| |
| |
Wireless Security |
|
 |
|
There are many security variables to consider
when using wireless. You should never use WEP.
To the right are a few supporting aticles and
reasons. |
Wired Equivalent Privacy (WEP) is a weak
security algorithm for IEEE 802.11 wireless
networks. Introduced as part of the original
802.11 standard ratified in September 1999, its
intention was to provide data confidentiality
comparable to that of a traditional wired
network. WEP, recognizable by the key of 26 or
58 hexadecimal digits, is widely in use and is
often the first security choice presented to
users by router configuration tools.
Although its name implies that it is as secure
as a wired connection, WEP has been demonstrated
to have numerous flaws and has been deprecated
in favor of newer standards. In 2003 the Wi-Fi
Alliance announced that WEP had been superseded
by a higher Wi-Fi standard. In 2004, with the
ratification of the full 802.11i standard, the
IEEE declared that both WEP-40/64/104/128 "have
been deprecated as they fail to meet their
security goals".
|
|
Articles on Wireless security |
Cyber-thieves using a telescoping wireless
antenna to intercept payment information may be
responsible for the "biggest data breach ever,"
investigators theorize.Related Links
Ring Charged with Hacking Major U.S. Retailers.
The Wall Street Journal reported that hackers in
St. Paul, Minnesota, parked outside a Marshalls'
department store and used the antenna to decode
data between hand-held payment scanners,
enabling them to break into parent company TJX's
database and make off with credit and debit card
records of nearly 47 million customers.
Drive-by hacking, or "wardriving," was the first
major threat to Internet access over wireless
connections. Wardrivers drive by or park near
Wi-Fi hotspots or open networks and use various
means to siphon off data from unsuspecting
users.
The TJX network was alleged to have less
wireless network security protection than the
networks of many home users. The hackers are
believed to have had access to the network for
as long as two years, going back to at least
July 2005.
TJX was also alleged to be using the older
Wireless Equivalent Privacy (WEP) protocol for
its network, which has been largely discredited
for the ease with which it can be broken.
Security researchers in Germany recently
published a paper documenting how WEP can be
broken in as little as 60 seconds.
Most security experts recommend upgrading to the
stronger Wi-Fi Protected Access (WPA) protocol,
but TJX was apparently slow to adopt the new
system.
Although TJX refused to comment on the
wardriving allegations, the company previously
acknowledged that it failed to meet security
procedures mandated by the credit card industry.
The company admitted to transferring credit card
payment information to banks without any sort of
encryption, making it easier for the wardrivers
to pick up the information as they surfed the
TJX network.
The hackers then most likely sold the purloined
customer data in the underground economy" of
black-market chats that specialize in the
trading and selling of personal information.
Data connected to the TJX breach turned up in a
Florida fraud case involving credit cards
"cloned" with the stolen personal information.
The fraudsters then used the clone cards to
purchase gift cards from Wal-Mart, which they
then redeemed for thousands of dollars in
high-priced merchandise.
Although the TJX corporation claims its strong
first-quarter sales numbers show that its
shoppers don't care about the data breach, the
company is still fending off numerous lawsuits
from state Attorneys General and class-actions
from irate customers.
Most recently, a coalition of banks in
Massachusetts, Colorado, and Maine filed suit
against TJX for forcing them to absorb the costs
of canceling and reissuing thousands of credit
and debit cards exposed in the breach.
The TJX breach has also spurred numerous bills
in Congress to mandate stronger data security
standards for both government agencies and
private companies, and to ensure affected
individuals are notified if a breach occurs.
Related articles
TJX To Pay Mastercard $24 Million For Data
Breach
TJX Settles with FTC Over Data Breach
TJX Settles with Banks over Data Breach
TJX Settles Visa Suit over Data Breach
Attorneys General Oppose TJX Data Breach
Settlement
TJX Data Breach Victims Reach 94 Million
|
|
|
|
