[ISN] City firms still failing to guard WLans

From: InfoSec News (isn@private)
Date: Tue Jun 22 2004 - 03:58:37 PDT

  • Next message: InfoSec News: "[ISN] Network Associates Up For Sale, Sources Say"

    By Bill Goodwin 
    22 June 2004 
    Businesses in Europe's leading financial centres are failing to secure
    their wireless access points despite the risk of "drive-by" hacking.
    More than 33% of businesses surveyed in London, Milan, Paris and
    Frankfurt are still making fundamental security mistakes, research by
    RSA Security revealed.
    The failure of companies to use basic wireless security standards,
    such as WEP (Wired Equivalent Privacy), is leaving otherwise
    well-protected corporate networks with holes that could be exploited
    by hackers.
    "Once hackers are connected, they can do what they like," said Tim
    Pickard, director at RSA. "This instantly negates the effort and
    investment organisations have made in other areas to secure the
    corporate infrastructure."
    The survey found that the number of wireless networks has increased by
    770% to more than 1,000 in London during the past three years.
    Although awareness of wireless security has improved, 33% of wireless
    access points in London firms still do not use basic WEP encryption.  
    London businesses have also left 25% of wireless networks on their
    default settings, broadcasting information about companies' IT systems
    to potential hackers.
    These lapses leave businesses open to hackers, who are able to locate
    vulnerable access points by doing "drive-by" attacks armed with
    low-cost equipment.
    "In the worst case scenario, hackers could bypass a lot of the
    traditional security, including firewalls, giving them access to
    vulnerable parts of the network," said Pickard.
    The picture is even worse in Frankfurt, where 41% of wireless networks
    are unencrypted, along with 72% in Milan.
    ISN mailing list
    Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
    (Broke? Spend 15 minutes a day on the project!)

    This archive was generated by hypermail 2b30 : Tue Jun 22 2004 - 06:59:30 PDT