Two security conferences ran this week in Las Vegas, one for the people who break into computer networks and one for those who guard against them. This twofer presented a confluence hard to resist. ZDNet's Robert Lemos previewed Def Con, the annual near-riot of hackers, and the Black Hat Briefing, a spinoff of Def Con, which now targets security experts and IT managers.
Lemos also pulled out of Black Hat the security story that got lots more play later in the week: the insecurity of Wi-Fi wireless networks, which are propagating rapidly. The Wi-Fi standard (marketing types prefer this name over the clumsy "IEEE 802.11b") includes provisions for security features such as encryption and authentication. The first problem is that most Wi-Fi equipment on the market comes out of the box with the security features turned off. The second is that Wi-Fi's security provisions are weak.
Regarding the default-insecure problem, hardcore tech sites have been buzzing for months about "war driving," also known as "drive-by hacking." You can drive your Wi-Fi equipped laptop around almost any city and find yourself, virtually, inside one corporate network after another. Many of the journalists writing about wireless security this week warned that corporations are going to start tightening the security screws real soon. InternetNews covered an announcement from IBM of a prototype wireless auditing tool that should help them to do so.
As for the technical weakness of Wi-Fi's security, start with Robert Lemos's Las Vegas coverage. For increasing detail read Rich Santalesa, also in ZDNet, and Joe Paone, writing in MicroTimes.com. All of them cover the research from Berkeley and the University of Maryland that demonstrates just how easy it is for a determined adversary to break into a "secure" Wi-Fi network. Santalesa and Paone outline some of the extra layers of precaution the careful network administrator will need to consider. Hey, there's no place better suited to learning about privacy protection than Las Vegas.
Security showdown: Black Hat vs. Def Con
Wireless networks lure hackers
IBM Ripples Security Waves with 802.11 Wireless Auditing Tool
The war over 802.11x security