From the "wait a minute, are you sure that's safe?" department: 



It took Japanese researchers only 60 seconds but it appears as if  the replacement to the extremely vulnerable WEP needs replacing. 



The WPA encryption system used for wireless security can hacked in about 60 seconds.  That's scary since the WPA protocol and related TKIP were created due to weaknesses discovered in Wired Equivalent Privacy (WEP).



According to CBR, "The security attack they have formulated for the Wi-Fi Protected Access or WPA protocol is similar to one known as the Beck-Tews attack which appeared last year as a means of recovering plain text from an encrypted short packet, and from there falsifying it.  That took anything up to 15 minutes. But with this latest message falsification attack, which is good for pretty much any WPA implementation, the execution time is cut to about one minute in the best case."



Can't say I'm surprised...the writing was on the wall...(see previous posts on wireless insecurity below) Remember, our boy Albert Gonzalez,.a.k.a. "SoupNazi" got his start thanks to WEP by Wardriving. 





PIN Debit Payments Blog: Wireless Security Does Not Have Any...

Mar 15, 2009


The group accused of stealing the TJX data was believed to have hacked into several stores' weakly encrypted wireless
networks. Last year, supermarket company Hannaford Bros. reported a data breach, saying customer accounts at stores in ...
May 14, 2009
AirTight Networks published a study of wireless access points and found that the majority still use WEP and the WEP cracking time is less than five minutes. Interesting study. The URL to the PDF is at the end of this post. ...
Aug 17, 2009
DENVER - August 17, 2009 - First Data, a global leader in electronic commerce and payment processing services, announced today that it is launching the FD400, the first low-cost, battery-powered, wireless point-of-sale terminal for
Jul 15, 2009
Considering today's announcement that PCI is publishing "wireless" security guidelines, I don't see any reason why the council wouldn't be 100% behind putting together a Web Special Interest Group (SIG) and begin this much needed ...
 
Aug 19, 2008
Despite serving as an informant, the Justice Department claims, Gonzalez also began "wardriving" in the areas around US Highway 1 in Miami, according to this month's indictments. The term refers to the tactic of cruising in a vehicle 



PIN Debit Payments Blog: Wireless Identity Theft - More on Hackers 11

24 Nov 2008 


In an article published on IBLS (Internet Business Law Services) the author talks about wireless hacking (See WarDriving 101), Hackers 11 and possible changes in laws relating to cybercriminal behavior. ...




Reblog this post [with Zemanta]

Posted by John B. Frank Tuesday, September 1, 2009

0 comments

Payments Industry News Blog

Search the PIN Debit Blog by Subject

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers