Security Mode
|
Description
|
Versions supported
|
1
|
No
Security. Device operates in promiscuous mode allowing any other Bluetooth
device to connect it
|
v2.0
and earlier devices support it.
v2.1 and later devices support for backward compatibility. |
2
|
Service
level enforced security. Security measures are established after the channel
is established. Supports Authentication, Authorization and Encryption.
|
v2.0
and earlier devices support it.
v2.1 and later supports for backward compatibility . |
3
|
Link
level enforced security. Security measures are established before the
channel is established. Supports authentication and encryption.
|
v2.0
and earlier devices support it.
but v2.1 and later devices support for backward compatibility. |
4
|
It
is a service level enforced security mode in which security procedures are
initiated after link setup. Uses SSP (Secure Sample Pairing)
|
Mandatory
for communication between v2.1 and later BR/EDR devices.
Backward compatible with any of the other three Security Modes. |
Three Researchers -- MIT's Adam Kiezun , Stanford's Philip Guo , and Syracuse University's Karthick Jayaraman -- has developed a new tool ' Ardilla ' that automatically finds and exploits SQL injection and cross-site scripting vulnerabilities in Web applications. It creates inputs that pinpoint bugs in Web applications and then generates SQL injection and XSS attacks. But for now Ardilla is for PHP -based Web app only. The researchers say Ardilla found 68 never-before found vulnerabilities in five different PHP applications using the tool -- 23 SQL injection and 45 XSS flaws. More information is awaited. For their attack generation techniques refer to their document at: http://www.cs.washington.edu/homes/mernst/pubs/create-attacks-tr054.pdf
Comments