CRIME FW: [Information_technology] Daily News 11/07/03

From: George Heuston (GeorgeH@private)
Date: Fri Nov 07 2003 - 12:15:57 PST

  • Next message: Mark Morrissey: "CRIME administrivia"

    -----Original Message-----
    From: information_technology-admin@private
    [mailto:information_technology-admin@private] On Behalf
    Of InfraGard
    Sent: Friday, November 07, 2003 11:46 AM
    To: Information Technology
    Subject: [Information_technology] Daily News 11/07/03
    
    November 06, InternetNews.com - Weakness found in Wi-Fi security
    protocol.
    Wireless security expert Robert Moskowitz has detected a glaring
    weakness in
    the interface design of a Wi-Fi Protected Access (WPA) protocol deployed
    in
    numerous Wireless LAN products. According to a research paper written by
    Moskowitz, the weakness could allow intruders to crack poorly chosen
    passphrases via offline dictionary attacks. The paper means that Wi-Fi
    hardware products that ship with WPA might be less secure than the older
    Wireless Encryption Protocol (WEP), which it replaced in 2002. The WPA
    standard was designed to improve upon the security features in wireless
    networks. The weakness only takes effect when short, text-based keys are
    used and does not reflect a fault in the WPA protocol. The weakness can
    be
    avoided if WLAN hardware manufacturers build units with the ability to
    generate random keys that can be copied and pasted across systems.
    Manufacturers can also restrict the ability to enter weak keys by
    requiring
    passphrases with numerous characters instead of words that can be found
    in
    the dictionary. Moskowitz warned that dictionary based programs used to
    crack passwords are heavily used by criminal hackers. The paper is
    available
    online: http://wifinetnews.com/archives/002452.html Source:
    http://www.atnewyork.com/news/article.php/3105271
    
    
    Current Alert Levels
    AlertCon: 1 out of 4
    https://gtoc.iss.net
    
    Security Focus ThreatCon: 1 out of 4
    http://analyzer.securityfocus.com/
    
    Current Virus and Port Attacks
    Virus: #1 Virus in the United States: WORM_LOVGATE.G
    Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus
    Tracking Center
    [Infected Computers, North America, Past 24 hours, #1 in United States]
    
    Top 10 Target Ports
    135 (epmap), 1434 (ms?sql?m), 137 (netbios?ns), 445 (microsoft?ds), 80
    (www), 901 (realsecure), 53 (domain), 161 (snmp), 27347 (???), 139
    (netbios?ssn)
    Source: http://isc.incidents.org/top10.html; Internet Storm Center
    
    
    _______________________________________________
    Information_technology mailing list
    Information_technology@listserv
    



    This archive was generated by hypermail 2b30 : Fri Nov 07 2003 - 13:01:20 PST