CRIME FW: [Information_technology] Daily News 11/07/03

From: George Heuston (GeorgeH@private)
Date: Fri Nov 07 2003 - 12:15:57 PST

Next message: Mark Morrissey: "CRIME administrivia"

Previous message: Jacob E. Redding: "Re: CRIME SSL Certificates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----Original Message-----
From: information_technology-admin@private
[mailto:information_technology-admin@private] On Behalf
Of InfraGard
Sent: Friday, November 07, 2003 11:46 AM
To: Information Technology
Subject: [Information_technology] Daily News 11/07/03

November 06, InternetNews.com - Weakness found in Wi-Fi security
protocol.
Wireless security expert Robert Moskowitz has detected a glaring
weakness in
the interface design of a Wi-Fi Protected Access (WPA) protocol deployed
in
numerous Wireless LAN products. According to a research paper written by
Moskowitz, the weakness could allow intruders to crack poorly chosen
passphrases via offline dictionary attacks. The paper means that Wi-Fi
hardware products that ship with WPA might be less secure than the older
Wireless Encryption Protocol (WEP), which it replaced in 2002. The WPA
standard was designed to improve upon the security features in wireless
networks. The weakness only takes effect when short, text-based keys are
used and does not reflect a fault in the WPA protocol. The weakness can
be
avoided if WLAN hardware manufacturers build units with the ability to
generate random keys that can be copied and pasted across systems.
Manufacturers can also restrict the ability to enter weak keys by
requiring
passphrases with numerous characters instead of words that can be found
in
the dictionary. Moskowitz warned that dictionary based programs used to
crack passwords are heavily used by criminal hackers. The paper is
available
online: http://wifinetnews.com/archives/002452.html Source:
http://www.atnewyork.com/news/article.php/3105271

Current Alert Levels
AlertCon: 1 out of 4
https://gtoc.iss.net

Security Focus ThreatCon: 1 out of 4
http://analyzer.securityfocus.com/

Current Virus and Port Attacks
Virus: #1 Virus in the United States: WORM_LOVGATE.G
Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus
Tracking Center
[Infected Computers, North America, Past 24 hours, #1 in United States]

Top 10 Target Ports
135 (epmap), 1434 (ms?sql?m), 137 (netbios?ns), 445 (microsoft?ds), 80
(www), 901 (realsecure), 53 (domain), 161 (snmp), 27347 (???), 139
(netbios?ssn)
Source: http://isc.incidents.org/top10.html; Internet Storm Center

_______________________________________________
Information_technology mailing list
Information_technology@listserv

Next message: Mark Morrissey: "CRIME administrivia"
Previous message: Jacob E. Redding: "Re: CRIME SSL Certificates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Nov 07 2003 - 13:01:20 PST