==================== Product: Remote Wireless Panties http://www.kissntellparties.com/wirelessremote.html Versions: All Bug: DoS vulnerability Impact: Attacker's can cause overflow. Date: Septmber 09, 2005 Author: Spinoza DesCartes Infiltrated dot Net Security Team Email: [EMAIL PROTECTED] ====================
///--> Introduction ///--> Remote Wireless Panties are something of a novelty used by women for pleasure. Although this may not be the proper forum for it, it is nevertheless a security problem. At first I was reluctant to post this message for fear of ridicule, but I figured I would let the experts handle this one. Besides it is a wireless issue. ///--> The bug ///--> These wireless panties run off of a wireless frequency ranges of 2.400GHz to 2.500GHz which is typical of say a cordless phone wireless router, etal. When someone uses this product there seems to be some form of interference coming from multiple wireless products which causes the product to behave erratic and jack up its speed. ///--> The Fix ///--> Create a Wireless Tunnel between the product and the product's remote this helps ensure that only the intended product alone understands the transmitted signals. Tunnled signals are encrypted and unless using encryption - transmitted data may reach unintended recipients. Encrypting also ensures that it remains uncorrupted throughout the connection and allows the user to flexibility move about freely sending and receiving signals. Temporal Key Integrity Protocol (TKIP) and in 2004, Advanced Encryption Standard points can be used in the future as well depending on the need for high level encrption. ///--> The exploit ///--> No known exploits exist however cordless telephones, ham radios, and all other sorts of wireless products seem to interfere with the product which makes it somewhat of a danger (if viewed this way) to anyone using the product. Attacker can adjust speeds, and flicker with the power. This can lead to sensory overload for the client. ///--> The fix ///--> VPN's or WEPS can be used to secure the connection to the product but one might want to simply avoid using it near other wireless products ///--> Vendor Status ///--> Vendor notified =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x97B43D89 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89 It is much easier to suggest solutions when you know nothing about the problem. -- Niklaus Wirth _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/