Lack of Wireless protection is again in the headlights of security scrutiny.
The line for acceptable wireless security controls is constantly moving. WEP was never considered secure. It arrived broken and just became “brokener”.
WPA is now replaced by WPA2 and that latest version is under attack by dictionary attacks. It is very impressive that a wireless secret key is now worth 34 dollars.
The easiest way to protect yourself from attacks on your wireless device is to work on the elements that go into the encryption process. For the WPA-PSK process that involves the password and the SSID. Having a non-default SSID was always a good idea since it tells the potential attacker nothing about the network that they are sniffing. it is easy to change and can reflect your personality. Since the SSID (and SSID length) are used to slat the algorithm changing these from the default is the first step in securing a wireless connection.
Secondly, you need to choose a passkey of a reasonable length. To avoid repetitive phrases, I tend to use GRC password generator for 63 character keys. This can be a bit of pain for devices where the key has to be entered by hand (sometimes with a wiimote).
These two tasks should leave your wireless access device fairly secure but the other side of the coin (detective controls) should also be in place. More on that later.
Tuesday 8 December 2009
Wednesday 2 December 2009
Mark Zuckerberg has finally realised that Facebook may have some security issues and announced that there will be more granularity on the exisiting security controls. Also the massive Networks will no longer be the basis for information sharing.
Monday 26 October 2009
Cryptography at IBM
A great video from the IBM Smarter Planet series on their Cryptography team with a short introduction to “privacy homomorphism,” or “fully homomorphic encryption". This breakthrough makes possible the deep and unlimited analysis of encrypted information — data that has been intentionally scrambled — without sacrificing confidentiality.
Extended abstract on privacy homomorphism can be found here.
Extended abstract on privacy homomorphism can be found here.
Wednesday 16 September 2009
Adam Savage at HOPE
Interesting stuff from HOPE
I never noticed this when it first appeared a while back.
I guess when the well known attacks become mainstream - that the lawyers show up.
I never noticed this when it first appeared a while back.
I guess when the well known attacks become mainstream - that the lawyers show up.
Friday 31 July 2009
Tuesday 24 March 2009
Worm Attacking Home Routers and DSL Modems
Very good article detailing the psyb0t botnet worm.
This is the first known botnet based on exploiting consumer network devices, such as home routers and cable/dsl modems.
It stresses the importance of changing all passwords on internet facing network kit.
Use a random string of sufficient length or grab a 63 character string from GRC.
This is the first known botnet based on exploiting consumer network devices, such as home routers and cable/dsl modems.
It stresses the importance of changing all passwords on internet facing network kit.
Use a random string of sufficient length or grab a 63 character string from GRC.
Subscribe to:
Posts (Atom)
Posts
