The FBI in the US presented how to own your wireless LAN (By way of Tom's hardware and Dan). This is welcome. We need full open disclosure and full open research into cracking if we are to get an edge over the bad guys. Does this mean the laws about cracking someone's encryption scheme are now null and void? Apparently so:
"About half a dozen different software tools were then used by the FBI team, and they are listed-along with their download links-at the end of the article. Thankfully, the Auditor's Security Collection, which we reviewed last year, is a live CD that has all of these tools already installed. Even the FBI likes this distribution."
To get the real facts about the attack, and see the fun pictures of (were those guys really running a WLan at the conference??), read the full article.
"If a hacker is lucky enough to find an extremely busy wireless network, passive sniffing should provide enough good packets to allow the WEP key to be recovered. In most cases, however, an active attack or series of attacks are needed to jump start the process and produce more packets. Note that active attacks generate wireless traffic that can itself be detected and possibly alert the target of the attack."
It takes about 5-10 minutes to get the key. I especially liked tip #5 for protecting your LAN - put a $5 lamp timer on the power and switch it off when not using it. Very practical, very easy to explain to those non-technical people in the world who also have security problems.
Elsewhere in threats news there are signs that phishing is stabilising at its current level. And rumours abound that Netscape is about to release a "blacklist feature" for anti-phishing in its browser update. Details are sparse.
"Security is a big issue in Netscape 8, and the way they have chosen to implement this is with the new Site Controls feature, which consists of a continuously updated list of trusted websites. This gives you a visual rating for each site you visit, for a quick idea of a sites trustworthiness."
Which makes you wonder what other browsers think about security...Posted by iang at May 22, 2005 07:45 AM | TrackBack