apperhand’s search engine and there are reports that it also changes the browser’s default search engine and home page settings.

English: Android Market on Samsung Galaxy S.

These activities though, says Lookout, do not justify it being called malware – Lookout defines malware as software that “is designed to engage in malicious behavior on a device. Malware can also be used to steal personal information from a mobile device that could result in identity theft or financial fraud”.

Although installation of the apps requires the granting of a wide range of permissions and in some cases the addition of the search engine is noted in the apps’ descriptions in the market, there is no doubt that many users do not question the permissions they are granting to an app on the fly. This means their decision to install is not an unambiguous grant of permission to take or modify their device’s settings.

Meanwhile, Google has removed some of the apps that Symantec classified as malware from the Google market. But the intrusive advertising does not seem to be the reason for the removal. It is believed that the removed apps had been using copyrighted names on copies of familiar games to attract users. Other games with the Apperhand code, such as the apps from Ogre Games, are still available in the Android Market.

Read More: http://www.informationweek.com/byte/news/personal-tech/mobile-apps/232500746
CyberGhost


Gigabit Wi-Fi Panel From the Wi-Fi Symposium



The Wi-Fi Mobility Symposium panelists discussed the possibilities for gigabit Wi-Fi, including practical applications and questions about the relevance of technologies like 802.11ac and 802.11ad. This session was introduced by Marcus Burton and moderated by Marcus and Andrew von Nagy. It features the following panelists (L-R):

Video Posted Here: http://vimeo.com/35706897

Speed is king. The desire for in-home video and multimedia distribution is growing as consumers increasingly adopt more dynamic time-shifted and location-shifted media consumption behaviors. Wireless networking is the preferred method due to its ease-of-use, ubiquity, and low-cost compared to wired network installation. Two separate standards are being developed to enable higher capacity and support for multiple high-def video streams: 802.11ac provides gigabit speeds for multi-room access and ensures backward compatibility with existing Wi-Fi equipment in the 5GHz frequency band, while 802.11ad provides multi-gigabit speeds at much shorter ranges but does not provide compatibility due to operation in the much higher 60GHz frequency range. Symposium panelists will present the benefits and development progress for both standards, and discuss use-cases within the home as well as enterprise environments.

 

Original Post: http://techfieldday.com/2012/gigabit-wi-fi-panel-wi-fi-symposium/