Browse archive

Latest news

Experts highlight top data breach vulnerabilities

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Free tool repairs critical Windows configuration vulnerabilities

Guantanamo cuts off Wi-Fi access due to OpGTMO

IT pros focus on cloud security, not hype

Blue Coat to acquire Solera Networks

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

Find TrueCrypt and BitLocker encrypted containers and images

The CSO perspective on healthcare security and compliance

Hacking charge stations for electric cars

Looking Back At Wireless Security In 2003

by Berislav Kucan - Friday, 26 December 2003.

Wireless security is one of the hottest topics in our business. In the article you are just reading, I've tried to cover some of the most interesting wireless security topics and events in 2003. The article is divided into several thematical sections: general overview of the wireless security happenings, look back on some software tools, spotlight of two interesting books, a brief positive rant on corporate security world and a Q&A with three wireless security experts working at Funk Software, AirScanner Corporation and IBM.

General overview

The first news item added to Help Net Security in this year was "Wi-Fi: The National Security Threat". The topic of this news item, was literally copied all over and over throughout the year, so the majority of news stories dissed wireless security. This media "attack" on wire-free network security, eventually lead to a raise in wireless security awareness and better state of security in general.

In March, consultancy firm KPMG once again stressed out the importance of wireless threats, so they set up a couple of wireless honeypots over London and stood by to see what was happening. The results showed some activity, mostly bandwidth stealing and a conclusion was made: "The project dispels the myth that all unauthorized wireless activity is harmless". At this year's RSA Conference Europe, held in Amsterdam, I've spoken with one of the guys who ran this project and was unpleasantly surprised that all those figures derived from the study, were based on extremely small amount of "unauthorized wireless activity". From what he said, a new wireless honeypot project is in preparation and it will include far more honeypots, running on several operating systems, which will finally bring much better (from the quality perspective) results than the initial project.

During the NetWorld+Interop conference in April, the Wi-Fi Alliance launched Wi-Fi Protected Access (WPA), protocol that was needed to carry on upon flawed WEP. "Rather than wait for 802.11i to come out as a full standard, which may not happen until next year, they decided to take parts of the draft standard that are already very solid and take that to market now as Wi-Fi Protected Access," said David Cohen, Wi-Fi Alliance security committee chair. WPA soon faced some critics (1, 2).