AirDefense, the innovator that launched the wireless LAN security market, today unveiled results from its comprehensive “San Francisco Wireless Security Vulnerability Survey.” Conducted in March 2008 at more than 1,000 Bay Area corporations and government agencies, AirDefense assessed wireless security practices in four key industries, including: Finance, Government, Retail, Transportation and an overall review of major corporations in the city. During its research AirDefense discovered upgraded technologies in place with stronger encryption protocols at many Retail and Transportation locations. However, results were mixed in Finance and Government, with the majority of Access Points (APs) wide open or at best legacy encryption protocols in place.

Continue reading this post…

If one is better, then 11 must be a charm.  So we could hold a guessing contest or something else but this is what happens when you take some hardware, sprinkle with some hackers and a contest. This is the Church of the WI-FI, WEP/WPA Cracking Contest Hardware at the most recent Defcon.Using off-the-shelf hardware, they used custom firmware on the devices to provide AP and backend servers with a cool look and feel, and just something different. My guess is this now belongs to the Las Vegas TSA, but great job on the implementation of normal hardware to do some simple things, but looks great!  So Linksys boxes are good for something beside home and rogue APs.

Something you do not see every day, a POP-UP Web Page, (FYI – most browser Pop-ups are disabled, and enabling them at a hotspot is not the smartest thing to do) warning people at Chicago O’Hare airport that only closed access is allowed, any others are FAKE and could defraud the customers.  Interesting as they must be having issues at the airport with this. I applaud the management of the hotspot, as this is a HUGE ISSUE in open venues like this. It would be interesting to find out the real number of devices seen or users compromised are as this is always a secret of hotspot providers. Good Job Chicago & Bingo in admitting the problem exists and warning the users of the dangers.

AirDefense has built-in countermeasures already to thwart attacks proposed at Defcon15
Executive Summary
At a recent conference, hackers from AirTight Networks presented attacks and released a set of tools that claim to defeat WEP Cloaking . The attackers did not have access to AirDefense’s WEP Cloaking technology. They speculated on its implementation and “proved” that they could break their own naïve implementation. The proposed attacks, while feasible against a simplistic chaffing based system, do not compromise AirDefense’s WEP CloakingTM. AirDefense’s WEP Cloaking already includes sophisticated countermeasures to thwart the proposed attacks. It is indeed unfortunate and unprecedented that a wireless security vendor would release a tool in an attempt to break a competitor’s product.
Continue reading this post…

To celebrate the return of Football,  I thought we would look at Wi-Fi at and around the stadiums. So I selected some stadiums and below are the results of our Monday Night War-Drive.

Texas Stadium

As you can see the stadium is offset from the road by a long way, but the highways are full of APs.  I am sure the SSID of fanTM and CON67, CON10, CON## are located in and around the stadium.  So you can see the signal travel great distances.

Continue reading this post…