The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347.
This document presents information that is independent of particular hardware platforms, operating systems, and applications. The emphasis is on RFID systems that are based on industry and international standards, although the existence of proprietary approaches is noted when they offer relevant security features not found in current standards.
The next time you splurge on a double latte and sip it while browsing the internet via the cafe's Wi-Fi, beware of the "evil twin."
That is the term for a Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up by a hacker to eavesdrop on wireless communications among internet surfers
A researcher from France Telecom has discovered the first remotely exploitable 802.11 WiFi bug on a Linux machine. The kernel stack-overflow bug, which is in the open-source MadWiFi Linux kernel device driver, lets an attacker run their malicious code remotely on an infected machine -- and the infected machine doesn't even have to be on a WiFi network to get "owned."
Researchers have discovered a new way of attacking Wired Equivalent Privacy that requires an amount of data "more than an order of magnitude" less than the best known key-recovery attacks. In effect, the cracking can be done within a minute, as the title of the paper suggests: Breaking 104 bit WEP in less than 60 seconds.
The Wi-Fi security protocol WEP should not be relied on to protect sensitive material, according to three German security researchers who have discovered a faster way to crack it. They plan to demonstrate their findings at a security conference in Hamburg this weekend.
Source: TheRegister.co.uk - Posted by Benjamin D. Thomas
Code breakers have discovered a technique for extracting a 104-bit Wired Equivalent Privacy (WEP) key in under a minute.
Cryptographic weaknesses with the first generation wireless encryption standard have been known for years, but the latest attack requires the capture of just a tenth of the number of packets required by previous approaches. The technique allows for 50 per cent probability of the recovery of a 104-bit WEP key in around a minute (on a 802.11g network running at full speed), and with the capture of 40,000 packets. Doubling the capture period extends the probability of capturing the key to 95 per cent.
A further boom is expected in WiFi adoption as broadband providers lower connectivity costs, but security will remain an issue. While technology and practical advice can assist in minimising risk, it is better not to rely on any single system.
If you've been reading my entries over the past 3+ years here at ITT, you're obviously aware that I've done my fair share of risk assessments and information security audits of just about every type of organization imaginable - whether they have two employees or two hundred thousand.
I am asked over and over again for tips on conducting these assessment by aspiring auditors, officers, investigators and just plain regular IT folk that care.
