Newsletter Archives
-
Why Wi-Fi 6, aka 802.11ax, for wireless?
HARDWARE
By Ben Myers
Now that there is broad availability of routers compatible with the new Wi-Fi 6 standard, it’s easy to ask, “What’s in it for me?”
There is a myriad of devices that are compatible with the 802.11ac specification, from laptops to cell phones to tablets to Internet of Things (IoT) devices. But the 802.11ac spec is not without limitations.
Read the full story in the AskWoody Plus Newsletter 18.23.0 (2021-06-21).
-
Wi-Fi vulnerabilities affect all
ON SECURITY
By Susan Bradley
FragAttacks is a newly discovered set of vulnerabilities that, when exploited, allows an adversary to steal data by intercepting a network.
For once, a threat may be less dangerous than advertised.
Read the full story in the AskWoody Plus Newsletter 18.19.0 (2021-05-24).
-
Is Wi-Fi security irretrievably broken?
There’s a lot of buzz this weekend about a flaw that’s purported to break security on most Wi-Fi connections, allowing an eavesdropper to snoop or use the connection without permission.
Said to involve CVE-2017-13077, 13078, 13079, 13080, 13081, 13082, 13084, 13086, 13087, 13088, when they’re posted.
See this thread from @campuscodi and be watching Bleepingcomputer tomorrow for details.
-
ELSA: How the CIA tracked the location of an infected PC using WiFi signals
The latest WikiLeaks release talks about ELSA, reportedly a CIA project that allowed the government (and now, apparently, everybody) to snoop on the location of an infected PC.
ELSA is a geo-location malware for WiFi-enabled devices like laptops running the Micorosoft Windows operating system. Once persistently installed on a target machine using separate CIA exploits, the malware scans visible WiFi access points and records the ESS identifier, MAC address and signal strength at regular intervals. To perform the data collection the target machine does not have to be online or connected to an access point; it only needs to be running with an enabled WiFi device. If it is connected to the internet, the malware automatically tries to use public geo-location databases from Google or Microsoft to resolve the position of the device and stores the longitude and latitude data along with the timestamp.
Clever.