ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Poor Wi-Fi passwords 'invite attack'

Published: 07 Nov 2003 08:50 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A security expert has warned users of the latest wireless network security standard, Wi-Fi Protected Access, to pick good passwords or risk being compromised.

The Wi-Fi Protected Access (WPA) security specification sported by the latest wireless hardware includes a way for administrators -- whether in a small business or home -- to lock down their network using a single pass phrase. However, a poorly chosen code can still be attacked with brute force methods, such as a "dictionary attack," in which an attacker guesses at the password using a list of common words. That makes long random codes a key to security, Robert Moskowitz, senior technical director with ICSA Labs, said in a paper.

"The weakness is in poorly chosen keys and that's warned of in the standard," he said. "Most people use passphrases like RosesAreRed. But those things are in the dictionaries (used by attackers)."

While not a flaw in the standard, Moskowitz worries that users will not understand that their security entirely rests on the randomness of the password they chose for their network.

The WPA specification uses passwords to act as the keys that encrypt a network's communications. The specification allows for two types of key management: pre-shared keys, where everyone uses the same pass phrase, and managed keys, which use a server to assign a different key to each user.

Moskowitz's concerns are for home users and small offices that use the pre-shared key model. The choice of a simple key can lead to easily broken security.

Basically, an attacker could capture the initial data, or "handshake," between the wireless base station and a user's computer. The data can then be analysed and attacked, by trying different passwords, at a later time. Such a brute-force method can be very effective when the network uses an easily guessable password, Moskowitz said.

However, if the network uses a long random code to secure the network, brute force attacks are almost impossible, he said.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
85 out of 182 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:



Related Jobs

SAP FI/CO

SAP FI Consultant is required to join a Midlands based client. Key Skills: SAP, FI, CO, ECC 6.0, New GL (Computer Futures Solutions Limited acts as ...

Systems Accountant with SAP FI/CO

A global manufacturing company based near Heathrow is looking to recruit a Business Analyst/Systems Accountant with work within their Global Finance ...

SAP FI/CO CONSULTANT

Candidates require strong experience in FI/CO along with strong hands on configuration experience as well as full life cycle involvement and ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Mobile Security Expert: Your Camera Ph...

Mobile Security Expert: Your Camera Phone Got Hacked Author: Eric Everson, Founder MyMobiSafe.com Have you ever heard someone say “I’d like to be a fly on the wall in that room.”?... More

Post a comment

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers