Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Does Wi-Fi security matter?

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Does Wi-Fi security matter?
Date: Wed, 28 Jun 2006 00:13:59 -0500 (CDT) 
http://news.zdnet.co.uk/internet/security/0,39020375,39277577,00.htm

By Tom Espiner
ZDNet UK
June 27, 2006

People 'just don't care' about Wi-Fi security according to
researchers, but some senior security experts argue there's no need to
secure networks at all
  
A large percentage of Wi-Fi networks are "horribly insecure",
according to researchers at Indiana University.

In a study of almost 2,500 access points in Indianapolis, presented at
the Workshop on the Economics of Information Security at the
University of Cambridge on Monday, researchers found that 46 percent
were not running any form of encryption.

"People just really don't care about Wi-Fi security, and open Wi-Fi at
home is a nice big target," said Matthew Hottell, lecturer in
informatics at Indiana University. "Defaults [settings] are king,"  
added Hottell.

Most of the secured networks used routers whose security setting had
been pre-installed by the vendor, rather than having being activated
by the end user. Some used WEP encryption wizards to encourage people
to turn on the security settings.

"Education seems to have little effect. People with a higher economic
status are not responsive to the heightened risk of privacy erosion,
and people in general don't recognise that higher population density
[heightens risk]," said Hottell.

However, security expert Bruce Schneier argued that as long as
people's devices were secure, having a secured network was
unnecessary.

"I have a completely open Wi-Fi network," Schneier told ZDNet
UK."Firstly, I don't care if my neighbours are using my network.  
Secondly, I've protected my computers. Thirdly, it's polite. When
people come over they can use it."

University of Cambridge security expert Richard Clayton also
questioned the assumption that unsecured networks were necessarily
insecure.

"What is your definition of secure?" Clayton asked the researchers.  
"Did you try to exploit the systems?"

Hottell said the wardriving team had not attempted to hack any systems
or read any network traffic.

Microsoft's chief privacy advisor for Europe, Caspar Bowden, said
there seemed to be a consensus among security experts that having a
Wi-Fi network open to sharing has positive uses, but warned that
people could not rely on WEP encryption if they wanted to secure
networks.

"If you do want to secure your network, look at end-to-end solutions
rather than some of the dodgy crypto around like WEP," said Bowden.  
"There's only one thing worse than no security, and that's a false
sense of security," he added.

 

_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Does Wi-Fi security matter?, InfoSec News <=
Previous by Date:  [ISN] VA Asking for More Money After Data Theft, InfoSec News
Next by Date:  [ISN] U.S. vulnerable to 'cyber Katrina'?, InfoSec News
Previous by Thread:  [ISN] VA Asking for More Money After Data Theft, InfoSec News
Next by Thread:  [ISN] U.S. vulnerable to 'cyber Katrina'?, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]