McAfee repeats Wifi security warning

Security firm McAfee has repeated a warning about weaknesses in the highest level of Wifi security dispite accusations of scaremongering.

The company warned that home and professional users to move away from the older WEP encryption and use the newer WPA technology. WPA is less vulnerable than WEP to being cracked by running eavesdropped network traffic through a mathematical algorithm.

But even WPA can be broken if only a simple password is used, warned Ken Baylor, of McAfee's Foundation division.

Some web discussion following our original story implied that McAfee was talking up the problem to boost business.

But Baylor insisted that the threat is real. He explained: 'WPA eavesdropping is possible and is easy. The hard part is "cracking" what you have captured.'
Ordinarily a network can detect that it's being subjected to a brute-force attack - that is, when a hacker tries every possible password - and will shut out the would-be intruder.

WPA can be cracked if a hacker eavesdrops when a computer connects to the network, which is when the pre-shared key is broadcast.

A hacker who intercepts this can run a brute force 'dictionary' attack on the key offline, when the target network cannot detect it, and return to gain access if the key is cracked.

But this is only practical when simple passwords are used. Strong passwords, which may include numbers, some punctuation, and upper and lower-case letters are very very to crack by brute force.

Foundstone is currently promoting awareness of network security issues, often neglected by home users more concerned with viruses, spyware and spam.

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!