In June, we've seen a big plus going to wireless networks, when Intel Corp.'s Chief Financial Officer Andy Bryant said his company had found that the security offered by a "controlled wireless network" was superior to computer security regimes that traditionally have blocked wireless access as a threat. The end of the June was marked by a third World Wide WarDrive. This is an effort by security professionals and hobbyists to generate awareness of the need by individual users and companies to secure their access points. The results showed that things are going better, as the number of WEP enabled networks went up and both numbers of default SSID and default SSID + No WEP networks went down.
I need to mention AirDefense one more time, but in July they did another interesting thing. During the 802.11 Planet Expo in Boston, they monitored WLAN activity and published their findings. The results showed a lot of malicious activity. Citing the "explosion" of wireless hotspots in public spaces, homes and businesses, IBM Corp. in October unveiled a new managed intrusion detection service targeted at wireless networks. According to Shane Robison, HP executive VP, HP has security projects in development such as moving its SSL-based VPN technology to 802.11 wireless networks.
November brought us "Weakness in Passphrase Choice in WPA Interface" by Robert Moskowitz, a senior technical director at ICSA Labs, part of TruSecure Corp. In his paper, Mr. Moskowitz describes a number of problems with the new WPA standard, including the ability of attackers to sniff critical information from wireless traffic and to discover the value of a wireless network's security key.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.