Tuesday, March 6, 2007

Your Wi-Fi can tell people a lot about you | CNET News.com ARLINGTON, Va.--Simply booting up a Wi-Fi-enabled laptop can tell people sniffing wireless network traffic a lot about your computer--and about you. Soon after a computer powers up, it starts looking for wireless networks and network services. Even if the wireless hardware is then shut-off, a snoop may already have caught interesting data. Much more information can be plucked out of the air if the computer is connected to an access point, in particular an access point without security.  "You're leaking all kinds of information that an attacker can use," David Maynor, chief technology officer at Errata Security, said Thursday in a presentation at the Black Hat DC event here. "If the government was taking this information from you, people would be up in arms. Yet you're leaking this voluntarily using your laptop at the airport." There are many tools that let anyone listen in on wireless network traffic. These tools can capture information such as usernames and passwords for e-mail accounts and instant message tools as well as data entered into unsecured Web sites. At the annual Defcon hacker gathering, a "wall of sheep" always lists captured log-in credentials. Errata has developed another network sniffer that looks for traffic using 25 protocols, including those for the popular instant message clients as well as DHCP, SNMP, DNS and HTTP. This means the sniffer will capture requests for network addresses, network management tools, Web sites queries, Web traffic and more. 10:20:57 PM

A Network Sniffer On Steroids. A Network Sniffer On Steroids.   QuantumCrypto writes  "Errata has developed a new network sniffer, dubbed 'Ferret,' that looks for traffic using 25 protocols, including those for the popular instant message clients as well as DHCP, SNMP, DNS and HTTP. This means the sniffer will capture requests for network addresses, network management tools, Web sites queries, Web traffic and more. 'You don't realize how much you're making public, so I wrote a tool that tells you,' said Robert Graham, Errata's chief executive. Errata has released the source code to this version 1.0, 'feature-poor and buggy' tool on its site. Anyone with a wireless card will be able to run it, Graham said."  [Slashdot: Your Rights Online] 10:14:20 PM

Cybercrime Treaty: What it Means to You In that vein, in August the Senate ratified the Convention on Cybercrime, drafted by the Council of Europe with considerable input from the United States. So far, 43 nations have signed on. The Convention includes many sensible provisions aimed at unifying global computer-crime laws, and closes loopholes that make it possible for criminals to escape prosecution by locating their activities offshore. But civil libertarians, along with leading telecommunications companies, strongly oppose the treaty. Civil libertarians are especially concerned about the sweeping authority given to participating countries to seize information from private parties as they investigate cybercrimes, even when the activity being investigated isn't a crime in the country where the data is located. If France is investigating a sale of Nazi memorabilia on eBay, the U.S. must cooperate, even though such transactions are not illegal in the U.S. Telecommunications companies object to provisions that require member countries to establish and enforce potent data-retention policies for network traffic, and require any operator of a computer network to respond to requests for information from any participating country without compensation of any kind. These are potentially serious problems, especially given that the Convention is open to any country that wants to join. But there are more practical reasons U.S. businesses should be concerned. The provisions for data retention and production apply to any operator of a computer network, not just telecoms. Worse, Article 12 attaches liability to businesses for "lack of supervision or control" of employees who commit criminal offenses covered by the Convention. Businesses must worry about employee activities that may be legal here, but illegal elsewhere, risking administrative, civil, or even criminal penalties. These investigative and supervision costs will invariably be imposed on businesses without any real controls. Worldwide law-enforcement agencies, in other words, may now avail themselves of the opportunity to outsource their most expensive problems to you. 9:53:57 PM

Cybercrime Treaty ó Hidden Costs For All. Cybercrime Treaty [~] Hidden Costs For All. linuxtelephony writes in with an article at CIO Insight about a cybercrime treaty drafted in Europe with help from the US. It has implications for just about everyone with a network. From the article: "Civil libertarians are especially concerned about the sweeping authority given to participating countries to seize information from private parties as they investigate cybercrimes, even when the activity being investigated isn't a crime in the country where the data is located... Telecommunications companies object to provisions that require member countries to establish and enforce potent data-retention policies for network traffic, and require any operator of a computer network to respond to requests for information from any participating country without compensation of any kind... The provisions for data retention and production apply to any operator of a computer network, not just telecoms... Worldwide law-enforcement agencies, in other words, may now avail themselves of the opportunity to outsource their most expensive problems to you." [Slashdot: Your Rights Online] 9:48:08 PM

Bagle Worm Still Swarming over the Net. Bagle Worm Still Swarming over the Net. Three years after it first appeared, the Bagle is still in business, with many anti-virus engines unable to keep up, a security vendor claims [PC World: Latest Technology News] 9:36:02 PM

Apple Patches QuickTime Holes. Apple Patches QuickTime Holes. Apple on Monday issued security patches to plug multiple security holes in its QuickTime media player software. The new version of the player -- QuickTime 7.1.5 -- fixes at least eight separate and serious vulnerabilities. Updates are available for Mac OS X, Windows 2000, Windows XP and Windows Vista versions. Mac users can get the latest version either from Apple's site or via the built-in Software Update feature. Windows users with recent versions of QuickTime installed will already have Apple's Software Update program and should use that to get this latest version. Alternatively, Windows users can download it by following this link. [Security Fix] 12:04:12 PM

Month of PHP Bugs Gets Rolling. Month of PHP Bugs Gets Rolling. Developer launches a Month of PHP Bugs project with 11 bugs in five days. [PC World: Latest Technology News] 11:58:44 AM

Tonight(Tuesday) on Nightline - The NSA at AT&T Tonight(Tuesday) on Nightline is an episode on the NSA having a monitoring station in the AT&T wire room. They have the guy who originally broke the story being interviewed tonight. 11:55:07 AM

© Copyright 2007 Paul Hardwick. Last update: 3/18/07; 10:45:12 PM.