Hacker Newsnew | comments | show | ask | jobs | submit | uxp's comments login

> When combined with an earlier vulnerability, named “Wi-Figate”, which lets attackers force a device to automatically connect to a given WiFi network

I'm not fully up on exploitable iOS tricks, but it sounds like they're spoofing a BSSID to be one that the iOS device has already connected to (because iOS devices broadcast this when scanning for networks IIRC?), but has RADIUS authentication with a specially crafted server certificate that manages to crash the network stack.

reply


> (because iOS devices broadcast this when scanning for networks IIRC?)

Not anymore, Apple fixed that in recent iOS versions. Probe requests are not divulging SSIDs anymore. However WifiGate uses common SSIDs and network operators preloaded ones as honeypots.

reply


Seems that wasn't fixed reliably. Still seeing lots of probe requests. Is there a https://support.apple.com/HT... talking about it?

reply


Not aware of anything from Apple about this issue. It was just an assumption, sorry. What I did is test up to date devices (i think i even tested an up to date iOS 6) and couldn't get any specific SSID. The probe requests were still there, but SSID parameter was always set to Broadcast.

However I did see a lots of probe requests WITH a SSID parameter set but those were not coming from my devices :). I assumed they were not up to date.

I am very interested to know if the probe requests you're seeing are also coming from unknown devices: if they aren't, could you provide us with the iOS version you're using/testing with?

reply


The devices I know are several iPhones 6/6+ running iOS 8.3.

reply


Like the largely unsuccessful Motorolla Rokr?

-----


> What do you call something that grants root access without authentication, but wasn't intended to let arbitrary people or programs use it?

Local privilege escalation. In a huge number of established LPEs, the exploit is by leveraging a weakness in checking who makes the call that allows legitimate privilege escalation. This is a legitimate privilege escalation (sshd binds to port 22, among others tasks), that can be exploited through a weakness in checking who is making that request and if they can have that granted.

-----


There are a number of open source discussion lists I've been subscribed to over the past decade (usenet, then Google Groups) that have recently migrated to hosted Discourse boards because of Google's lack of spam fighting tools. Who cares about what the listservs UI looks like, the entire point is to receive and send email. Lets help build good spam fighting capabilities into mailman and others so all of our knowledge isn't locked into these walled-garden communities.

-----


Actually mailman 3 can help fighting spam:

* Since data is now in SQL, it's easier to interact with the DB and have simple tools delete spammers. * Since there's an exposable API now, it's possible to develop systems that interact with mailman and help with the issue.

-----


I find that the Man pages on BSD-derived systems are generally quite exceptional, where as GNU-based systems seem to be less so. `info` seems to be their attempt at making a better `man`, but it's pretty hit-or-miss if a Linux-based project thats not from the FSF supports infopages over manpages.

-----


info itself is merely annoying (to me).

But the one thing I hate about info is that they often change the "see also" near the end of a man page from a list of similar or related commands that you might want to also read, to an invitation to use the info chapter for that command. Aarrrggghhh!

  man less
  ...
  SEE ALSO
         lesskey(1)


  man ls
  ...
  SEE ALSO
         The full documentation for ls is maintained as a  Texinfo  manual.
         If  the info and ls programs are properly installed at your site, the command

              info coreutils 'ls invocation'

       should give you access to the complete manual.
Why hijack a useful section? Why not just add a "SEE INFO" section?

-----


USB PIDs aren't like NIC MAC addresses, two identical items (keyboards, webcams, etc.) are supposed to have the same PID in order for the OS to recognize them as being the same and to apply the same driver to them. The VID is just a namespacing convention.

-----


The Truecrypt developers left for an unspecified reason. Anyone claiming otherwise is speculating.

-----


If you're writing http headers out to your apache logs on your production server, you're doing it _severely_ wrong.

edit: I'm specifically talking about http basic auth with a precomputed "Authentication: base64($username + $passwd)" header, not a GET of "/foobar?api_key=12345abcd". The latter is obvious in it's failures and is not related to http basic auth.

-----


Obviously :-) If you're going after basic-auth-headers, you'd probably be sniffing the network.

> Authenticate once, generate a token, and use the token for auth from that point.

If that token is passed back and forth in the http url, it ends up at places where it's easy to find/intercept.

You can use a gazillion bcrypt rounds to store the password: they still send me a link to a page, including their auth-token.

-----


Implementations are not standards.

-----


I'd have to disagree. I don't have any insight into the church office building's internal network, but I do know that they already have massive lines going into the church office building and the surrounding Temple Square area. The church itself has no need for more fiber. Even if they did, they showed no desire to help UTOPIA along (they even have the capabilities of becoming a private leaser), so what makes you think they would want to pipe their traffic through a third party advertising agency?

Secondly, Salt Lake City proper, where I live and where this announcement is declaring the buildout initiative, is very much not-mormon. The number of people logging on to their site to stream videos is minuscule compared to the number of people in the surrounding suburban sprawl. Google Fiber isn't coming to Salt Lake Valley, it's coming to the City. This won't help them.

-----

More

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: