terça-feira, julho 04, 2006

The Ten Most Critical Wireless and Mobile Security Vulnerabilities

1. Default WiFi routers: By default, wireless routers are shipped in an un-secured state.

2. Rogue Access Points: set up an authorized access point, without informing the network administrator.

3. Wireless Zero Configuration: When a computer connects to an access point, it generally stores the details of that connection locally. The next time the computer is turned on, the wireless network card immediately looks for the connection and re-establishes the connection. Since the SSID value is sent as plain text, anyone with a sniffer can see it. Programs like Karma automate this process.

4. Bluetooth exploits: BlueSnarfing, BlueBugging, BlueJacking, BlueTooth DoS attacks.

5. WEP Weaknesses: passwords can easily be cracked using Airsnort.

6. Clear Text Encryption Passwords: Some of the most popular mobile encryption programs even store the password in plain text in the registry.

7. Malicious Code: "Airborne" mobile viruses.

8. Autorun: Windows Mobile devices contain a little-known autorun feature that can provide an attacker with a quick and easy method of infection. When a media card is inserted into the PDA, Windows Mobile will copy over the autorun.exe (if it exists), create a copy in the /Windows directory, and execute it. A user can prevent this by creating a read-only dummy executable called autorun.exe and put it in the /Windows folder.

9. Multiple VoIP attacks: VoIP is mostly sent in an unencrypted format. As a result, anyone can see the connection information and capture/record the conversation. Programs like VoMiT and Cain & Abel can easily capture and record conversations. Other programs like sipbomber can kick a user offline. In addition, SiVus (a VoIP scanner) can quickly locate VoIP enabled systems.

10. Lost and stolen devices: All mobile databases should be encrypted. A good, written security policy and user education are also important. Mobile devices should all have a login copyright banner, along with return information.

Fonte: Help Net Security ( http://www.net-security.org/article.php?id=927&p=1 )

Nenhum comentário: