Mike ‘Dragorn’ Kershaw

Temat: Wireless threats; They’re not dead yet!
Język: angielski
Bio:
Dragorn is the author of the open-source wireless sniffer and IDS
Kismet, as well as several other wireless-related open source
projects such as spectrum analysis tools and drivers, LORCON packet
injection, and others.
Abstrakt:
Synopsis: Great strides have been made over the last few years in
wireless security. Security on the access point is getting better but
clients still make a very juicy target. Our ever increasing mobile
workforce also means that the number of opportunities to attack these
clients keeps growing. In addition the number of wireless devices and
variety of protocols in use mean that its not just 802.11 devices that
are at risk.
Dragorn and RenderMan will show how wireless threats are still present and now causing even greater harm when blended with recent vulnerabilities in common browsers, web apps, SSL, and other technologies.
Description: Attacks targeting client devices are becoming more sophisticated. Kismet Newcore makes breaking WEP a passive action. Airpwn has received a facelift and is now capable of more unspeakable actions over open links (hotels, airports). Karma as well is flypaper for clients running wireless without any thought to protection. Recent vulnerabilities in browsers and other protocols that are often dismissed as ‘too hard to exploit to be useful’ are suddenly very possible and dangerous when wireless is involved, and attacks crossing from layer 2 directly to layer 7 vulnerabilities will be shown.
Reasoning: The message that wireless is unsafe has permeated the IT zeitgeist, however people still forget client devices. If I can control layer 2 I control everything on the network. Wireless makes it very easy to implement non-wireless attacks that are often overlooked or marginalized. This talk moves away from guarding the access points to guarding the clients. Considering the fun that is continually had by the authors at airports and public networks, this is a message that needs to get out.