Security researches will be outlining attacks that can break the WPA wirless security protection of wireless networks this week at the PacSec conference in Tokyo. Erik Tews and Martin Beck will discuss how networks protected by TKIP (Temporal Key Integrity Protocol — originally called WEP2) are vulnerable to attackers being able to inject small amounts of traffic into the encrypted data stream. This can allow attackers to:
LuxSci has been approached by many people asking for VPN (Virtual Private Network) services. When we ask them why, they indicate that they use wireless hotspots (like at Starbucks and other public places) that are insecure and untrusted and they want to be sure that their email is secure and encrypted there.
This is a very legitimate concern. Wireless hotspots are serious danger zones; we have seen many cases of people who have carelessly used insecure connections to email and had their login usernames and passwords stolen in such places. This can lead to identity theft, the leaking of sensitive company or personal information, and other serious problems. Anyone using public wireless hotspots or other untrusted networks for email and other activities that involve personal information need to take care that the information sent to and from their computers is protected. If the transmission of your sensitive information is protected, then you have nothing to worry about and hotspots can be great places to work.
"Internet email, Internet instant messaging, and mobile short text messaging are related in that they enable communications by pushing messages from sender to recipient over generally insecure networks. The security issues and vulnerabilities inherent in all three modes of communication are also very similar. This talk will review standard security threats associated with electronic messaging in general, and their common remedies including symmetric and asymmetric key encryption, digital signatures, and message authentication codes. Next, a detailed exposition of the security vulnerabilities inherent in all phases of Internet email delivery will be examined and solutions such as S/MIME, Authentication, and Transport Layer Security (TLS) will be discussed. After a brief look of the serious issues involved with public Instant Messaging services such as AOL Instant Messenger, Yahoo! Messenger, and ICQ, the Short Messaging System (SMS) over the Global System for Mobile Communications (GSM) will be examined. We will review the current security protocols used by GSM and identify the vulnerabilities to SMS. Finally, several ways that GSM or SMS could be extended or modified to ensure the security and privacy of SMS messages, even in a multi-vendor mobile environment, will be proposed."
Receive automatic updates via email:
