Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities: They're in the Air

4:00 PM -- I guess the holidays are officially over for the hackers, too.

After a relative lull in vulnerability reports, researchers this week were working overtime to alert users to a wide range of potential threats and system flaws, headed up by some distressing holes in wireless and voice technology.

Steve Stasiukonis, Dark Reading's resident penetration tester, got it started when he reported that those increasingly popular wireless headsets used in many offices are highly susceptible to simple scans and eavesdropping. In a scary twist, Steve used the eavesdropped data to impersonate one of his client's employees and virtually rob the company blind. (See Hacking Wireless Headsets.)

While Stasiukonis was exposing flaws in wireless headsets, Fortinet was reporting a new worm that spreads through Nokia wireless headsets running the SymbianOS operating system. Attacks on smartphones and other wireless devices seem to be increasingly popular in the first few weeks of 2008, as more and more users embrace iPhones and other mobile devices.

Voice over IP also was in the news this week, as researchers released a new proof of concept, dubbed "call-jacking," that could assist attackers with advanced phishing exploits and theft of VOIP calls. (See New VOIP 'Call-Jacking' Hack Unleashed.)

But voice and wireless devices weren't the only ones threatened during the week. Routers got a good scare, too, as Symantec reported spotting the first instance of "drive-by pharming" in the wild. In this exploit, an attacker’s malicious code could change the DNS server settings on the victim’s home broadband router, effectively gaining control of the victim’s Internet connection. (See 'Drive-By Pharming' Now a Reality, Researchers Say.)

Even sites with the "Hacker Safe" label were under siege, as problems at Geeks.com raised many questions about such certifications, including several raised by Dark Reading's own John Sawyer. (See Are You Hacker-Safe?)

Clearly, both hackers and researchers are back at their computers, and that means a new generation of tasks for security professionals. Here's hoping that things settle down -- or at least slow down -- during the rest of the year.

— Tim Wilson, Site Editor, Dark Reading