Interview with Jon Edney, author of "Real 802.11 Security"
by Mirko Zorz - Thursday, 18 December 2003.
Well, far be it from me to suggest that the media exaggerate things! These attacks are real and go on everyday. But I have to say I've never seen anyone walking round my district with a laptop and a piece of chalk. For me, the novelty of war driving could wear off pretty quick. These days there are so many Wi-Fi networks out there, and so many of them are unprotected, you probably don't need to drive anywhere. Chances are your neighbors are already open for business! This is the problem we need to address.

What are your predictions for the future when it comes to wireless security? There has been a lot of talk about the insecurities of the Wi-Fi Protected Access (WPA) security standard.

I have a lot of confidence in WPA. There has been press recently about a potential dictionary attack under some conditions. In essence this says that if you choose a bad password (or key) to protect your system you may be vulnerable to dictionary attack. So what's new? The same applied to security systems the world over. If you choose a password like "Redskins" then a dictionary attack is bound to find your password. You can foil dictionary attacks by limiting the number of tries an attacker can make but at the end of the day the solution is pick good passwords! I'm not aware that there is any unexpected security weakness in WPA and is has been reviewed by the world's best. I think the issue has been sensationalized.

The future? Well I think we need to work towards a generic security model across all network systems. The problem up to now is the security has been developed in islands. This is partly due to the separation of the IETF and IEEE organizations. There is a big feeling with everyone that all the standards need to hang together as a whole to ensure effective and security deployment.

What are your future plans? Any exciting new projects?

Keep an eye on the work of task group 'e' - quality of service. It's a long time coming but could do some interesting things. My company consults on a range of IEEE802.11 related areas - check out


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th