当前时区为 UTC + 8 小时



发表新帖 回复这个主题  [ 7 篇帖子 ] 
作者 内容
1 楼 
 文章标题 : Linux首次出现Wi-Fi漏洞 危及笔记本
帖子发表于 : 2009-08-12 12:48 
头像

注册: 2008-10-14 21:54
帖子: 880
送出感谢: 0 次
接收感谢: 2
一款主要的Linux Wi-Fi驱动程序中被发现存在一个缺陷,它使黑客能够控制笔记本电脑,即使笔记本电脑没有在Wi-Fi网络上。

  据Techworld.com网站报道称,目前,Linux平台上的Wi-Fi驱动程序还不太多,这显然是第一个可以被远程利用的Wi-Fi缺陷。据来自法国电信旗下Orange的研究人员劳伦特称,它影响被广泛使用的基于使用Atheros Wi-Fi芯片组的MadWi-Fi Linux内核设备驱动程序。劳伦特发现了该缺陷,并在上个月的Black Hat黑客会议上发布了相关信息。

  劳伦特表示,如果不以手工方式修正MadWi-Fi驱动程序,用户就存在受到攻击的可能性。在披露该缺陷前,他向MadWi-Fi开发团队通报了相关资料。MadWi-Fi开发团队已经发布了补丁软件。劳伦特说,但是,并非所有的Linux版本都集成了这一补丁软件。

  据劳伦特称,该内核堆栈溢出缺陷使黑客能够运行恶意代码,即使笔记本电脑没有登录在Wi-Fi网络上,该缺陷也可能为黑客所利用。

  Linux用户此前一直受困于Linux驱动程序的短缺,要求在Linux内核中支持无线网络。由于Wi-Fi网络上的Linux笔记本电脑较少,安全专家和黑客一直没有足够的时间来关注Linux驱动程序,但是,在内核一级处理远程数据在Linux上与其它操作系统上一样容易造成问题。

:em06
楼下提醒,这是07年的新闻,大家纯当娱乐。


_________________
地狱可以想象,天堂却无法描述。


最后由 bbeikke 编辑于 2009-08-12 13:51,总共编辑了 3 次

页首
 用户资料  
 
2 楼 
 文章标题 : Re: Linux首次出现Wi-Fi漏洞 危及笔记本
帖子发表于 : 2009-08-12 13:20 
头像

注册: 2006-12-23 13:46
帖子: 9203
地址: Azores Islands
送出感谢: 0 次
接收感谢: 1
两年前的消息,楼上也没注明来源

http://www.bestsecuritytips.com/news+ar ... id+220.htm


Posted by Max on 2007/4/17 16:30:14 (1449 reads)
Linux Security

A software bug has been found in MadWiFi Linux kernel driver that can allow a hacker to take control of a laptop - even when it is not hooked on a WiFi network.

There have not been many Linux WiFi device drivers, and this is actually the first remotely executable WiFi bug. It affects the broadly used MadWiFi Linux kernel device driver for Atheros-based WiFi chipsets, according to Laurent Butti, a security researcher from France Telecom Orange, who found the flaw and released the news in a presentation at last month's Black Hat conference in Amsterdam.

"You may be vulnerable if you do not manually patch your MadWiFi driver," said Butti. Before making it public, he shared the flaw with the MadWiFi development team, who have released a patch. However, not all Linux distributions have yet built the patch into their code, said Butti.

The kernel stack-overflow bug lets an attacker run malicious code, and can be used even if the machine is not actively on a WiFi network, according to Butti, who used "fuzzing" techniques which had been shown by David Maynor and "Johnny Cache" Jon Ellch, at last year's Black Hat USA conference, and previously exploited on Windows and Macintosh systems.

Linux users have previously suffered from a shortage of Linux drivers, and have campaigned to get wireless networks supported in the Linux kernel. With fewer Linux laptops on WiFi networks, security experts - and presumably hackers - have taken longer to get round to Linux drivers, but issue of handling remote data at the kernel level can cause trouble on the open source OS just as easily as any other.

Butti has previously developed the RAW series of proof-of-concept hacker tools. He also found the Windows WiFi flaw by fuzzing, during the Month of Kernel Bugs last year.

Fuzzing is a blessing, according to Butti, because it is a low-cost way for security researchers to uncover obvious bugs that may get overlooked, and exploited by hackers.

In future, he expects fuzzing to reveal bugs in other wireless technologies like WiMax, and wireless USB, as well as many more bugs in the extensions that are regularly added to WiFi.


_________________
no security measure is worth anything if an attacker has physical access to the machine


页首
 用户资料  
 
3 楼 
 文章标题 : Re: Linux首次出现Wi-Fi漏洞 危及笔记本
帖子发表于 : 2009-08-12 13:21 
头像

注册: 2005-08-14 21:55
帖子: 58428
地址: 长沙
送出感谢: 4
接收感谢: 272
madwifi本来驱动就不好。便宜没好货吧。


_________________
● 鸣学


页首
 用户资料  
 
4 楼 
 文章标题 : Re: Linux首次出现Wi-Fi漏洞 危及笔记本
帖子发表于 : 2009-08-12 13:47 
头像

注册: 2008-10-14 21:54
帖子: 880
送出感谢: 0 次
接收感谢: 2
skyx 写道:
两年前的消息,楼上也没注明来源

http://www.bestsecuritytips.com/news+ar ... id+220.htm


Posted by Max on 2007/4/17 16:30:14 (1449 reads)
Linux Security

A software bug has been found in MadWiFi Linux kernel driver that can allow a hacker to take control of a laptop - even when it is not hooked on a WiFi network.

There have not been many Linux WiFi device drivers, and this is actually the first remotely executable WiFi bug. It affects the broadly used MadWiFi Linux kernel device driver for Atheros-based WiFi chipsets, according to Laurent Butti, a security researcher from France Telecom Orange, who found the flaw and released the news in a presentation at last month's Black Hat conference in Amsterdam.

"You may be vulnerable if you do not manually patch your MadWiFi driver," said Butti. Before 【被屏蔽】 it public, he shared the flaw with the MadWiFi development team, who have released a patch. However, not all Linux distributions have yet built the patch into their code, said Butti.

The kernel stack-overflow bug lets an attacker run malicious code, and can be used even if the machine is not actively on a WiFi network, according to Butti, who used "fuzzing" techniques which had been shown by David Maynor and "Johnny Cache" Jon Ellch, at last year's Black Hat USA conference, and previously exploited on Windows and Macintosh systems.

Linux users have previously suffered from a shortage of Linux drivers, and have campaigned to get wireless networks supported in the Linux kernel. With fewer Linux laptops on WiFi networks, security experts - and presumably hackers - have taken longer to get round to Linux drivers, but issue of handling remote data at the kernel level can cause trouble on the open source OS just as easily as any other.

Butti has previously developed the RAW series of proof-of-concept hacker tools. He also found the Windows WiFi flaw by fuzzing, during the Month of Kernel Bugs last year.

Fuzzing is a blessing, according to Butti, because it is a low-cost way for security researchers to uncover obvious bugs that may get overlooked, and exploited by hackers.

In future, he expects fuzzing to reveal bugs in other wireless technologies like WiMax, and wireless USB, as well as many more bugs in the extensions that are regularly added to WiFi.

:em06
学习了,新闻里看到的,没想到是两年前的。。。


_________________
地狱可以想象,天堂却无法描述。


页首
 用户资料  
 
5 楼 
 文章标题 : Re: Linux首次出现Wi-Fi漏洞 危及笔记本
帖子发表于 : 2009-08-12 14:22 
头像

注册: 2008-10-31 15:28
帖子: 909
地址: 中国上海
送出感谢: 0 次
接收感谢: 4
楼主把我吓了一跳!


_________________
家乡:湖南张家界


页首
 用户资料  
 
6 楼 
 文章标题 : Re: Linux首次出现Wi-Fi漏洞 危及笔记本
帖子发表于 : 2009-08-12 14:29 
头像

注册: 2007-05-05 23:59
帖子: 2032
地址: 嘉兴
送出感谢: 0 次
接收感谢: 1
不要害怕~~~啊,不要害怕~~~ :em09


_________________
ufraw中文(raw图像处理)  http://sites.google.com/site/ufrawzh/
Gimp影像处理 http://sites.google.com/site/gimpcn/


页首
 用户资料  
 
7 楼 
 文章标题 : Re: Linux首次出现Wi-Fi漏洞 危及笔记本
帖子发表于 : 2009-08-13 10:00 
头像

注册: 2008-12-18 11:47
帖子: 611
送出感谢: 0 次
接收感谢: 0 次
日啊,我的刚好是atheros ar242x芯片的。用的MADWIFI-snapshot驱动。
:em05 :em05 :em05


页首
 用户资料  
 
显示帖子 :  排序  
发表新帖 回复这个主题  [ 7 篇帖子 ] 

当前时区为 UTC + 8 小时


在线用户

正在浏览此版面的用户:没有注册用户 和 4 位游客


不能 在这个版面发表主题
不能 在这个版面回复主题
不能 在这个版面编辑帖子
不能 在这个版面删除帖子
不能 在这个版面提交附件

前往 :  
本站点为公益性站点,用于推广开源自由软件,由 DiaHosting VPSBudgetVM VPS 提供服务。
我们认为:软件应可免费取得,软件工具在各种语言环境下皆可使用,且不会有任何功能上的差异;
人们应有定制和修改软件的自由,且方式不受限制,只要他们自认为合适。

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
简体中文语系由 王笑宇 翻译