http://www.siliconvalley.com/docs/news/svfront/062136.htm Friday, Aug. 3, 2001 NEW YORK (Reuters) - Researchers have discovered a way to quickly break through the security system that protects the leading corporate wireless networking system, a trade group said Friday. While computer security experts had previously uncovered weaknesses in Wi-Fi, a standard for wireless data communication also known as 802.11b, the latest discovery is being treated with more concern because it is more feasible and takes less time to carry out. The new attack allows a hacker to discover the ``secret key'' used to encrypt data before it goes into the air. The group that promotes the Wi-Fi standard, which briefed reporters and analysts prior to the publication of a paper that details the vulnerability, said it had long urged wireless network users to supplement Wi-Fi's built-in security system with stronger encryption tools. ``Companies that have something worth attacking are likely to -- and if they're not, they certainly should -- put in other forms of network protection,'' David Cohen, the chairman of the Wireless Ethernet Compatibility Alliance, said in an interview. Wi-Fi, backed by technology giants including Intel Corp. and Cisco Systems Inc., has caught on in places beyond corporate campuses, including airports, hotels and other public spaces, letting computer users reach the Internet without attaching any wires. Wednesday, the alliance, known as WECA, said it had added to its board of directors Microsoft Corp., which will support Wi-Fi networks in its new Windows XP operating system. Despite its popularity, critics have long said Wi-Fi was vulnerable to attack by hackers. Early this year, a group of security experts at the University of California at Berkeley discovered weaknesses in the Wired Equivalent Privacy, or WEP, algorithm -- the security system used in Wi-Fi networks. In March, researchers at the University of Maryland published a report entitled ``Your 802.11 Wireless Network Has No Clothes,'' that claimed wireless networks are vulnerable to attack. Wi-Fi's backers responded by saying the Berkeley report was far too complex to be widely implemented, and that WEP should not be used by itself to protect sensitive data. Navin Sabharwal, a wireless analyst at research firm Allied Business Intelligence, said WEP is no longer seen as a secure way to protect data over wireless networks. ``WEP is pretty much defunct,'' Sabharwal said. ``It's sort of the curse of any wireless protocol: ultimately, no matter what algorithm you choose, you're basically going to be assured that its going to be susceptible to hacking.'' The new paper was written by Scott Fluhrer of Cisco Systems Inc. as well as Itsik Mantin and Adi Shamir of The Weizmann Institute in Israel, WECA said. Neither of the three experts could immediately be reached. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 07:54:03 PDT