Get a Holistic View of Your Complete IT Infrastructure - Free Trial

New WordPress Update Patches Serious XSS...
An update to the WordPress platform, version 2.8.2, was issued earlier today that addresses a security issue known as XSS or cross-site scripting. It's an unexpected...

Avoiding Network Security Mistakes
Networks are complicated beasts, and any numbers of things can go wrong. It's best not to let other people "help" accidents occur, though, and so network...

Changing The Network Name On Your iMac
I just bought a used iMac and am frustrated to find that it identifies itself as "Susie's Q" on the network. Since I'm not Susie - and never have been! - I really want...

Access Your Online Network By Tethering Your iPhone
I've just come across a link that describes how to enable tethering on the iPhone 3G using the 3.0 software update that was released yesterday. Most of the guides I...

Social Networking Challenge To Network Security
The increase in social networking and mobility trends is presenting challenges to companies' network security, disaster planning and business continuity, according...


DefCon Presenter Uses Networks To Unlock Doors

By Doug Caverly

Network users and managers have, unfortunately, been given yet another reason to be nervous.  On the final day of last week's DefCon Hacking Conference, one man demonstrated a novel and rather intimidating way of gaining access to a place.

Kim Zetter reported that Ricky Lawshae "found that he could crack one electronic access system at the network control level and simply open a door with a spoofed command sent over the network, eliminating the need for an access card.  He could do it while bypassing the audit log, so the system wouldn't see that someone opened the door."

Which means that a hacker could, instead of stealing just some data, take anything and everything he wanted from an actual, physical facility.

Get a Holistic View of Your Complete IT Infrastructure - Free Trial

Anyway, the specific setup Lawshae tested was "CBORD's Squadron access control system used with HID Global's V1000 door controller," and a non-random number sequence provided his way in.

CBORD is supposed to be working on an update, so hopefully the main problem will be addressed soon enough.  But people with ties to similar networks (which are generally used at places like colleges and hospitals) may want to make sure that they're not susceptible to the same vulnerability.

One last important note: Lawshae works as a network technician for Texas State University, so there's litle need to worry about him using this approach in an illegal manner, at least.

About the Author:
Doug is a staff writer for WebProNews.

Visit WebProNews for the latest eBusiness news.
About NetworkNewz
NetworkNewz editors, writers and contributors focus on both the big picture and the details of networking. At NetworkNewz our goal is to deliver to you The Key To Network Management.

NetworkNewz is brought to you by:
-- NetworkNewzis an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2009 iEntry, Inc. All Rights Reserved Privacy Policy Legal

archives | advertising info | news headlines | newsletters | comments/feedback | submit article

The Keys To Network Management Ask Questions in the Networking Forum NetworkNewz About Us iEntry NetworkNewz Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact