Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Look at the State of Wireless Security

Posted by Soulskill on from the tubes-of-the-ether dept.

An anonymous reader brings us a whitepaper from Codenomicon which discusses the state and future of wireless security. They examine Bluetooth and Wi-Fi, and also take a preliminary look at WiMAX. The results are almost universally dismal; vulnerabilities were found in 90% of the tested devices[PDF]. The paper also looks at methods for vendors to preemptively block some types of threats. Quoting: "Despite boasts of hardened security measures, security researchers and black-hat hackers keep humiliating vendors. Security assessment of software by source code auditing is expensive and laborious. There are only a few methods for security analysis without access to the source code, and they are usually limited in scope. This may be one reason why many major software vendors have been stuck randomly fixing vulnerabilities that have been found and providing countless patches to their clients to keep the systems protected."

3 of 107 comments (clear)

  1. OSS by Anonymous Coward · · Score: 5, Insightful

    What we need is a strong, coordinated, open-source effort to create new standards for networking devices, rather than rely totally on proprietary software.

  2. Re:Security is relative by Marcion · · Score: 5, Insightful

    If you meet a skilled hacker, no matter what you throw at him/her they will be able to beat it. However most security holes aren't a huge deal because as long as there isn't a .exe that Joe Script-Kiddy can execute its not going to be exploited.

    You are missing the vital link here.

    1. Skilled Cracker will find your security hole.
    2. Skilled Cracker will then brag about it on a forum and provide example code.
    3. Not-so-skilled cracker-wanabee will fill it out and package it as a .exe
    4. Joe Script-Kiddy executes the .exe

    On the Web, this cycle does not take very long. Imagine 1+2 happens on Friday, by the time you come back to work on Monday your server is being accessed.

    --
    My little Linux and tech blog
  3. Re:Wireless security is perfect..... by The+Mighty+Buzzard · · Score: 5, Insightful

    On the up side, if we're talking a wireless setup with the weak signal most home setups have, anyone attempting to crack it is also within physical ass-kicking distance. Minimalist security, a fair IDS, and a lead pipe are all you need unless we're talking something with a larger coverage than most WAPs.

    --
    Violence is like duct tape. If it doesn't solve the problem, you didn't use enough.