 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Kent Borg <kentborg at borg.org> writes: > Note the newest 802.1* security hole. Apparently a bad guy can send > some sort of hangup message that will cause your card to think it has > lost its connection, but the access point doesn't notice and the bad > guy can take over your connection. Apparently it is a bit more > trivial to do if one is not using WEP, but not impossible in either > case. If one is using ssh over the link (protocol 2), then presumably the ssh session would notice (and terminate) even if the access point didn't. So the bad guy can pull a DoS on you, but unless there's a vulnerability in ssh2 that I'm unaware of, the ssh sessions should still be safe. Ssh1, of course, is known to be trivially easy to exploit, and thus is really no better than ROT13 at this point. -- John Abreau / Executive Director, Boston Linux & Unix ICQ 28611923 / AIM abreauj / JABBER jabr at jabber.org / YAHOO abreauj Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 344 bytes Desc: not available URL: <http://lists.blu.org/pipermail/discuss/attachments/20020222/6dddf5a8/attachment.sig>
