[ISN] At RSA, Some Security Pros Don't Practice What They Preach

From: InfoSec News <alerts_at_private>
Date: Mon, 8 Mar 2010 00:41:37 -0600 (CST)
http://www.darkreading.com/vulnerability_management/security/encryption/showArticle.jhtml?articleID=223101624

By Tim Wilson
DarkReading
March 05, 2010

SAN FRANCISCO -- RSA Conference 2010 -- You'd think the behavior of 
wireless users at one of the industry's biggest security conferences 
would be -- well, secure.

Not so, says a quick study from wireless security company Motorola 
AirDefense.

In a study during the first two days of the show, AirDefense identified 
293 wireless access points -- but an alarming 315 ad-hoc networks were 
also discovered.

Ad-hoc networking is a mode of operation that allows two stations to 
communicate directly with each other, without the use of an access 
point. This could allow an attacker to impersonate a common service set 
identifier (SSID) and potentially gain connectivity to the wireless 
station, AirDefense observes.

Some 116 wireless clients were found to be associated to these ad-hoc 
networks, many offering security-risky SSIDs, such as "Free Public 
WiFi," "Free Internet Access," "Hotel WiFi," and "lounge."

While there was more encryption at this year's conference than last 
year, the majority of the networks using encryption were found to be 
using technologies known to be vulnerable to attack. Sixty-two percent 
were using WEP -- which was cracked years ago -- or TKIP, for which 
researchers have rolled out several proofs of concept research during 
the past two years. The recommended encryption is AES/CCMP.

[...]


___________________________________________________________
Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
http://conference.hitb.org/hitbsecconf2010dxb/
Received on Sun Mar 07 2010 - 22:41:37 PST

This archive was generated by hypermail 2.2.0 : Sun Mar 07 2010 - 22:45:12 PST