Neowin.net

A remotely exploitable buffer overflow glitch poses a risk for AOL ICQ users who have failed to apply a security fix, CERT warned yesterday.

It says attackers who are able to exploit the vulnerability may be able to execute arbitrary code with the privileges of the victim user.

An exploit is known to exist, but it is not believed to be widely distributed. Nor is there any evidence of crackers scanning the Internet in search of vulnerable machines.

Since ICQ is used by an estimated 122 million users, the vulnerability is still a concern.

The buffer overflow, which affects AOL Mirabilis ICQ Versions 2001A and prior, occurs during the processing of a Voice, Video & Games feature request message.

News source: The Reg

Closing the door

The security problems are enough to deter some businesses from setting up wireless systems, said Inder Gopal, CEO of ReefEdge, a New Jersey-based seller of wireless network equipment.

"A lot of companies had plans, and yes, a few have become gun-shy," Gopal said. "But a lot of IT guys are saying, 'Look, either I do it, or my employees are going to take the law into their own hands and set up a rogue access point.'"

Because security is such an important factor, companies are trying to set up official networks and discourage rogue ones. You can improve security by using "sniffers" to detect the networks, whether rogue or simply ones innocently set up at a nearby office or cafe. Companies can ensure their wireless networks only send encrypted data or use virtual private networks. Additionally, there is a new standard for a way these networks shower areas with access, one that is said to be able to stop at least 10 percent more break-in attempts.

Cisco Systems, the biggest seller of wireless access points for 802.11 networks, says its latest gear has better encryption, according to Vice President Ron Willis.

"We have made security a priority," said Willis, who downplayed some of the threat, noting that while it's one thing to get onto a wireless network, it's quite another to have the savvy to unlock the company's secrets.

At Cisco's campus in San Jose, Calif., where employees can buy 802.11 gear at the company store, the employees started building the network before the company did. Willis said they decided to see who was using the gear a few months after the equipment was first available.

"It wasn't much of a step" to stretch the self-built wireless network to cover the entire Cisco campus of about 45 buildings, he said.

IBM, which operates a corporate wireless network for its employees and sells them to clients, uses sniffers to locate rogue networks or other security breeches, said Guy Denton, an IBM wireless security consultant.

Executives agree these networks can greatly increase productivity. At a large warehouse operation, a wireless network used to assign tasks to the employee physically closest to the job increased productivity by 30 percent, according to Gopal.

A threadbare security blanket

But security experts have repeatedly shown that these networks can be intruded upon. The main problem is that the information travels over a free-to-use and unregulated piece of radio frequency not protected by any kind of encryption.

This week, wireless network vulnerabilities were exposed at two airports, where security is now a top priority. Computerworld magazine reported that two wireless security firms were able to access a wireless baggage check-in network used by American Airlines at both the San Francisco and Denver airports. From there, a person could manipulate systems set up to meet new federal requirements regarding baggage control.

"We thought what we'd really find were all these networks interfering with each other," because there are numerous 802.11b networks set up by various airlines, all using the same radio frequency, said Jonas Luster, chief architect at D-Fensive and one of the specialists involved in testing the airport systems. That same frequency, 2.4GHz, is also crowded because it is used for cell phones and microwaves, and at some point the heavy traffic can knock people off the network, garble phone calls, or bog down the system.

"I could very easily become a node on this network and from there, it wouldn't have been easy, but I could jump into more fruitful parts of the American Airlines airport network," said Luster, who said he also detected and accessed the wireless network set up by American Airlines at the San Jose International Airport.

An American Airlines spokesman said the company was already addressing the issue, although the networks remain in place. He refused further comment, saying the airline does not want to divulge its security plans.

Concerns over wireless networks security has forced one air travel company to change its plans.

Aeronautical Radio is moving away from using 802.11 for an airport's more important tasks, like tracking baggage or passing check-in information from curbside stands to departure gates, said Vice President Joe Weiss. The wireless service provider is owned by the major airlines and sells only to airlines.

"802.11 is easy...It's straightforward to put in some cables, some access points, and you're online," Weiss said. "Because of its commercial success, lots of folks have figured out how to listen in and circumvent such systems. You can actually buy programs on the Net that can decrypt and tell what's going on."

The problems also give pause at corporate campuses or in business parks where there are many businesses cheek-by-jowl in the same building.

"It's the nightmare of the IT manager," Gopal said. He said he runs into "a lot" of wildcat wireless networks, even at companies where he's trying to sell his products.

"We go and talk to IT managers. These guys say wireless is interesting, but we're just not going to do anything now," Gopal said. "We're telling them they are doing it right now."