WinInfo Daily UPDATE, May 17, 2004

This Issue Sponsored By

Oracle Database 10g Standard Edition;7811348;9025464;n?

Sponsor: Oracle Database 10g Standard Edition

Get 24/7 availability at an economy price. Oracle Database 10g Standard Edition includes Real Application Clusters for 24/7 availability at the lowest cost. With RAC, every server actively handles user requests, so you save nearly $5,000 per CPU. You also save 50% on hardware. Click for a free Oracle two-day DBA self-study course.;7811348;9025464;n?


In the News

- Wi-Fi Vulnerability Threatens Wireless Availability

==== In the News ====

by Paul Thurrott, [email protected]

Wi-Fi Vulnerability Threatens Wireless Availability

Students at an Australian university have discovered a flaw in Wi-Fi (the 802.11b wireless standard) that could let an attacker effectively shut down wireless networks with a Denial of Service (DoS)-like attack. The PhD students, who hail from the Queensland University of Technology's Information Security Research Centre, were studying ways to prevent Wi-Fi-based attacks when they discovered the vulnerability. They say that the Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) feature of Wi-Fi networks, which adhere to the IEEE's standardized 802.11 protocol, is to blame.
By using a simple Wi-Fi-enabled off-the-shelf handheld device to exploit the way the CSMA/CA feature's Clear Channel Assessment (CCA) function works, an attacker could cause both wireless Access Points (APs) and wireless client devices (e.g., notebook computers, PDAs) to stop transmitting data. When the attack occurs, the wireless network appears to be busy with other tasks and is unresponsive. Such an attack would require a "semi-skilled" attacker, the students said.
"In order to exploit the vulnerability, potential attackers only need a common wireless adaptor which retails for about $35 and instead of using it to enable their computer to access a network, they can change its coding to interfere with transmission," Associate Professor Mark Looi, whose students discovered the flaw, said. "With this adaptor you can basically totally disrupt any wireless network that uses this technology within a kilometer of its operation in anywhere between 5 and 8 seconds."
Wi-Fi Alliance representatives said that they're looking into the matter but seem to be surprised that an attacker can make a simple Wi-Fi-enabled device act this way. However, someone at a computer industry trade show reportedly wandered around and used such a device to silently turn off the wireless networks he passed. And various companies, including AirMagnet, make devices that can sense such devices with a metal-detector-like clicking sound that gets louder as you get closer to the offending device.
That last detail, incidentally, explains why this type of attack probably won't ever cause major disruptions. Because a Wi-Fi attack requires a device with a radio transmitter, such attacks can be easily located and stopped. And an attacker who's facing a potential jail sentence probably isn't going to stick around a wireless hotspot long enough to be more than a nuisance.

==== Announcement ====

(from Windows & .NET Magazine and its partners)

NEW Web Seminar: Preemptive Email Security Works for Chick-fil-A--It Can Work for You

Become the company hero! Save your company time and money by preventing unwanted and lost email. In this free web seminar, hear from an email expert--and learn from a real-world Chick-fil-A case study--how you can reduce spam and viruses and improve email security and employee productivity. Register now!

==== Events Central ====

(A complete Web and live events directory brought to you by Windows & .NET Magazine: )

The Exchange Server Seminar Series--Coming to Your City Soon!

Simplify your life and others with Windows Server 2003 and Exchange Server 2003. Learn the advantages of migrating to an integrated communications environment, consolidating and simplifying implementation of technology, and accelerating worker productivity. Register now for this free event!

==== Sponsored Links ====


Comparison Paper: The Argent Guardian Easily Beats Out MOM;6480843;8214395;q?

Microsoft(R) TechNet

Microsoft(R) TechNet Webcasts: essential guidance, industry experts;7759917;8214395;c?


==== CONTACT US ====

About the newsletter -- [email protected]
About technical questions --
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring UPDATE -- [email protected]

This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

Manage Your Account

You are subscribed as #EmailAddr#.
You received this email message because you requested to receive additional information about products and services from the Windows & .NET Magazine Network. To unsubscribe, send an email message to mailto:[email protected] Thank you!

View the Windows & .NET Magazine Privacy policy at

Windows & .NET Magazine a division of Penton Media Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All Rights Reserved.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.