View From The Bunker
A blog about security and availability by Guy Bunker at Symantec

• Home
• About
• RSS

• Recent Posts

  • Who Did That?
  • Bah Humbug…
  • 2009: Chaos In The Clouds?
  • Apple? You Are Not Immune…
  • Tis The Season To Be… Careful

• Tags

  business continuity Cloud CNI cyber-criminal data-gain data-loss Education email encryption financial loss fix fraud Get Safe Online Identity impersonation information cost ISTR IT department Las Vegas Malicious insider new process passwords PCI DSS People Phishing policy Reputation RUSI SaaS SLA security SMB social networking Software as a Service Spam Speaking strangers usability USB virtual machine Vision vulnerability website whaling wireless Work practice

• Blogroll

  • Ask Marian Consumer Security Blog
  • Bruce Schneier’s Blog
  • Con Mallon’s Symantec Consumer Blog
  • Get Safe Online (The Blog)
  • Gizmodo Gadget Blog
  • Jonathan Schwartz’s Blog
  • Phil Windley’s Technometria
  • Toby Stevens’ Data Trust Blog

• Multimedia

  • Symantec Guide to Scary Internet Stuff - Botnets
  • Symantec Guide to Scary Internet Stuff - Phishing
  • Symantec Guide to Scary Internet Stuff - Underground Economy
• 

Wireless Back In The News…

So, WEP (Wired Equivalent Privacy), the initial security for wireless devices, was broken shortly after it arrived and everyone was told to switch to WPA (WiFi Protected Access) for protection. Unfortunately, WPA has just been cracked. Not only has it been cracked, it also turns out that some of the code has already been put into one of the wireless hacking tools as well.

There is a new standard WPA2 which is emerging, but as many companies have yet to adopt WPA (over WEP), the move to WPA2 seems barely a glimmer on the horizon. Wireless networks are a weakness in any IT environment (including those at home), this research serves as another reminder that we need to remain vigilant, keep an eye on what is possible… and start planning on how to mitigate against it.

The Internet Never Forgets

So some of the cyber-criminals who were responsible for the massive TJX data breach are being prosecuted - well, 11 of them, is that all, probably not but its a good start.

This case was not one where a laptop was stolen, or some CDs were left on a train or anything so mundane. This was all about people driving around in cars looking for un-secured wireless networks and then hacking in to steal data. Not just once, but over a long period of time - and then the data was sold on in the underground economy.

The scary thing is that despite the original news of the breach and the method it was achieved, there are still open wireless networks out there. A quick scan at one point on the Thames reveals ~20 wireless networks and nearly 20% are open. Of course there might not be anything of interest there - but they are still open and that’s a starting point. In other news it was revelaed that a gang in Russia has control of 100,000 PCs, stealing usernames, passwords and other personal information. These PCs are not just individuals, but corporate machines as well.

If you do nothing else today, have a check for wireless networks in your workplace (and at home) and make sure they are secure - if you don’t know how to secure them, then look it up on the web - there are lots of pages offering help… use them. Ignorance isn’t bliss.

• Subscribe

  

  Enter your email address:

  Delivered by FeedBurner

• 
  UK Pre-Orders
  US Pre-Orders

• Podcasts

  
  Detach Player
  

   

• Symantec Security Response Weblog

• Links, downloads and other resources

  Symantec UK
  Symantec Podcast Directory
  Symantec Security Response