- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2021
06:38 PM
05-12-2021
06:38 PM
Wifi and FRAGAttacks
Right. You might want to pay attention to this one, since it's inherent in the protocol ("Come and see the insecurity inherent in the system!"), and affects pretty much every version and implementation of wifi.
It's called FRAGAttacks (FRagmentation and AGgregation attacks). It's not a single vulnerability, but lots of them.
The issues.
https://thehackernews.com/2021/05/nearly-all-wifi-devices-are-vulnerable.html
(Shades of 5G ...)
............
Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
4 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2021
11:46 PM
05-12-2021
11:46 PM
Great post! I was not aware of this vulnerability in WiFi. Apparently WiFi aggregates frames into larger ones to improve efficiency. In order for the receiving system to know if the frame is aggregated there is a flag in the header that is either set to true or false. The problem is that this flag can be manipulated. By setting the flag of a non aggregated frame to true, malicious frames could be aggregated to this frame.
Thanks again for posting this, it was the most interesting thing I learned today.
Alex
Thanks again for posting this, it was the most interesting thing I learned today.
Alex
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2021
01:14 PM
05-13-2021
01:14 PM
Saw this on hackernews and thought oh no not again!
-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2021
01:17 PM
05-13-2021
01:17 PM
> alekos (Newcomer II) posted a new reply in Industry News on 05-12-2021 11:46 PM
> Thanks again for posting this, it was
> the most interesting thing I learned today.
Thank you for those kinds words, and quite welcome. Always happy to help.
(In other news, the latest report on the Colonial pipeline issue that I have heard
(but not yet been able to verify) is that the ransomware attack is *not* what shut
it down: Colonial ceased pumping because of concerns that they wouldn't be able
to *BILL* customers properly ...)
======================
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
"Cybersecurity Lessons from CoVID-19" CRC Press 978-0-367-68269-9
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
https://is.gd/RotlWB http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
............
Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
> Thanks again for posting this, it was
> the most interesting thing I learned today.
Thank you for those kinds words, and quite welcome. Always happy to help.
(In other news, the latest report on the Colonial pipeline issue that I have heard
(but not yet been able to verify) is that the ransomware attack is *not* what shut
it down: Colonial ceased pumping because of concerns that they wouldn't be able
to *BILL* customers properly ...)
======================
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
"Cybersecurity Lessons from CoVID-19" CRC Press 978-0-367-68269-9
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
https://is.gd/RotlWB http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
............
Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2021
01:46 PM
05-13-2021
01:46 PM
> Steve-Wilme (Advocate I) posted a new reply in Industry News on 05-13-2021 01:14
> Saw this on hackernews and thought oh no not again!
Teardrop lives!
======================
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
"Cybersecurity Lessons from CoVID-19" CRC Press 978-0-367-68269-9
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
https://is.gd/RotlWB http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
............
Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
> Saw this on hackernews and thought oh no not again!
Teardrop lives!
======================
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
"Cybersecurity Lessons from CoVID-19" CRC Press 978-0-367-68269-9
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
https://is.gd/RotlWB http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
............
Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468