Security

WEP More Broken, Too

WEP in 24,000 packets: I forgot to mention in all the hubbub about the WPA flaw discovered by two German researchers last week that they also combined a variety of WEP-cracking techniques to reduce th ....... read more
Tue,
11 Nov 2008

WPA Not Cracked, But Still Vulnerable

WPA isn't as broken as reported: If you read the coverage early this week on two German researchers' paper on a vulnerability in Temporal Key Integrity Protocol (TKIP), the weaker of two encryption an ....... read more
Sun,
09 Nov 2008

Don't Panic over WPA Flaw, But Do Pay Attention

The flaw in WPA is minor but important, and won't affect home users or most networks (yet): I spoke yesterday to Eric Tews, one of the co-authors of a paper covering a WPA flaw that he'll present next ....... read more
Fri,
07 Nov 2008

Commercial WPA/WPA2 Cracking Software Accelerated by GPUs

ElcomSoft accelerates cracking WPA/WPA2 keys: The Russian firm offers what it delicately terms password recovery software. They've now paired their WPA/WPA2 key crackin with the power of graphic proce ....... read more
Thu,
09 Oct 2008

New Credit Card Processing Rules Kill off WEP (in 2009)

The credit-card industry has finally revised rules to make WEP persona non grata: The PCI Security Standards Council was founded by Amex, Discover, JCB, Visa, and MasterCard, and each organization agr ....... read more
Thu,
02 Oct 2008

Airport Operations Relying on WEP, AirTight Finds

The latest news from Wi-Fi Security vendor AirTight is that airports leak data: The folks at AirTight regularly suit up, carry Wi-Fi monitoring gear around, and report on how bad people are at securin ....... read more
Thu,
06 Mar 2008

Mobile Post: Explaining Out-of-Band Validation

In this audio mobile post, I explain the WPA Enterprise Security weakness: In brief, validation for all Security methods is critical where spoofing is possible (that is--everywhere).
Copyright ....... read more
Wed,
27 Feb 2008

WPA Enterprise Validation Weakness in Windows Highlighted

McAfee researchers show that a common setting for the WPA Enterprise supplicant in Windows leads to credential ownership: I was aware of this problem when WPA Enterprise first started to become avail ....... read more
Fri,
22 Feb 2008

Why WEP Cracks Still Matter

The BCC reports that British Telecom uses WEP on its home networks: I'm not sure whether BT enables WEP by default on their home Wi-Fi routers, or if you can't upgrade to use WPA or WPA2 at all. Howe ....... read more
Fri,
19 Oct 2007

New WEP Attack: Caffe Latte Hits Client, Not Access Point

InfoWorld has a write-up on an upcoming Toorcon presentation by Vivek Ramachandran and Md Sohail Ahmad: The AirTight Networks researchers have developed an attack they call Caffe Latte; it uses a lap ....... read more
Wed,
17 Oct 2007

Maynor Releases Apple Exploit Report from Aug. 2006

It's the news we've all been waiting for! Well, not actually: David Maynor has released an extensive report on how he discovered, tracked down, and exploited a weakness in Mac OS X 10.4.7 Wi-Fi drive ....... read more
Tue,
18 Sep 2007

Protecting WEP, Detecting Attacks

Yes, WEP is dead, but it's still in wide use in the retail world and in devices that can't be upgraded: What to do? The best offense is a good defense. Plus some more offense. While AirDefense announ ....... read more
Mon,
17 Sep 2007

Security Round-Up: Hotspot Sidejacking, Maynor Wins Pwnie Award

Errata Security's Robert Graham showed how easy it is to grab tokens from Web traffic sent in the clear over Wi-Fi to hijack a session in progress: Almost every site that offers account logins uses a ....... read more
Fri,
03 Aug 2007

iPhone's Wi-Fi InSecurity, Enumerated (with Some Bright Points)

Over at Macworld.com, you can read my rundown of what Apple's done right and wrong with securing data in transit from the iPhone over Wi-Fi: The iPhone is, so far, widely regarded as a tremendously s ....... read more
Wed,
18 Jul 2007

High-Tech Tinfoil for Keeping Signals In (or Out)

For those who want no electromagnetic radiation in their homes, perhaps this new window film would help: CPFilms Llumar Signal Defense--the latest in EMF-blocking paints and covers--is designed to pa ....... read more
Tue,
29 May 2007

Inexpensive Per-User Wi-Fi Security

DAZ Software releases Wi-Fi Login Pro, an inexpensive WPA/WPA2 Enterprise server: The enterprise flavor of WPA/WPA2 requires each user who wants to gain access to the network to have a user name and ....... read more
Fri,
11 May 2007