The first news item added to Help Net Security in this year was "Wi-Fi: The National Security Threat". The topic of this news item, was literally copied all over and over throughout the year, so the majority of news stories dissed wireless security. This media "attack" on wire-free network security, eventually lead to a raise in wireless security awareness and better state of security in general.
In March, consultancy firm KPMG once again stressed out the importance of wireless threats, so they set up a couple of wireless honeypots over London and stood by to see what was happening. The results showed some activity, mostly bandwidth stealing and a conclusion was made: "The project dispels the myth that all unauthorized wireless activity is harmless". At this year's RSA Conference Europe, held in Amsterdam, I've spoken with one of the guys who ran this project and was unpleasantly surprised that all those figures derived from the study, were based on extremely small amount of "unauthorized wireless activity". From what he said, a new wireless honeypot project is in preparation and it will include far more honeypots, running on several operating systems, which will finally bring much better (from the quality perspective) results than the initial project.
During the NetWorld+Interop conference in April, the Wi-Fi Alliance launched Wi-Fi Protected Access (WPA), protocol that was needed to carry on upon flawed WEP. "Rather than wait for 802.11i to come out as a full standard, which may not happen until next year, they decided to take parts of the draft standard that are already very solid and take that to market now as Wi-Fi Protected Access," said David Cohen, Wi-Fi Alliance security committee chair. WPA soon faced some critics (1, 2).
When taking a look at May, I remember another quote from Wi-Fi Alliance, this time from Kirk Allchorne, marketing co-chairman at that organization, which showed the need for making new security standards: "It has become apparent to us that enterprise markets were avoiding Wi-Fi because of security worries". In the other news, AirDefense's May newsletter featured an interesting list of top 10 Wireless LAN Policy Violations.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.