Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security Wireless Networking

Vulnerability, Potential Exploit In Cisco WLAN APs 35

Posted by timothy from the just-wrap-it-in-tin-foil dept.
An anonymous reader writes "The AirMagnet Intrusion Research Team has uncovered a new wireless vulnerability and potential exploit associated with Cisco wireless LAN infrastructure. The vulnerability involves Cisco's Over-the-Air-Provisioning (OTAP) feature found in its wireless access points. The potential exploit, dubbed SkyJack by AirMagnet, creates a situation whereby control of a Cisco AP can be obtained, whether intentionally or unintentionally, to gain access to a customer's wireless LAN."
This discussion has been archived. No new comments can be posted.

Vulnerability, Potential Exploit In Cisco WLAN APs More

Vulnerability, Potential Exploit In Cisco WLAN APs

Comments Filter:

  • Unintentionally? (Score:3, Insightful)

    by Opportunist ( 166417 ) on Tuesday August 25, 2009 @09:00AM (#29185257)

    How do you unintentionally gain access to something? How should I picture this? "Gee, officer, I was leaning against this door and then it suddenly opened and I tripped and then I must have stumbled into the jewelry box and all those rings just happened to pour into my pockets, dunno how this happened..."

  • Re:Config option, not all that bad (Score:4, Insightful)

    by jeffmeden ( 135043 ) on Tuesday August 25, 2009 @09:26AM (#29185559) Homepage Journal
    Not a big deal if (a) you happened to already do this during rollout or (b) you are properly notified about this and config changes are trivial on your network. In cases where you have a very large network and no centralized configuration manager, you will have to sink a lot of time into this 'fix' and that's assuming you don't use OTAP. In the case that you do use OTAP, or in the case that you are too busy to notice this and/or too busy to spend time reconfiguring all the affected devices, then yes, it can be a 'big deal'.

  • Re:Unintentionally? (Score:4, Insightful)

    by fuzzyfuzzyfungus ( 1223518 ) on Tuesday August 25, 2009 @09:46AM (#29185807) Journal
    Given the amount of effort, particularly in consumer computer systems, to make things happen "automagically"(think DHCP, uPNP, zeroconf, autoconnecting to open APs, and the like), it is far from implausible that a system would unintentionally gain access to another system.

    If, say, you have a bog standard XP laptop, with a bittorrent client or other uPNP-using application running on it, and you start it up within range of an open AP, you could very well connect to somebody else's network and reconfigure their router all automatically. Never mind what might happen if your box is 0wn3d and full of malware that might attempt to automatically spread to other machines on the network you just joined.

    Technology has its share of "Golly shucks, officer, I dunno how this happened" excuses; but it also has huge amounts of automation going on.

Slashdot Top Deals

"More software projects have gone awry for lack of calendar time than for all other causes combined." -- Fred Brooks, Jr., _The Mythical Man Month_

Close