Rigorous and sometimes raw disclosure of network vulnerabilities will all be part of the action at next week’s back-to-back hackfests, Black Hat and Defcon in Las Vegas.

Exploits that can lure wireless LAN users into phony access control points, plus discussions of how to break into computers by manipulating coding errors will be hot topics. At one session, AirTight Networks will demonstrate how phony WLAN access points can be set up to trick a WLAN user into using them -- an attack AirTight says neither its intrusion-prevention system (IPS) nor anyone else’s can stop.

“We call it ‘multipot,’ and we accidentally stumbled upon this observation in our own testing,” says Pravin Bhagwat, CTO at AirTight, about its planned demo at Defcon.

Click to see: Wireless LAN security threat

The ‘multipot’ attack, according to Bhagwat, is a variation on the Evil Twin ploy, in which a single WLAN access point is given a spoofed Service Set Identifier based on the SSID of a legitimate wireless access point, something done through WLAN sniffing.

“With Evil Twin, the attacker sits in the path of the network, monitoring the user with the purpose of stealing log-in credentials and observing other traffic,” says Bhagwat. Today’s IPS can thwart this by breaking the connection by keeping track of authorized access points, he says.

But to his dismay, Bhagwat says AirTight has found if the attacker has set up two or more controlled Evil Twin access points to lure in a single WLAN user, the IPS is ineffective at repelling the attack.

“You kill one connection but the new one is enabled,” says Bhagwat. “Why can’t you knock both off at the same time? Because you need a sensor to transmit and it can only transmit one at a time. It’s a cat-and-mouse game.”

Bhagwat says AirTight will be doing the Multipot demonstration at Defcon because “there’s a need in this industry to become aware of this so new technologies can be developed.” AirTight says it’s experimenting with a new defense but doesn’t expect to be able to publicly reveal it until later in October.

A session at Black Hat that could provoke discussion will show how it’s possible to remotely compromise servers by exploiting poor software coding called dangling pointers that developers might leave in C or C++ applications.

Danny Allen, director of security research at Watchfire, which will be demonstrating the attack, describes a dangling pointer as a software error in which a pointer that’s supposed to indicate a specific address in memory holding a particular software object is actually pointing to an address in memory that doesn’t hold anything.

Whitepapers

• The Trend from UNIX to Linux in SAP(r) Data Centers
• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology

View more SECURITY whitepapers

Webcasts

• The Secure Web Gateway. Mission Critical For Business - Webcast
• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports