[Full-disclosure] Worldwide WEP Vulnerability Disclosure

From: Spinoza DesCartes (techn9ne_at_infiltrated.net)
Date: 09/08/05

  • Next message: Micheal Espinola Jr: "Re: [Full-disclosure] [Fwd: MM - #$%@ Kill Google!]"
    Date: Thu, 8 Sep 2005 17:14:54 -0400 (EDT)
    To: full-disclosure@lists.grok.org.uk

    Product: Remote Wireless Panties
    Versions: All
    Bug: DoS vulnerability
    Impact: Attacker's can cause overflow.
    Date: Septmber 08, 2005
    Author: Spinoza DesCartes
                Perfidious Security Team
                Email: techn9ne@infiltrated.net


    Remote Wireless Panties are something of a novelty used by women
    for pleasure. Although this may not be the proper forum for it, it is
    nevertheless a security problem. At first I was reluctant to post this
    message for fear of ridicule, but I figured I would let the experts handle
    this one. Besides it is a wireless issue.

    The bug

    These wireless panties run off of a wireless frequency ranges of
    2.400GHz to 2.500GHz which is typical of say a cordless phone
    wireless router, etal. When someone uses this product there seems
    to be some form of interference coming from multiple wireless
    products which causes the product to behave erratic and jack
    up its speed.

    The Fix

    Create a Wireless Tunnel between the product and the product's remote
    this helps ensure that only the intended product alone understands the
    transmitted signals. Tunnled signals are encrypted and unless using
    encryption - transmitted data may reach unintended recipients.

    Encrypting also ensures that it remains uncorrupted throughout the
    connection and allows the user to flexibility move about freely
    sending and receiving signals. Temporal Key Integrity Protocol (TKIP)
    and in 2004, Advanced Encryption Standard points can be used in
    the future as well depending on the need for high level encrption.

    The exploit

    No known exploits exist however cordless telephones, ham radios,
    and all other sorts of wireless products seem to interfere with the
    product which makes it somewhat of a danger (if viewed this way)
    to anyone using the product.

    Attacker can adjust speeds, and flicker with the power.

    The fix

    VPN's or WEPS can be used to secure the connection to the product
    but one might want to simply avoid using it near other wireless products

    Vendor Status

    Vendor notified

    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

  • Next message: Micheal Espinola Jr: "Re: [Full-disclosure] [Fwd: MM - #$%@ Kill Google!]"