Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

New Linux Wi-Fi driver security flaw has been discovered


Add to     Digg this story Digg this

April 17, 2007

A new security flaw has been discovered in a popular Linux Wi-Fi driver that can enable a potential hacker to take control of a laptop, even while it isn't connected to a Wi-Fi network. Overall, there have not been that many Linux Wi-Fi device drivers, and this could be the first remotely executable Wi-Fi security hole.

According to Laurent Butti, a researcher from France Telecom's Orange division, the new security hole could affect the widely used Mad Wi-Fi Linux kernel device driver for Atheros-based Wi-Fi chipsets. Butti discovered the security hole and released the information in a presentation at last month's Black Hat conference in Amsterdam.

Butti said "you could be vulnerable if you don't manually patch your MadWi-Fi driver."

Before making the news public, Butti shared the potential hole with the MadWi-Fi development team, who have since released a security patch. But not all Linux distributions have yet built the patch into their code, added Butti.

The Linux kernel stack-overflow bug lets an attacker run malicious code, and can be used even if the machine is not even actively on a Wi-Fi network, according to Butti, who used "fuzzing" techniques which had been shown by David Maynor and Jon Ellch, at last year's Black Hat USA conference, and also previously exploited on Windows and Macintosh systems.

Overall, Linux users have previously suffered from a shortage of Linux drivers, and have campaigned to get wireless networks supported in the Linux kernel. With fewer Linux laptops on Wi-Fi networks, security experts (and presumably hackers) have taken longer and longer to get round to Linux drivers.

However, the issue of handling remote data at the kernel level can cause serious trouble on the Linux open source operating system just as easily as any other OS.

Butti has previously developed the RAW series of proof-of-concept hacker tools.

He also found the Windows Wi-Fi flaw by fuzzing, during the Month of Kernel Bugs in 2006.

According to Butti, fuzzing is a blessing, since it's a low-cost way for security researchers to uncover obvious bugs that may get overlooked at first, and then exploited by potential hackers.

In the future, Butti expects fuzzing to reveal other security flaws in various wireless technologies like WiMax, and wireless USB, as well as many more bugs in the extensions that are regularly added to Wi-Fi.

Add to     Digg this story Digg this

Source: IT World Canada


Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer