Vulnerabilities

Is WEP over?

Sun, 08 Apr 2007 20:01:38 -0400

WEP (Wired Equivalent Privacy) has been the workhorse of 802.11 a/b/g security for years. A new paper from researchers at Darmstadt University of Technology may put an end to all that. It suggests that a new method for breaking a WEP key has emerged that can compromise the network in less than a minute. It also promises tools that will allow "walk through" cracking in less the ten minutes, rendering WEP security unreliable for most purposes. Of course, this isn't the first time WEP's demise has been predicted: other techniques and analysis have shown significant vulnerabilities several times in the last two years. IT managers will want to carefully analyze the issues, especially as they consider wireless convergence in telephony systems.

For more on WEP vulnerabilities:
- Read the whole article at eWeek

QUICKLINKS: The vulnerabilities of the 802.11 standards; Carriers must unlock wireless phones for next three years; Much more..

Sun, 10 Dec 2006 19:01:35 -0500

> The vulnerabilities of the 802.11 standards. Article

> Carriers must unlock wireless phones for the next three years. Article

> Singapore WiFi net goes live one month ahead of schedule. Article

> Despite expected user demand, mobile services are at a crawl. Article

> Developing countries are the primary source for next billion mobile customers. Article

> Manchester is planning the biggest European citywide WiFi yet. Article

Survey: Laptops are the biggest security issue

Sun, 26 Nov 2006 19:01:36 -0500

A new study depicts an insecure future for mobile and wireless computing, given the lengthy times it takes to plug security holes. According to Trusted Strategies, almost two thirds of enterprise security staff say laptops are the biggest network threat, and nearly half of companies polled say it takes them more than a work week to fix laptop vulnerabilities. The big reason for such dire circumstances is the lack of automated security management tools, according to the survey. Report

QUICKLINKS: Mobile handset makers hungry for WiFi capabilities; Cisco identifies vulnerabilities in its Wireless Control System

Sun, 02 Jul 2006 20:00:50 -0400

Mobile handset makers hungry for WiFi capabilities. Article

Cisco identifies vulnerabilities in its Wireless Control System. Article

New guidelines for mobile gadget Web site design. Article

Touchscreens coming next to mobile phones. Article

An award-winning WiFi effort in the U.K. Article

Nokia partners up for short-range wireless technology service platform. Article

Wireless tech primer offers definitions to pros and cons

Sun, 11 Jun 2006 20:01:36 -0400

Keeping up with technology acronyms is a challenge for everyone and keeping users up to date on advancements in wireless connectivity can go a long way toward boosting security and user knowledge. That's why this article at Optimize is such a great resource for today's IT organizations. It lists out the latest definitions for terms about emerging and current wireless technologies. It also notes the vulnerabilities and current security concerns that each wireless tech advancement boasts, as well as the clear advantages for each. Article

How to fight back against wireless network attacks

Mon, 29 May 2006 20:01:38 -0400

As with any new technology, wireless networks and devices are coming under attack thanks to vulnerabilities that keep emerging. The key to protecting your end user's mobile device, and the information it houses, is understanding what today's standards can do when it comes to security and what they can't. There are WEP security loopholes and weaknesses in specific vendor configurations, such as Microsoft's wireless client software. As vendors tackle closing these potential hacking doors, enterprises need to stay awake and aware of how best to secure wireless tools and networks. The big key, according to one expert, is making sure that configurations are locked down tight and to keep user education about security measures going strong. Article

Editor's Corner

Mon, 20 Feb 2006 19:01:40 -0500

There's an interesting article in today's New York Times on how mobile devices have overtaken the corporate enterprise and what some tech leaders have decided to do to get good security in place. The propagation of handhelds and other mobile tools reminds me of the last wave of technology ushered in primarily by users--the introduction of instant messaging (IM). And just like with IM, it's taken increasing coverage and hype of real security issues to prompt many enterprises into taking control of the situation.

The big difference is that securing IM cost hardly anything; it was more about standardization on a platform and pushing out lots of user education on why you can't send files via IM unless it's secured and how dangerous it can be to click through or hit links you aren't absolutely sure are legit. With mobile devices, the security issues are quadrupled thanks to unsecured WiFi access points being used, reams of confidential data being housed and accessed through the devices, and the increasing vulnerabilities of malware coming through the IM channel.

As one IT leader explains, the first step is rolling out company mobile technology and getting rid of the devices users have bought and brought in. Then it's time to make sure everything is battened down while explaining in good training what users can and cannot do. As corporate IT folks note, if done right, the rewards can be tremendous for both the worker and the company. - Judy

How to secure VoIP in just 5 steps

Mon, 20 Feb 2006 19:01:38 -0500

When it comes to Voice over Internet Protocol (VoIP), there's still quite a bit of debate over the security issue. But it's tough to deny that the technology isn't worth the vulnerabilities. The trick is deploying it and securing it to the best of your ability. There are five specific things you can do to make that happen. The first step is making sure you stay ahead of the upgrade curve and seriously consider running the VoIP network over a separate local area network to limit damage if an attack is aimed at the voice network. The second is to understand that there are many potential entryways for risks and security issues, from the network to applications such as browsers and media players. Each aspect has to be critically reviewed and secured. Find out what the other three top best practices are when aiming to secure that VoIP deployment. Article

How to get a strong grip on new technology security

Sun, 12 Feb 2006 19:01:38 -0500

Mobility is so ubiquitous today that even consumers know what PDA stands for, and the basic wireless device, the cell phone, is morphing into a multi-tasking gadget in unprecedented fashion. While it's great that users are getting savvier about new tools and services, they're still committing the huge sin of deploying handhelds and device access without the permission, or even simple notification, of the IT department. That's exactly why you need to get a grip on everything in hand that's being used for business today--from camera phones to those cute portable data storage devices and, of course, wireless computing and emerging peer-to-peer technologies.

As one CIO explains, it's not a matter of getting around to it, it's a matter of doing it as soon as possible thanks to all the vulnerabilities created by the new wireless device army. Find out how to secure and manage each of the four technologies mentioned above, the unique aspects within security tied to each one, and why you also need to stay ahead of your users in learning what's coming next in wireless mobility functions and tools. Article

Vendor builds wireless security database

Sun, 11 Dec 2005 19:01:36 -0500

A wireless security vendor has established a new database effort that aims to help every enterprise keep up the fight against wireless security threats. Network Chemistry's Wireless Vulnerabilities and Exploits data bank is being co-sponsored by CWNP, a wireless LAN training and certification company, and the Center for Advanced Defense Studies, a non-profit, non-governmental institute. The hope is that the database will become an industry resource offering valuable information about security threats connected to a wide range of wireless technologies, including 802.11 WiFi, radio frequency identification (RFID) and Bluetooth. According to the founders, it's the first time anyone in the networking industry has initiated such a wireless security resource effort.

For more on the database effort:
- read this article at CIO Today