Friday, June 19, 2009

WIRELESS BATTERY- LIMITED POWER SUPPLY



WIRELESS BATTERY- LIMITED POWER SUPPLY

pcheader4
True Wireless Power
Powercast’s products deliver true wireless power for continuous charging and power-over-distance for one or multiple devices. Enable your device to become finally untethered.

Low Power Charging System
Powercast components integrate seamlessly with power distribution and storage systems for low power electronic devices by delivering microwatts to milliwatts without wires.


Integrate our Technology
Powercast technology enables unique product enhancement, product differentiation, and market extensions. We are continually building a roster of strategic collaborations that benefit from wireless power and continuous charging. 04559


Experience the Future
Qualified potential partners can self-discover and rapidly prototype using Powercast's wireless power technology by purchasing a Lifetime Power Evaluation and Development Kit.
19_set_mk2_russian

A leader in partnering with the industry to enhance the end-user experience through wireless power
Powercast has developed proprietary methods to deliver unique powering solutions and holds an extensive cross-platform portfolio of related intellectual property. 19_sets_x_2_m3


IMPLEMENTATION FLEXIBILITY

Unique “Any-to-Any” broadcasting

Point-to-Point
Point-to-Multipoint
Multipoint-to-Point
Multipoint-to-Multipoint
INCREASED PRODUCT RELIABILITY

Hermetically Sealed
Continuous Charging
Battery-Free
MULTIPLE POWER OPTIONS

Continuous
Scheduled
On-Demand
Passive
True Wireless Power
Powercast recognizes there are several alternatives available for powering devices without the use of wires, each with different addressable markets. The alternative methods may seem similar on the surface, however, they offer limited solutions. Powercast is the only company with the technology and component-level products to deliver continuous charging, and provide its capability at a scalable distance.

wireless_flash trigger


Principle Limitations of Alternative Technology Performance:

Requires direct contact or close proximity
Difficult to integrate moving parts and bulky size
Inflexible deployment
Must follow specific handling process
Generates excess waste
Other limitations vary by technology type
Powercast Performance Differences:
z15i2s5t
Extends product life cycles
Reduces maintenance requirements
Easily integrated form factors
Any-to-Any configuration
Reduces or eliminates adverse environmental impact
Multiple power options: continuous, scheduled, on-demand, or passive
Low Power Charging System
The development and usage of wireless, portable electronic devices is rapidly expanding. Many of these devices share similar components which have been, or in the future will be, designed and optimized for low power consumption. These components and their suppliers constitute the low power ecosystem, and include components such as:
radio_babylon_web

Energy harvesting devices (e.g. Powerharvester Receiver)
Micro-power management
Low power microcontrollers
Low power radios (e.g. 802.15.4, ZigBee, ULP WiFi, WirelessHART)
Supercapacitors
Solid-state and thin film batteries
Powercast provides a core component in the low power ecosystem. Our energy harvesting and wireless power technologies are embedded in core interoperable components for creating low power charging systems. With safe, controllable, and scalable wireless power technology, Powercast’s products provide numerous benefits for low power charging systems, including:

Increases design-in flexibility and benefits: no contacts, no wires, sealable, and submersible
Promotes a battery-free architecture
Improves device longevity through maintenance-free operation
Powercast is seeking to continuously add additional collaborations with forward-looking members of the low power ecosystem for expanding product offerings and cross-optimizing components for performance improvements.

Integrate our Technology
Collaboration Partners
Powercast is continually building a roster of strategic collaborations that benefit from wireless power and continuous charging. Examples of collaborations include:

Technology:

Texas Instruments: RF modules, software, MSP 430 Third-Party Development Network
CAP-XX: Supercapacitor energy storage
CYMBET: Thin-film batteries
Infinite Power Solutions: Thin-film batteries
NTERA: Low-power, bi-stable displays
Esensors: Wireless sensors
Manufacturing and Design:
hk traker

TACH Technologies
Defense and Energy:

Department of Defense: Project funding
Department of Energy: Energy management
Government and Defense Contractors
Sponsored University Research:

University of Pittsburgh
University of Colorado

Complete the form below to inquire about becoming a collaborative partner with Powercast. A Powercast executive will contact you

Experience the Future
Powercast has development kits available for qualified designers, engineers, product developers and researchers to evaluate and prototype our wireless power technology.

Self-Discover Wireless Power Technology: Learn about Powercast’s patented wireless technology and all it has to offer.
Rapidly Prototype into Any Device: Quickly integrate into any prototype device using a plug-n-play solution for remote powering.
Explore Renewable Energy Possibilities: Expand the possibilities for true wireless power to become a renewable energy source for rechargeable batteries, and other energy storage devices.
Development Kit Options
battery


Lifetime Power Alkaline Starter Kit: A starter kit with Powerharvester components designed for rechargeable Alkaline batteries.
Lifetime Power Lithium Ion Starter Kit: A starter kit with Powerharvester components designed for rechargeable Lithium Ion batteries.
Lifetime Power Evaluation and Development Kit: The full kit that includes components for use with rechargeable Alkaline batteries, rechargeable Lithium Ion batteries, and non-battery energy storage (e.g. capacitors).
Products will be available in all common frequency bands.

w3


Wish you could know your Lipoly battery voltage while you are flying?
Want to be able to accurately know when your pack is about to drop voltage?

The New-&-Improved Hobbyking wireless battery tracker monitors your lipoly via the charge plug and sends back a signal to your reciever. Should one of your cells drop below 3.6v the LED for that cell will turn Red. Once the cell drops below 3v the LED will flash and the warning buzzer will beep, signaling you to land as soon as possible.
The transmitter operates on 870.0Mhz FM band and can monitor 2S to 6S batteries.

Spec.
Transmitter Weight: 7g
Receiver Weight: 35g (this is the part you keep in your pocket)
Signal distance: Around 300-400mtr
Battery: 7.4V/ 2 Cell (Included)


Usage;
Ensure the hand-held receiver is turned on and you have selected the number of cells first. Once this is done, then connect the transmitter inside the plane to the batteries balance plug. If you do not do it in this order, the reading will be incorrect.

Thursday, June 18, 2009

JSP Processing Error

JSP Processing Error

JSP Processing Error

HTTP Error Code:   404

Error Message:
JSPG0036E: Failed to find resource /auctionhome/mstc/admin/admin_login.jsp
Root Cause:
java.io.FileNotFoundException: JSPG0036E: Failed to find resource /auctionhome/mstc/admin/admin_login.jsp
at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionProcessor.findWrapper(AbstractJSPExtensionProcessor.java:370)
at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionProcessor.handleRequest(AbstractJSPExtensionProcessor.java:333)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3622)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:276)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:927)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1566)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:175)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:455)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:384)
at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:83)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1527)

Saturday, June 13, 2009

VARIOUS TYPES OF SCAM - Work at Home Scam, Check Scams, Shipping Scam, Airfare, Phishing Scam



Work at Home Scam, Check Scams, Shipping Scam, Airfare, Phishing Scam



What are Work at Home Scams?



These are positions that require jobseekers to work from home assembling crafts or processing data entry. The employer requires a payment to for an instruction booklet about the position, required software, or materials. Payment is taken with a credit card and the jobseeker is advised that the materials will be mailed to them within several business days. Jobseeker receives the materials/software needed to start employment. They are given instructions to assemble the products or transcribe data, when the task is completed, the employer rejects the work. The fraudulent employer states that the project submitted by the employee, did not pass their quality control test. Often these employers require a repurchase for another kit/software for a “discounted rate” to receive another payment from the jobseeker. However, all of the work submitted to the employer will never “meet quality standard” and the jobseeker is left without income




In some cases, the jobseeker will not receive any materials to start employment. Attempts to contact the employer will be unsuccessful, due to the lack of valid contact information provided for the company. Again, the jobseeker is left without any working materials and a debt on their credit card

What are the signs of a Work at Home Scam?
Company requires payment for materials or software. (Some legitimate companies will require a fee, however you should be very careful and fully investigate the opportunity)
Employer states they are overseas.
Information about company cannot be verified.
Employer offers large salary, for minimal work.
Employment starts without a formal interview.
If it sounds as if it is too good to be true, it probably is.


What are Check/Payment Processing Scams?
Fraudulent companies claim to offer positions such as “Accounts Receivable Clerk” or “Finance Manager”. These fraudulent positions involve laundering money. The fraudulent company states that you are to collect funds from their "clients" and wire money into theri bank. The fraudulent company mails the jobseeker checks (they can be cashiers, money orders or travelers checks) and provides instructions to cash the checks. The employer will request to have the funds deposited into a bank account, which is under the jobseeker’s name. The instructions state to keep a small percentage, usually between 5%-15%, as your commission. The bank wires the funds immediately and a few days later, finds out that the check is fraudulent. By that time, the scammer already has their money and the “employee” is left with a negative bank account. The bank holds the person on the account liable for the funds, and in certain cases will seek legal action. You are also in danger of being arrested at the moment you try to deposit or cash the check.



What are Shipping Scams?
These are opportunities that require the jobseekr to the receive packages such as, Electronics, DVD, CD’s or other materials to reship overseas to another location. The fraudulent company states that they would pay commission per shipment, along with any shipping fees. The jobseeker is to receive the materials at their home, fill out custom forms, and reship the package overseas. The employer sends a check to the jobseeker, and a few days later, the bank notifies them of a fraudulent check.



The goods received from this position are obtained from an unauthorized credit card purchase online. The fraudulent employer purchased these products illegally, and uses the jobseeker to “launder” the goods overseas. Not only is the jobseeker fined for fraudulent checks from their bank, but could face legal action from the credit card company for “laundering products” or criminal prosecution for receipt of stolen goods.





What are signs of a Air Fare Scam?
Phone number routes you directly to a automated message requiring you to leave your information
Company requests that you pay for half or all your air fare and states you will be rembursed at when you land
Payment is requested via wire/money order/pay pal
Company infomation cannot be verified



What is a Phishing Scam?
Phishing scams are cleverly hidden attempts to get your account information. These emails are sent with legitimate looking header information, company logos and formatting and often claim that there is an urgent need for you to login to your account. Any time you receive one of these emails, please be sure to check the destination URL on the link contained within BEFORE attempting to login or submit any information. These emails are cleverly disguised to appear as though they were sent by a legitimate company, however the links contained within lead the recipient to a false website. These false sites are usually identical (or very similar) to the site the recipient thinks they are traveling to. Once the recipient has logged in, the site owner (scammer/phisher) has their login information and can use it to their advantage. Sometimes the sites will contain fields to be completed, often requesting that the victim update their banking information or other sensitive information.





What are signs of a Phishing Scam?
Do not click on links or provide any information via email
Remember that Careerbuilder will NEVER ask you to update your account via email with a link requesting you to login
Hover over the link and it will reveal the true URL
_________________________________POST BY ALOKRAJ.

Wednesday, June 10, 2009

INJECTION IN SQL - PHP BY REVEAL CODES


INJECTION IN SQL - PHP BY REVEAL CODES

xdvs
As the popularity of the web increases and web applications become tools of everyday use, the role of web security has been gaining importance as well. The last years have shown a significant increase in the number of web-based attacks. For example, there has been extensive press coverage of recent security incidences involving the loss of sensitive credit card information belonging to millions of customers. Many web application security concept_attacking_v2

vulnerabilities result from generic input validation problems. Examples of such vulnerabilities are SQL injection and Cross-Site Scripting (XSS). Although the majority of web vulnerabilities are easy to understand and to avoid, many web developers are, unfortunately, not security-aware. As a result, there exist many web sites on the Internet that are vulnerable. This paper demonstrates how easy it is for attackers to automatically discover and exploit application-level vulnerabilities in a large number of web applications. To this end, we developed SecuBat, a generic and modular web vulnerability scanner that, similar to a port scanner, automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities. Using SecuBat, we were able to find many potentially vulnerable web sites. To verify the accuracy of SecuBat, we picked one hundred interesting web sites from the potential victim list for further ibn_rk2iy

analysis and confirmed exploitable flaws in the identified web pages. Among our victims were well-known global companies and a finance ministry. Of course, we notified the administrators of vulnerable sites about potential security problems. More than fifty responded to request additional information or to report that the security hole was closed.
The web has become an important part of our lives. Every day, we interact with a large number of custom-built web applications that have been implemented using a variety of different technologies. The highly heterogeneous nature of the web with its different implementation languages, encoding standards, browsers and scripting environments makes it difficult for web application developers to properly secure their applications and stay up-to-date with emerging threats and newly discovered attacks.websecurity
A decade ago, applications were often deployed in closed client-server or stand-alone scenarios. At that time, testing and securing an application was an easier task than today, where a web application can be accessed by millions of anonymous Internet users. As more and more security-critical applications, such as banking systems, governmental transaction interfaces, and e-commerce platforms, are becoming directly accessible via the web, the role of web application security and defense has been gaining importance.step4_detail
Many web application security vulnerabilities result from generic input validation problems. Examples of such vulnerabilities are SQL injection and Cross-Site Scripting (XSS). Although the majority of web vulnerabilities are easy to understand and to avoid, many web developers are, unfortunately, not security-aware. As a result, there exist a large number of vulnerable applications and web sites on the web.concept_xssattack
There are two main approaches [10] to testing software applications for the presence of bugs and vulnerabilities:
In white-box testing, the source code of the application is analyzed in an attempt to track down defective or vulnerable lines of code. This operation is often integrated into the development process by creating add-on tools for common development environments. In black-box testing, the source code is not examined directly. Instead, special input test cases are generated and sent to the application. Then, the results returned by the application are analyzed for unexpected behavior that indicate errors or vulnerabilities. step3_detail
So far, white-box testing [11,23] has not experienced widespread use for finding security flaws in web applications. An important reason is the limited detection capability of white-box analysis tools, in particular due to heterogeneous programming environments and the complexity of applications that incorporate database, business logic, and user interface components.
In practice, black-box vulnerability scanners are used to discover security problems in web applications. These tools operate by launching attacks against an application and observing its response to these attacks. To this end, web server vulnerability scanners such as Nikto [18] or Nessus [22] dispose of large repositories of known software flaws. While these tools are valuable components when auditing the security of a web site, they largely lack the ability to identify a priori unknown instances of vulnerabilities. As a consequence, there is the need for a scanner that covers a broad range of general classes of vulnerabilities, without specific knowledge of bugs in particular versions of web applications.sql_injection_02
In this paper, we present SecuBat, an open-source web vulnerability scanner that uses a black-box approach to crawl and scan web sites for the presence of exploitable SQL injection and XSS vulnerabilities. Our system does not rely on a database of known bugs. Instead, the distinctive, underlying properties of application-level vulnerabilities are exploited to detect affected programs. To increase the confidence in the correctness of our scan results, our tool also attempts to automatically generate proof-of-concept exploits in certain cases.
SecuBat has a flexible architecture that consists of multi-threaded crawling, attack, and analysis components. With the help of a graphical user interface, the user can configure single or combined crawling and attack runs. In our prototype implementation, we currently provide four different attack components: SQL Injection, Simple Reflected XSS Attack, Encoded Reflected XSS Attack and Form-Redirecting XSS Attack. In addition, we provide an Application Programming Interface (API) that enables developers to implement their own modules for launching other desired attacks.
The main contributions of this paper are as follows:
We demonstrate how easy it is for attackers to automatically discover and exploit application-level vulnerabilities in a large number of web applications. We developed four attack modules that analyze web applications for the presence of common application-level SQL and XSS vulnerabilities. Furthermore, we present a mechanism to automatically derive exploits for discovered vulnerabilities. To the best of our knowledge, SecuBat is the first open-source tool that is able to automatically detect XSS vulnerabilities and generate working proof-of-concept exploits. This paper is structured as follows: Section 2 provides a brief introduction to SQL injection and XSS attacks. Section 3 describes our approach for automated vulnerability detection. Section 4 presents the four implemented attack and analysis components in detail. Section 5 discusses the implementation of the SecuBat scanner framework. Section 6 presents the evaluation results and discusses the vulnerabilities we detected. Section 7 presents an in-depth case study for one of the vulnerable web sites. Section 8 gives an overview of related work. Finally, Section 9 discusses future work, and Section 10 concludes the paper.
2 Typical Web Attacks1 SQL InjectionSQL injection attacks are based on injecting strings into database queries that alter their intended use. This can occur if a web application does not properly filter (sanitize) user input.
There are many varieties of SQL. Most dialects are loosely based on the most recent ANSI standard SQL-92 [17]. The typical unit of execution in the SQL language is the query, a collection of statements that are aimed at retrieving data from or manipulating records in the database. A query typically results in a single result set that contains the query results. Apart from data retrieval and updates, SQL statements can also modify the structure of databases using Data Definition Language statements (``DDL'') [17].
A web application is vulnerable to an SQL injection attack if an attacker is able to insert SQL statements into an existing SQL query of the application. This is usually achieved by injecting malicious input into user fields that are used to compose the query. For example, consider a web application that uses a query such as the one shown in Listing 1 for authenticating its users.

Listing 1: SQL Injection Step 1 SELECT ID, LastLogin FROM Users WHERE User = 'john' AND Password = 'doe'

This query retrieves the ID and LastLogin fields of user ``john'' with password ``doe'' from table Users. Such queries are typically used for checking the user login credentials and, therefore, are prime targets for an attacker. In this example, a login page prompts the user to enter her username and password into a form. When the form is submitted, its fields are used to construct an SQL query (shown in Listing 2) that authenticates the user.

Listing 2: SQL Injection Step 2 sqlQuery = "SELECT ID, LastLogin FROM Users WHERE User = '" + userName + "' AND Password = '" + password + "'"

If the login application does not perform correct input validation of the form fields, the attacker can inject strings into the query that alter its semantics. For example, consider an attacker entering user credentials such as the ones shown in Listing 3.

Listing 3: SQL Injection Step 3 User: ' OR 1=1 --Password:

Using the provided form data, the vulnerable web application constructs a dynamic SQL query for authenticating the user as shown in Listing 4.

Listing 4: SQL Injection Step 4 SELECT ID, LastLogin FROM Users WHERE User = '' OR 1=1 -- AND Password = '

The ``-'' command indicates a comment in Transact-SQL. Hence, everything after the first ``-'' is ignored by the SQL database engine. With the help of the first quote in the input string, the user name string is closed, while the ``OR 1=1'' adds a clause to the query which evaluates to true for every row in the table. When executing this query, the database returns all user rows, which applications often interpret as a valid login.
To avoid SQL injection vulnerabilities, web application developers need to consider malicious input data and sanitize it properly before using it to construct dynamically generated SQL queries. Another way of helping developers is to implement user data encoding within the web server application environment. For example, Microsoft implemented such security checks in their .NET framework [4,6]. Apart from such approaches specific to development environments, another solution is the use of an intermediate component that performs the filtering of dangerous characters [5], as Alfantookh proposes in his paper on SQL injection avoidance [1].
2 Cross-Site ScriptingCross Site Scripting (XSS, sometimes also abbreviated as CSS) refers to a range of attacks in which the attacker injects malicious JavaScript into a web application [2,9]. When a victim views the vulnerable web page with the malicious script, this script origins directly from the web site itself and thus, is trusted. As a result, the script can access and steal cookies, session IDs, and other sensitive information that the web site has access to. Here, the Same Origin Policy of JavaScript [21] (which restricts the access of scripts to only those cookies that belong to the site where the script is loaded from) is circumvented.
XSS attacks are generally simple to execute, but difficult to prevent and can cause significant damage. There exist two different types of XSS attacks: reflected and stored XSS attacks.
The most common one found in web applications today is called reflected XSS attack. Consider a user that accesses the popular www.myonline-banking.com web site to perform sensitive operations, e.g., online banking. Unfortunately, the search form on the web site fails to perform input validation, and whenever a search query is entered that does not return any results, the user is displayed a message that also contains the unfiltered search string. and the browser of the user displays ``No matches for Hello World'' (note that the search string is displayed in italics). This indicates that there is a reflected XSS vulnerability present in the application, which can be exploited in the following way. First, an attacker writes a JavaScript snippet that, when executed in a victim's browser, sends the victim's cookie to the attacker. Now, the attacker tricks the victim into clicking a link that points to the action target of the vulnerable form and contains the malicious script as URL (GET1) parameter (as shown in Listing 5). This can be achieved, for example, by sending it to the user via e-mail.


When the user clicks on this link, the vulnerable application receives a search request similar to the previous one, where the search term was The only difference is that now, the search term is the malicious script written by the attacker. Instead of a harmless phrase in italics, the victim's browser now receives malicious JavaScript code from a trusted web server and executes it. As a result, the user's cookie, which can contain authentication credentials, is sent to the attacker. This example also makes clear why the attack is called reflected; the malicious code arrives at the victim's browser after being reflected back by the server.
Apart from cookie stealing, there is an alternative way to exploit reflected XSS vulnerabilities. Suppose that the vulnerable web page described in the previous example also contains a login form. With JavaScript, the location to which a form sends the collected data can be modified. Hence, the attacker can adjust the malicious JavaScript snippet such that it redirects the login form to her own server. When the user enters her name and password into the compromised login form and submits it, her credentials are transmitted to the attacker. Note that the vulnerable form (i.e., the search form in our example) does not need to be identical to the form that is redirected during the attack (i.e., the login form).
The second type of XSS attack is the so-called stored XSS attack. As its name suggests, the difference compared to the reflected attack is that the malicious script is not immediately reflected back to the victim by the server, but stored inside the vulnerable application for later retrieval. A typical example for applications vulnerable to this kind of XSS attack are message boards that do not perform sufficient input validation. An attacker can post a message containing the malicious script to the message board, which stores and subsequently displays it to other users, causing the intended damage. Currently, SecuBat only focuses on the discovery of reflected XSS vulnerabilities.
3 Automated VulnerabilityDetectionOur SecuBat vulnerability scanner consists of three main components: First, the crawling component gathers a set of target web sites. Then, the attack component launches the configured attacks against these targets. Finally, the analysis component examines the results returned by the web applications to determine whether an attack was successful.
1 Crawling ComponentBecause of the relatively slow response time of remote web servers (typically ranging from 100 to 10000 milliseconds), we use a queued workflow system that is executing several concurrent worker threads to improve crawling efficiency. Depending on the performance of the machine that hosts SecuBat, the bandwidth of the uplink, and the targeted web servers, 10 to 30 concurrent worker threads are typically deployed during a vulnerability detection run.
To start a crawling session, the crawling component of SecuBat needs to be seeded with a root web address. Using this address as a starting point, the crawler steps down the link tree, collecting all pages and included web forms during the process. Just as a typical web crawler, SecuBat has configurable options for the maximum link depth, maximum number of pages per domain to crawl, maximum crawling time, and the option of dropping external links. Conceptual ideas for the implementation of the crawling component were taken from existing systems, especially from Ken Moody's and Marco Palomino's SharpSpider [16], and David Cruwys' spider [8].
2 Attack ComponentAfter the crawling phase has completed, SecuBat starts processing the list of target pages. In particular, the attack component scans each page for the presence of web forms. The reason is that the fields of web forms constitute our entry points to web applications.
For each web form, we extract the action (or target) address and the method (i.e., GET or POST) used to submit the form content. Also, the form fields and its corresponding CGI parameters are collected. Then, depending on the actual attack that is launched, appropriate values for the form fields are chosen. Finally, the form content is uploaded to the server specified by the action address (using either a GET or POST request). As defined in the HTTP protocol [3], the attacked server responds to such a web request by sending back a response page via HTTP.
3 Analysis ModulesAfter an attack has been launched, the analysis module has to parse and interpret the server response. An analysis module uses attack-specific response criteria and keywords to calculate a confidence value to decide if the attack was successful. Obviously, when a large number of web sites are scanned, false positives are possible. Thus, care needs to be taken in determining the confidence value so that false positives are reduced.
4 Attack and Analysis ConceptsFor our prototype implementation of SecuBat, we provide plug-ins for common SQL injection and XSS attacks. As far as XSS attacks are concerned, we present three different variants with increasing levels of complexity.
1 SQL InjectionTo test web applications for the presence of SQL injection vulnerabilities, a single quote (') character is used as input value for each form field. If the attacked web application is vulnerable, some of the uploaded form parameters will be used to construct an SQL query, without prior sanitization. In this case, the injected quote character will likely transform the query such that it no longer adheres to valid SQL syntax. This causes an SQL server exception. If the web application does not handle exceptions or server errors, the result is a SQL error description being included in the response page.
concept_sqlinjection_smaller

Based on the previously described assumptions, the SQL injection analysis module searches response pages for occurrences of an a priori configured list of weighted key phrases that indicate an SQL error (see Figure 1). We derived this list by analyzing response pages of web sites that are vulnerable to SQL injection. Depending on the database server (e.g., MS SQL Server, Oracle, MySQL, PostgreSQL, etc.) and the application framework (e.g., ASP.NET, PHP, ASP, etc.) that is being used, a wide range of error responses are generated. Table 1 shows the key phrase table that we used in our SQL injection analysis module.

Table 1: Used SQL Injection Keyword Table Keyword Confidence Factor sqlexception 110 runtimeexception 100 error occurred 100 runtimeexception 100 NullPointerException 90 org.apache 90 stacktrace 90 potentially dangerous 80 internal server error 80 executing statement 80 runtime error 80 exception 80 java.lang 80 error 500 75 status 500 75 error occurred 75 error report 70 incorrect syntax 70 sql server 70 server error 70 oledb 60 odbc 60 mysql 60 syntax error 50 tomcat 45 sql 40 apache 35 invalid 20 incorrect 20 missing 10 wrong 10

Each phrase in the list was associated with its own confidence factor, which numerically describes the gain in confidence that the attacked web form is vulnerable. The confidence factor indicates how significant the occurrence of the corresponding key phrase in the response is. Note that the absolute values of the confidence factors are not important, only their relative ratio matters. These ratios were chosen based on our analysis of the response pages returned by vulnerable sites.
If the same key phrase occurs several times in one response page, the confidence gain should decrease for each additional occurrence. This effect is modeled with the following equation, where cp denotes the confidence factor of a specific key phrase p. In the equation, n is the number of occurrences of this key phrase p, and cp,sum is the aggregated confidence gain resulting from all its occurrences:


Hence, the first occurrence of a key phrase results in a confidence gain as high as the confidence factor, the second one of 1/4, the third one of 1/9, and so on.
Apart from using confidence factors, we also consider response codes in determining if an SQL injection attack is successful. The response code is a good indicator for SQL injection vulnerabilities. For example, many sites return a 500 Internal Server Error response when a single quote is entered. This response is generated when the application server crashes. Nevertheless, key phrase analysis is important, as vulnerable forms may also return a 200 OK response.
2 Simple Reflected XSS AttackThe Simple Reflected XSS attack is implemented in a similar way to the Simple SQL Injection attack. As shown in Figure 2, the attack component first constructs a web request and sends it to the target application, using a simple script as input to each form field. The server processes the request and returns a response page. This response page is parsed and analyzed for occurrences of the injected script code. For detecting a vulnerability, this simple variant of a XSS attack uses plain JavaScript code as shown in Listing 6. If the target web form performs some kind of input sanitization and filters quotes or brackets, this attack will fail, a shortcoming that is addressed by the Encoded Reflected XSS Attack (in Section 4.3).

Listing 6: Simple XSS Attack Injection String ////

Figure 2: XSS Attack Workflow
The simple XSS analysis module takes into account that some of the required characters for scripting (such as quotes or brackets) could be filtered or escaped by the target web application. It also verifies that the script is included at a location where it will indeed be executed by the client browser. The following two sample response pages shown in the Listings 7 and 8 demonstrate the importance of the location of an injected script within the web page.



The first response page shows an example of a search result page that includes the search query in the response. This behavior is intended to help the user to remember what she searched for, but in fact, leads to a reflected XSS vulnerability. In this case, the application is vulnerable since the script is embedded into the HTML page such that it will be executed by the user's browser (assuming that the browser's JavaScript functionality is enabled).

Listing 8: Simple Reflected XSS Attack Response Page B
The second response page is an example of an application that uses the provided form parameter only for constructing a link to another web page. Here, the simple script is included within the attribute href of an anchor HTML tag. Thus, the script will not be executed as it is not correctly embedded within the page's HTML tree. Therefore, the application is not reported as being vulnerable by the Simple Reflected XSS Attack module.
3 Encoded Reflected XSS AttackMost web applications employ some sort of input sanitization. This might be due to filtering routines applied by the developers, or due to automatic filtering performed by PHP environments with appropriate configuration settings. In either case, the Encoded Reflected XSS Attack plug-in attempts to bypass simple input filtering by using HTML encodings (see the XSS cheat sheet [19]). For instance, Table 2 shows different ways of encoding the the ``<'' character. One disadvantage of using encoded characters is that not all browsers interpret them in the same way (many encodings only work in Internet Explorer and Opera).

Table 2: HTML Character Encodings Table Encoding Type Encoded Variant of '<' URL Encoding %3C HTML Entity 1 < HTML Entity 2 < HTML Entity 3 < HTML Entity 4 < Decimal Encoding 1 < Decimal Encoding 2 < Decimal Encoding 3 < Decimal Encoding X ... Hex Encoding 1 < Hex Encoding 2 < Hex Encoding 3 &#X3c Hex Encoding X ... Unicode 16#16u003c

The injection string used for the encoded XSS attack is constructed using standard decimal encoding and can be seen in Listing 9. Apart from encoded characters, it also uses a mix of uppercase and lowercase letters to further camouflage the keyword script.

Listing 9: Encoded XSS Attack Injection String ////


4 Form-Redirecting XSS AttackBoth the Simple Reflected XSS Attack and the Encoded Reflected XSS Attack presented so far only check if some sort of input sanitization is performed by a web application. Thus, they check for the possibility of launching a reflected XSS attack on the web site in general. However, because XSS is a client-side vulnerability, some consider XSS to be a minor problem if there exists no sensitive user information that can be stolen (such as session IDs, cookies, or user credentials). In the XSS form-redirecting attack, we address this problem by specifically targeting web sites that expect some sort of sensitive information from their users. Once a vulnerability is detected, an exploit URL is automatically generated that can be used to verify that the web application is indeed vulnerable to a reflected XSS attack.
Our assumption is that if there exists an HTML input field of type password in a web form, there is a good chance that the web application expects sensitive input that is of value to the attacker. Hence, if an XSS vulnerability is also present, a malicious script can be injected into the application to steal this information.
For the attack, we inject JavaScript code that performs a form-redirecting attempt. That is, a malicious script is injected that alters the form target such that submitted data is sent to a server under the attacker's control. After the attack, the analysis module parses the response page to determine if the injection has succeeded by inspecting the contents of the response page. Listing 10 shows the injection string that is used during the attack.


The injected script makes use of a number of techniques to bypass input validation routines: First, similar to the attack string presented in the previous section, certain characters are encoded. More precisely, the quotes required for redirecting the form using JavaScript are HTML encoded ("). Also, the injection string uses lower-case and upper-case letters to avoid detection of keywords such as javascript. Besides these camouflage tricks, the script is not directly embedded between tags. Instead, it is inserted as the source attribute of an image. When the browser attempts to load the image, it has to evaluate the included SRC attribute, and therefore, executes the JavaScript part. This technique evades input filters that explicitly parse the input string for the occurrence of script tags. Finally, the quotes around the SRC attribute are omitted. Almost all browsers tolerate such errors, while it could confuse input filters.
A web page may contain multiple, independent web forms that possess different form targets. Depending on its location in the page, each form can be uniquely identified and referenced by its form index (e.g., if the page only contains a single form, its form index will be 0). In order for the form-redirecting attack to succeed, it is sufficient for any of the web forms on a page to be vulnerable. Using a vulnerability in one form, the target of that web form that contains the sensitive information (even if it is a different one) can be redirected.
As an example, suppose that a web page contains two separate forms: one search form and one login form, where a user needs to enter her username and password. Both forms appear on the same page of the web site. Let us further assume that the developers of the login form were aware of common security issues. As a result, ``dangerous'' characters such as the less-than or greater-than characters (i.e., <, >), single quotes (i.e., '), and double quotes (i.e., ``), are filtered. Thus, the login form is not immediately vulnerable to simple XSS attacks.
Now, imagine that the site maintainers are using a popular, off-the-shelf search engine that indeed has an XSS vulnerability. Every search query that is entered into the search form is reflected back to the user in the browser (e.g., ``You searched for XSS''), and no input validation is performed (as discussed in Section 2.2).
In our example, the vulnerable form is located before the login form. Therefore, its form index is 0 while the form index of the login form is 1. When SecuBat is used to scan for vulnerabilities on this web site, it will discover that the search form (form 0) is vulnerable to reflected XSS. Based on this vulnerability, an exploit URL is created that injects JavaScript into a parameter of the search form to redirect the target of the login form to an arbitrary web site. When the victim eventually submits her login credentials, they are transmitted to a site that is under the control of the attacker


Assuming that the vulnerable web page is accessible under http://www.vulnerable-page.com/search.pl, Listing 11 shows a simplified version of the generated exploit URL (the actual URL is encoded and more difficult to read). When this exploit URL is requested, malicious JavaScript is injected into the CGI parameter query of the search form. When this script is later executed, it rewrites the target (i.e., action) parameter of the login form (with the index 1). When the user enters the login credentials and then submits the information, the sensitive data will be sent to the domain http://www.evil.org/evil.cgi and can be recorded by the attacker. Of course, this exploit URL could be distributed via phishing e-mails to thousands of potential victims with the request to update their information.
5 ImplementationSecuBat was implemented as a Windows Forms .NET application in C# using Microsoft' advantages:
Efficient logging of crawling data. Easy report-generation of crawling and attack runs. Custom querying of analysis results. No loss of historical data (i.e., each crawling and attack run is kept in the database, and each activity can be reconstructed easily). In order to keep the design open and flexible, we used a generic and modular architecture. The tool consists of a crawling and an attack part, which can be invoked separately. Through this architectural decision, it is possible to do a single crawling run (i.e., without attacking), to do a single attack run on a previously saved crawling run, or to schedule a complete combined crawling and attack run.
As far as performance is concerned, SecuBat is able to launch 15 to 20 parallel attack and response sessions on a typical desktop computer without reaching full load.
During the crawling process, the tool uses a dedicated crawling queue. This queue is filled with crawling tasks for each web page that is to be analyzed for referring links and potential target forms. A queue controller periodically checks the queue for new tasks and passes them on to a thread controller. This thread controller then selects a free worker thread, which then executes the analysis task. Each completed task notifies the workflow controller about the discovered links and forms in the page. The workflow controller then generates new crawling tasks as needed.
As discussed previously, arbitrary attack and analysis algorithms can be implemented and inserted into the architecture as plug-ins. As depicted in Figure 3, attacking tasks are created for each target web form and each selected attack plug-in. These tasks are then inserted into a separate attacking queue. Similarly to the crawling component, a queue controller processes the tasks in the queue and passes them on to available worker threads via the common thread controller.
Figure 3: SecuBat Attacking Architecture
At execution time, the attacking task creates new instances of the attack and analysis components of the selected plug-in using .NET reflection [7]. It then calls their run methods. After the attack and analysis components complete their work, the task stores the detection results into the database for subsequent reporting and data mining.img1029a

6 EvaluationTo evaluate the effectiveness of our web application vulnerability scanner, we performed a combined crawling and attack run using all of the four previously described attack plug-ins (see Section 4). We started the crawling process by using a Google response page as the seed page (i.e., we searched for the word ``login'' and fed the response page to our crawler) and collected 25,064 web pages, which included 21,627 distinct web forms. Then, we initiated automatic attacks on the web applications. Table 3 shows the results of our experiment. Each analysis module identified between 4% and 7% of the 21,627 different web forms to be potentially vulnerable to the corresponding attack.
Acunetix checks for all web vulnerabilities including SQL injection, Cross site scripting and others. SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitorĂ¢€™s browser.
Detection of these vulnerabilities requires a sophisticated detection engine. Paramount to web vulnerability scanning is not the number of attacks that a scanner can detect, but the complexity and thoroughness with the scanner launches SQL injection, Cross Site scripting and other attacks. Acunetix has a state of the art vulnerability detection engine which quickly finds vulnerabilities with a low number of false positives. It also locates CRLF injection, Code execution, Directory Traversal, File inclusion,
wvs sql_injection

The SQL injection vulnerability rate includes all results containing a confidence value greater than zero. Obviously, false positives are possible in the simple SQL injection attack that we launched. This is because there can be web pages in the result list that contain some of the key phrases without actually being vulnerable. If this fact is taken into account and a higher threshold of 150 is used, a (more realistic) vulnerability rate of 1.45% is seen. In contrast to the SQL injection findings, the XSS attack results are more precise. If we are able to inject scripting code into a form and this script is reflected unmodified by the application, we can assume with a high degree of confidence that the attack was successful. A detection rate of 5.52% for the form-redirecting XSS attack, for example, shows that SecuBat only needed several hours to find 1,193 distinct web forms with password fields that can be exploited with a reflected XSS attack. To verify the accuracy of SecuBat in detecting XSS vulnerabilities, we picked one hundred interesting web sites from the potential victim list for further analysis and manually confirmed exploitable flaws in the identified web pages. Among our victims were well-known global companies, computer security organizations, and governmental and educational institutions. One of our XSS victims was a global online auctioning company that has received wide media coverage because it is a popular target of phishing attacks. This company has set up an ``anti-phishing'' web page to educate its users about phishing attacks. Ironically, there was an exploitable XSS vulnerability on this page that could be used to launch authentic phishing attacks against the company. That is, the phishing web page could be reflected off the company's own server, making it very difficult for users or anti-phishing solutions to identify the page as being malicious. In fact, we wrote an exploit URL to embed a fake login form into the company's web page.
Another interesting XSS victim was a portal of a finance ministry. Its web server was configured to only use SSL (i.e., HTTPS) when replying to web requests. We considered this as an indication that the maintainers of the site were security-conscious, dealing with sensitive information such as user names, social security numbers and passwords. Unfortunately, a form on one of their pages was not performing any input filtering, and it was easy for us to exploit the reflected XSS vulnerability by injecting code to hijack the login form."SQL injection, a technique that utilizes and exploits security vulnerability taking place in the database layer of an application, usually occurs when you trust user input. Vulnerabilities may result from a computer virus, weak passwords, software bugs or other script code injection that violates the integrity of the system. The vulnerability exists when user input is filtered improperly for string literal escape characters embedded in SQL statements or if user input is not strongly typed resulting to be unexpectedly executed. It is an instance of a more general class of vulnerabilities that can happen every time a scripting or programming language is embedded inside another"

After the manual validation process of the discovered vulnerabilities, we attempted to contact the maintainers of the affected web sites to inform them of our findings. To this end, we extracted the corresponding contact information for the victim domains from the WHOIS database and sent automated e-mails using a script. In these e-mails, we provided general information about the type of vulnerability on the web site (e.g., XSS) and kindly asked the site maintainers to contact us for more details. In some cases, unfortunately, we were not able to extract the contact details from the WHOIS database. In these cases, we made an attempt to contact the default office e-mail address (e.g., office@somesite.com).
After one week, we had received 52 inquiries for more details. We replied to these inquiries and provided in-depth information on the vulnerabilities we discovered. Interestingly, although some companies that we informed were thankful and swift in fixing the vulnerabilities, we observed that some did not (i.e., could not or were not willing to) take immediate action. For example, while we are preparing the final version of this paper, the vulnerabilities of the finance ministry and the global auctioning company are still not fixed. The demonstration exploits that we prepared for these organizations are still functional. Of course, we cannot provide any specific details on these vulnerabilities or the organizations.
Note that we did not do any manual verification of the SQL vulnerabilities that we identified. The reason is that exploiting an SQL vulnerability typically requires to inject SQL statements into operational databases. In such attacks, there always exists the possibility of damaging data records or breaking the database integrity. This appeared too risky from an ethical and legal point of view. A real attacker, in contrast, surely would not have such reservations.
Our findings suggest how easy and effective it is for an attacker to automatically find potentially vulnerable web sites in a matter of hours. A longer and more focused attack run using high-performance servers, a high-bandwidth uplink, and several weeks of scanning would probably create a list containing several hundred thousand potentially vulnerable web sites. The recent waves of phishing attacks clearly show that there are many attackers on the Internet looking for easy targets.
7 A Case StudyWhen we examined the results of our evaluation run, we discovered that a well-known and popular Austrian price comparison web portal, www.geizhals.at, was among our victims. According to the results of SecuBat, Geizhals was vulnerable to reflected XSS attacks. The detailed set of analysis results of the test run is given in Table 4.
sql_hacker_image_3

Geizhals General Analysis Results Result Field Value Attack Plug-in Form-Redirecting XSS Attack Page URL http://www.geizhals.at Form Index in Page 0 Form Action http://www.geizhals.at Form Method GET Parameter Name fs Parameter Value Response Code 200 Response Duration 4,031 ms Analysis Result 100
Using the information provided by SecuBat, it is easy to reconstruct what steps were performed in this automated attack:
By means of the form-redirecting XSS attack plug-in, a successful attack against the first web form (with index 0) on the page http://www.geizhals.at was executed. In this attack, the form parameter fs was used to inject the XSS exploit (see Section 4.4). The server responded with a 200 OK code after 4,031 ms and returned a response page. The analysis module identified the injected code embedded in the response page at a location that allows the execution of the injected script. Thus, the attack was rated as successful. The complete analysis result text including SecuBat identifiers of web forms containing sensitive data (password fields) is shown in Listing 12.system20architecture

Using the automatically generated URL that is shown in Listing 13, the attack can be re-executed manually by pasting this URL into the location field of a web browser. When the browser requests the URL, malicious JavaScript is injected into a vulnerable form field, and reflected back from the server. The browser then displays the login page, which appears innocuous to an unsuspecting user (see Figure 4). However, the malicious JavaScript has been executed unnoticed, and changed the target of the login web form (with index 2) to the non-existing action address evil.org.
Note that in an actual attack, the attacker could have easily copy-pasted this URL into a phishing e-mail [14] with the text ``Please click on the link and update your information'' and sent it to thousands of users. When users click on the link and enter their credentials on the legitimate web site, the browser posts the entered sensitive information to the redirected attacker address.
In this proof-of-concept real-world case study, we used the non-existent target address evil.org. Thus, when the user finally submits her login credentials, the server returns a 404 Not Found page (see Figure 5, and in particular, observe the location field of the browser). This clearly demonstrates that geizhals.at indeed is (i.e., was) vulnerable to the attack and that the automatically generated exploit URL is functional. After we contacted Geizhals with the details of the vulnerability, their security team promptly fixed the issue in November 2005.
Figure 5: Successful form-redirection attack to a non-existing URL
8 Related WorkThere exist a large number of vulnerability detection and security assessment tools. Most of these tools (e.g., Nikto [18] or Nessus [22]) rely on a repository of known vulnerabilities that are tested. This is in contrast to SecuBat, which is focused on the identification of a broad range of general application-level vulnerabilities. In addition to application-level vulnerability scanners, there are also tools that audit hosts on the network level. For example, tools such as NMap [13] or Xprobe [24] can determine the availability of hosts and accessible services. However, they are not concerned with higher-level vulnerability analysis.
There are commercial web application vulnerability scanner available on the market that claim to provide functionality similar to SecuBat (e.g., Acunetix Web Vulnerability Scanner [15]). Unfortunately, due to the closed-source nature of these systems, many of the claims cannot be verified, and an in-depth comparison with SecuBat is difficult. For example, it appears that the cross-site scripting analysis performed by Acunetix is much simpler than the complete attack scenario presented in this paper. Also, no working proof-of-concept exploits are generated.
In [20], Scott and Sharp discuss web vulnerabilities such as XSS. They propose to deploy application-level firewalls that use manual policies to secure web applications. Their approach would certainly protect applications against a vulnerability scanner such as SecuBat. However, the problem of their approach is that it is a tedious and error-prone task to create suitable policies.
Huang et al. [12] present a vulnerability detection tool that automatically executes SQL injection attacks. As far as SQL injection is concerned, our work is similar to theirs. However, their scanner is not as comprehensive as our tool because it lacks any detection mechanisms for XSS vulnerabilities where script code is injected into applications. The focus of their work, rather, is the detection of application-level vulnerabilities that may allow the attacker to invoke operating-level system calls (e.g., such as opening a file) for malicious purposes.
9 Future WorkFor the future, we are planning to implement more attack plug-ins (e.g., to check for directory traversal vulnerabilities). Also, there is certainly some room for improvement in the performance and throughput of the tool.
We are also currently setting up a web site where the proof-of-concept implementation of SecuBat can be downloaded from. Although we are aware that SecuBat can be used for malicious purposes (just as other open source security tools such as NMap [13] or Nikto [18]), we believe that it can provide valuable help for web application developers to audit the security of their application.
10 ConclusionMany web application security vulnerabilities result from generic input validation problems. Examples of such vulnerabilities are SQL Injection and Cross-Site Scripting (XSS). Although the majority of web vulnerabilities are easy to understand and avoid, many web developers are, unfortunately, not security-aware and there is general consensus that there exist a large number of vulnerable applications and web sites on the web.
The main contribution of this paper is to show how easy it is for attackers to automatically discover and exploit application-level vulnerabilities in a large number of web applications. To this end, we presented SecuBat, a generic and modular web vulnerability scanner that analyzes web sites for exploitable SQL and XSS vulnerabilities. We used SecuBat to identify a large number of potentially vulnerable web sites. Moreover, we selected one hundred of these web sites for further analysis and manually confirmed exploitable flaws in the identified web pages. Among our victims were well-known global companies, computer security organizations, and governmental and educational institutions.sql_injection_02
We believe that it is only a matter of time before attackers start using automated vulnerability scanning tools such as SecuBat to discover web vulnerabilities that they can exploit. Such vulnerabilities, for example, could be used to launch phishing attacks that are difficult to identify even by technically more sophisticated users. With this paper, we hope to raise awareness and provide a tool available to web site administrators and web developers to proactively audit the security of their applications.

Tuesday, June 2, 2009

IEEE Workshops on Wireless LAN

"The first of the IEEE Workshops on Wireless LAN was held in 1991. At that time early wireless LAN products had just appeared in the market and the IEEE 802.11 committee had just started its activities to develop a standard for wireless LANs. The focus of that first workshop was evaluation of the alternative technologies. By 1996, the technology was relatively mature,
telecommunications32181191


a variety of applications had been identified and addressed and technologies that enable these applications were well understood. Chip sets aimed at wireless LAN implementations and applications, a key enabling technology for rapid market growth, were emerging in the market. Wireless LANs were being used in hospitals, stock exchanges, and other in building and campus settings for nomadic access, point-to-point LAN bridges, ad-hoc networking, and even larger applications through internetworking. The IEEE 802.11
93_wlan_fig1_lg

standard and variants and alternatives, such as the wireless LAN interoperability forum and the European HiperLAN specification had made rapid progress, and the unlicensed PCS Unlicensed Personal Communications Services and the proposed SUPERNet, later on renamed as U-NII, bands also presented new opportunities."[3]
32954b

Originally WLAN hardware was so expensive that it was only used as an alternative to cabled LAN in places where cabling was difficult or impossible. Early development included industry-specific solutions and proprietary protocols, but at the end of the 1990s these were replaced by standards, primarily the various versions of IEEE 802.11 (Wi-Fi). An alternative ATM-like 5 GHz standardized technology, HiperLAN/2, has so far not succeeded in the market, and with the release of the faster 54 Mbit/s 802.11a (5 GHz) and 802.11g (2.4 GHz) standards, almost certainly never will.
cisco enterprise wlan diagram

In November 2007, the Australian Commonwealth Scientific and Industrial Research Organisation (CSIRO) won a legal battle in the US federal court of Texas against Buffalo Technology which found the US manufacturer had failed to pay royalties on a US WLAN patent CSIRO had filed in 1996. CSIRO then engaged in legal action against fourteen other computer companies including Microsoft, Intel, Dell, Hewlett-Packard and Netgear who argued that the patent is invalid and should negate any royalties paid to CSIRO for WLAN-based products.[4] In 2009, these cases were settled out of court which may see billions in royalties flow to CSIRO. In a statement to the media, CSIRO Chief Excectutive Megan Clark said that "CSIRO will continue to defend intellectual property developed from research undertaken on behalf of the Australian taxpayer." [5]

avm_fritzbox_fon_wlan_7270_02_engl

Benefits
The popularity of wireless LANs is a testament primarily to their convenience, cost efficiency, and ease of integration with other networks and network components. The majority of computers sold to consumers today come pre-equipped with all necessary wireless LAN technology. Benefits of wireless LANs include:

Convenience
The wireless nature of such networks allows users to access network resources from nearly any convenient location within their primary networking environment (home or office). With the increasing saturation of laptop-style computers, this is particularly relevant.
Mobility
With the emergence of public wireless networks, users can access the internet even outside their normal work environment. Most chain coffee shops, for example, offer their customers a wireless connection to the internet at little or no cost.
Productivity
Users connected to a wireless network can maintain a nearly constant affiliation with their desired network as they move from place to place. For a business, this implies that an employee can potentially be more productive as his or her work can be accomplished from any convenient location. For example, a hospital or warehouse may implement Voice over WLAN applications that enable mobility and cost savings.[6]
Deployment
Initial setup of an infrastructure-based wireless network requires little more than a single access point. Wired networks, on the other hand, have the additional cost and complexity of actual physical cables being run to numerous locations (which can even be impossible for hard-to-reach locations within a building).
Expandability
Wireless networks can serve a suddenly-increased number of clients with the existing equipment. In a wired network, additional clients would require additional wiring.
Cost
Wireless networking hardware is at worst a modest increase from wired counterparts. This potentially increased cost is almost always more than outweighed by the savings in cost and labor associated to running physical cables.

Disadvantages
Wireless LAN technology, while replete with the conveniences and advantages described above, has its share of downfalls. For a given networking situation, wireless LANs may not be desirable for a number of reasons. Most of these have to do with the inherent limitations of the technology.
img1010a
Security
Wireless LAN transceivers are designed to serve computers throughout a structure with uninterrupted service using radio frequencies. Because of space and cost, the antennas typically present on wireless networking cards in the end computers are generally relatively poor. In order to properly receive signals using such limited antennas throughout even a modest area, the wireless LAN transceiver utilizes a fairly considerable amount of power. What this means is that not only can the wireless packets be intercepted by a nearby adversary's poorly-equipped computer, but more importantly, a user willing to spend a small amount of money on a good quality antenna can pick up packets at a remarkable distance; perhaps hundreds of times the radius as the typical user. In fact, there are even computer users dedicated to locating and sometimes even cracking into wireless networks, known as wardrivers. On a wired network, any adversary would first have to overcome the physical limitation of tapping into the actual wires, but this is not an issue with wireless packets. To combat this consideration, wireless networks users usually choose to utilize various encryption technologies available such as Wi-Fi Protected Access (WPA). Some of the older encryption methods, such as WEP are known to have weaknesses that a dedicated adversary can compromise. (See main article: Wireless security.)
Range
The typical range of a common 802.11g network with standard equipment is on the order of tens of metres. While sufficient for a typical home, it will be insufficient in a larger structure. To obtain additional range, repeaters or additional access points will have to be purchased. Costs for these items can add up quickly. Other technologies are in the development phase, however, which feature increased range, hoping to render this disadvantage irrelevant. (See WiMAX)
Reliability
Like any radio frequency transmission, wireless networking signals are subject to a wide variety of interference, as well as complex propagation effects (such as multipath, or especially in this case Rician fading) that are beyond the control of the network administrator. Among the most insidious problems that can affect the stability and reliability of a wireless LAN are microwave ovens[7] and analog wireless transmitters such as baby monitors[8]. In the case of typical networks, modulation is achieved by complicated forms of phase-shift keying (PSK) or quadrature amplitude modulation (QAM), making interference and propagation effects all the more disturbing. As a result, important network resources such as servers are rarely connected wirelessly.
Speed
The speed on most wireless networks (typically 1-108 Mbit/s) is reasonably slow compared to the slowest common wired networks (100 Mbit/s up to several Gbit/s). There are also performance issues caused by TCP and its built-in congestion avoidance. For most users, however, this observation is irrelevant since the speed bottleneck is not in the wireless routing but rather in the outside network connectivity itself. For example, the maximum ADSL throughput (usually 8 Mbit/s or less) offered by telecommunications companies to general-purpose customers is already far slower than the slowest wireless network to which it is typically connected. That is to say, in most environments, a wireless network running at its slowest speed is still faster than the internet connection serving it in the first place. However, in specialized environments, higher throughput through a wired network might be necessary. Newer standards such as 802.11n are addressing this limitation and will support peak throughput in the range of 100-200 Mbit/s.

vpn wlan 1



Architecture

Stations
All components that can connect into a wireless medium in a network are referred to as stations.

All stations are equipped with wireless network interface cards (WNICs).
200135480 001

Wireless stations fall into one of two categories: access points, and clients.

Access points (APs), normally routers, are base stations for the wireless network. They transmit and receive radio frequencies for wireless enabled devices to communicate with.

Wireless clients can be mobile devices such as laptops, personal digital assistants, IP phones, or fixed devices such as desktops and workstations that are equipped with a wireless network interface.
di 624_view


Basic service set
The basic service set (BSS) is a set of all stations that can communicate with each other.

There are two types of BSS: Independent BSS (also referred to as IBSS), and infrastructure BSS.

Every BSS has an identification (ID) called the BSSID, which is the MAC address of the access point servicing the BSS.

An independent BSS (IBSS) is an ad-hoc network that contains no access points, which means they can not connect to any other basic service set.

An infrastructure can communicate with other stations not in the same basic service set by communicating through access points.


Extended service set
An extended service set (ESS) is a set of connected BSSes. Access points in an ESS are connected by a distribution system. Each ESS has an ID called the SSID which is a 32-byte (maximum) character string.

Distribution system
A distribution system (DS) connects access points in an extended service set. The concept of a DS can be used to increase network coverage through roaming between cells.

nic vc


Types of wireless LANs
Peer-to-peer

Peer-to-Peer or ad-hoc wireless LANAn ad-hoc network is a network where stations communicate only peer to peer (P2P). There is no base and no one gives permission to talk. This is accomplished using the Independent Basic Service Set (IBSS).

A peer-to-peer (P2P) network allows wireless devices to directly communicate with each other. Wireless devices within range of each other can discover and communicate directly without involving central access points. This method is typically used by two computers so that they can connect to each other to form a network.

If a signal strength meter is used in this situation, it may not read the strength accurately and can be misleading, because it registers the strength of the strongest signal, which may be the closest computer.

802.11 specs define the physical layer (PHY) and MAC (Media Access Control) layers. However, unlike most other IEEE specs, 802.11 includes three alternative PHY standards: diffuse infrared operating at 1 Mbit/s in; frequency-hopping spread spectrum operating at 1 Mbit/s or 2 Mbit/s; and direct-sequence spread spectrum operating at 1 Mbit/s or 2 Mbit/s. A single 802.11 MAC standard is based on CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance). The 802.11 specification includes provisions designed to minimize collisions. Because two mobile units may both be in range of a common access point, but not in range of each other. The 802.11 has two basic modes of operation: Ad hoc mode enables peer-to-peer transmission between mobile units. Infrastructure mode in which mobile units communicate through an access point that serves as a bridge to a wired network infrastructure is the more common wireless LAN application the one being covered. Since wireless communication uses a more open medium for communication in comparison to wired LANs, the 802.11 designers also included shared-key encryption mechanisms: Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA, WPA2), to secure wireless computer networks.


Bridge
A bridge can be used to connect networks, typically of different types. A wireless Ethernet bridge allows the connection of devices on a wired Ethernet network to a wireless network. The bridge acts as the connection point to the Wireless LAN.


Wireless distribution system
A Wireless Distribution System is a system that enables the wireless interconnection of access points in an IEEE 802.11 network. It allows a wireless network to be expanded using multiple access points without the need for a wired backbone to link them, as is traditionally required. The notable advantage of WDS over other solutions is that it preserves the MAC addresses of client packets across links between access points. [9]

An access point can be either a main, relay or remote base station. A main base station is typically connected to the wired Ethernet. A relay base station relays data between remote base stations, wireless clients or other relay stations to either a main or another relay base station. A remote base station accepts connections from wireless clients and passes them to relay or main stations. Connections between "clients" are made using MAC addresses rather than by specifying IP assignments.

All base stations in a Wireless Distribution System must be configured to use the same radio channel, and share WEP keys or WPA keys if they are used. They can be configured to different service set identifiers. WDS also requires that every base station be configured to forward to others in the system.

WDS may also be referred to as repeater mode because it appears to bridge and accept wireless clients at the same time (unlike traditional bridging). It should be noted, however, that throughput in this method is halved for all clients connected wirelessly.

When it is difficult to connect all of the access points in a network by wires, it is also possible to put up access points as repeaters.


Roaming

Roaming between Wireless Local Area NetworksThere are 2 definitions for wireless LAN roaming:

Internal Roaming (1): The Mobile Station (MS) moves from one access point (AP) to another AP within a home network because the signal strength is too weak. An authentication server (RADIUS) assumes the re-authentication of MS via 802.1x (e.g. with PEAP). The billing of QoS is in the home network. A Mobile Station roaming from one access point to another often interrupts the flow of data between the Mobile Station and an application connected to the network. The Mobile Station, for instance, periodically monitors the presence of alternative access points (ones that will provide a better connection). At some point, based upon proprietary mechanisms, the Mobile Station decides to re-associate with an access point having a stronger wireless signal. The Mobile Station, however, may lose a connection with an access point before associating with another access point. In order to provide reliable connections with applications, the Mobile Station must generally include software that provides session persistence.[10]
External Roaming (2): The MS(client) moves into a WLAN of another Wireless Internet Service Provider (WISP) and takes their services (Hotspot). The user can independently of his home network use another foreign network, if this is open for visitors. There must be special authentication and billing systems for mobile services in a foreign network.[11]
rm240_2wlan_test

Exposed terminal problem
Fixed Wireless Data
Hidden terminal problem
Wireless Access Point
Wi-Fi Array
Local area network
Shared mesh
Switched mesh
Wireless LAN client comparison
Wireless network
Hotspot (Wi-Fi)
USB
Wireless electronic devices and health.
Drivers: HostAP