FCC Approves the use of “White Space”, What is the Security Concern?
On September 23rd of 2010 the FCC approved the usage of “White Space” for wireless networking access. White Space is the frequency that are between television broadcast channels and many of them became free when TV broadcasters switched from analog signals to digital signals.
Supporters of “White Space” plan to use it as a Mega Wi-Fi network that can range in miles as compared to current Wi-Fi system that ranges in feet. In addition, the “White Space” Wi-Fi network would have the capability of transmitting data through walls and would be as fast as today’s broadband and DSL connections.
There is a security concern that should be examined. Currently, many homes and businesses are not implementing the proper controls to protect current wireless networks. Even today, with the limited range of the current wireless networking systems, individuals are finding open and unsecure access points on the regular. Imagine if that were to span to miles, the number of open and unsecure wireless access point expand exponential in some locations.
Now usage of “White Space” has been approved, we will start seeing some early implementation in first quarter 2011. Security professionals and security organizations need to speak with vendors so security measures are built in and are set at the time of purchase. In addition, public service announcements to businesses and consumers will help with the awareness of the matter.
“White Space” and a Possible Security Concern
The FCC will be ruling on the usage of “White Space” for wireless networking access today (9/23/2010). White Space is the frequencies that are between television broadcast channels and many of them became free when TV broadcasters switched from analog signals to digital signals.
Supporters of “White Space” plan to use it as a Mega Wi-Fi network that can range in miles as compared to current Wi-Fi system that ranges in feet. In addition, the “White Space” Wi-Fi network would have the capability of transmitting data through walls and would be as fast as today’s broadband and DSL connections.
There is a security concern that should be examined. Currently, many homes and businesses are not implementing the proper controls to protect current wireless networks. Even today, with the limited range of the current wireless networking systems, individuals are finding open and unsecure access points on the regular. Imagine if that were to span to miles, the number of open and unsecure wireless access point expand exponential in some locations.
If the ruling is approved today, we will start seeing some early implementation in first quarter 2011. Security professionals and security organizations need to speak with vendors so security measures are built in and are set at the time of purchase. In addition, public service announcements to businesses and consumers will help with the awareness of the matter.
Stuxnet was a directed attack with insider knowledge expert says
An interesting article by Steve Ragan at thetechherald.com about the Stuxnet worm. Enclosed is part of the article:
The Christian Science Monitor, citing expert analysis, ran a story on Tuesday reporting that the Stuxnet Worm was a directed attack at a nuclear power plant in Iran.
Stuxnet appeared on the scene earlier this summer, though it was written more than a year ago. The code, its mechanics, the way it moved from system to system using Zero-Day vulnerabilities in Windows, everything about it was both frightening and shady. The hype given to it was justified, if only because it was a targeted payload, aimed at critical infrastructure.
“With the forensics we now have it is evident and provable that Stuxnet is a directed sabotage attack involving heavy insider knowledge,” wrote Ralph Langner, the CEO of Langner Communications, on the company website.
Langner’s research, as well as information from other experts who have seen it, was the basis for the Monitor story. You can see the entire story on a single printer page here.
“The attack combines an awful lot of skills – just think about the multiple 0day vulnerabilities, the stolen certificates etc. This was assembled by a highly qualified team of experts, involving some with specific control system expertise.”
Based on painstaking research, Langner determined that Stuxnet was programmed to target a single system by fingerprinting it. If the system in question is the one targeted, Stuxnet launches the attack. Otherwise it will remain dormant.
When Stuxnet attacks, it intercepts code from Simatic Manager that is loaded to the Programmable Logic Controller or PLC.
You can read more over here.
Twitter Mouse-Over Flaw Send Users to Dangerous Links
On Tuesday morning September 21, 2010, Twitter.com was hacked in a very crafty way. Twitter users needed to only move their mouse cursor over links on their twitter page to be redirected without the user intervention or permission. When redirected, they would be sent to malicious and offensive destinations, such as porn sites and malware sites.
As of 9:45 a.m. EDT, Twitter had identified the exploit and are currently taking steps to recertify the matter. Twitter administrators posted:
“please message @safety if you have info regarding such an exploit. We expect the patch to be fully rolled out shortly and will update again when it is.”
Inserting a line of JavaScript into the tweet, containing the command “onmouseover”, activates the flaw. The exploit is also being used to fill and submit status updates when rolled over, leading to further issues for users.
For now, it is recommended Twitter users access the site from a third-party client, such as TweetDeck, Seesmic or their mobile devices, since they are not vulnerable to the “onmouseover” exploit.
Check out an example of the exploit below:
FCC to make ruling on “White Space” usage.
We covered this topic with Alton Drew of The Alton Drew Group on The Tech Talk Show. The discussion pertain to how “White Space” will aid in bridging the digital divide. Of course there are security implications SecurityOrb.com will cover on this topic.
Adam Carpenter of the Fort Worth Gadgets Examiner for examiner.com wrote an interesting article.
On September 23rd the FCC will vote on a new set of rules that will finally allow their planned “super WiFi” to become reality.
In 2009 the FCC voted to open up the vast amounts of “white space” frequencies that lie between television broadcast channels. The move was the first time since 1985 that the FCC has opened up a new set of unliscenced frequencies. The frequencies that were opened in 1985 are the very same ones that are currently used for current WiFi internet, many remote controls, baby monitors, cordless phones, etc. A vast amount of innovation began when the frequencies were opened then, and as FCC Chairman Julius Genachowski said “We’re hoping history will repeat itself.”
You can find the rest of the article here.
The EnCase Evidence File Format
The EnCase evidence file can also be referred to as a forensic image file. The concept of an image file is where the entire drive contents of a target media is copied to a file and checksum values are calculated to verify the integrity (useful in court cases) of the image file (often referred to as a “hash value”). Forensic images are acquired with the use of software tools such as the UNIX “dd’ and FTK Imager as well as hardware were cloning devices such as the Solo Masster and Logicube’s MD5 have added forensic functionality.
One major difference between the above mentioned techniques to acquire image files and the EnCase image files is the “bag-and-tag” concept. The UNIX “dd” and many of the hardware cloning devices only provide the bit-for-bit information during acquisition. EnCase on the other hand provides the bit-for-bit data as well as additional data such as case information; data block integrity and file integrity to name a few. These functions are built into the EnCase imaging process for interoperability and ease of use. If the same function were to be implemented using the UNIX “dd” or the hardware options, this process would require many different tools and multiple steps to obtain the same results.
