Wireless Equivalency Protocol (WEP) has been one of the hottesttopics in Irish news over the last few days. One of the leadingproviders of DSL in Ireland has supplied users with wireless routersprotected using WEP. What made this newsworthy is that it has emergedthat the WEP keys used to encrypt the network traffic and to controlaccess to a private network were generated using the (Service SetIdentifier) SSID. The algorithm used to generate the encryption keyshas been analyzed and a tool is freely available which allows anyonewithin range of the router to trespass on a wireless network that hasbeen secured using the default settings.
The DSL provider and media reports are advising customers that ifthey change their WEP keys, they will be safe from any trespassers ormalicious attackers trying to get onto their network. While it is truechanging the default WEP settings will mitigate this particular attackit will not make your wireless network secure.
Many of the new threats seen today aren’tadvancements in their own right; rather, they just take advantage ofadvancements in technology. For example, VBScript enables programs tobe written quickly, but also makes writing malware extremely easy.Remember VBS.LoveLetter, also known as the “I-Love-You” worm? This wasa mass-mailing worm that ultimately ended up causing millions ofdollars worth of damage because of crashed servers, not to mention thepunitive damages caused by files being overwritten. While VBScriptsgave administrators the ability to perform more robust tasks viascripting, developers need to be aware of the possible detrimentaleffects of these new technologies. For example, after VBS worms becamewidespread, Microsoft forced user consent before a script could harnessMicrosoft Outlook to send itself, thereby neutering that attack vector.
Another seemingly innocuous feature has been extremely useful tosome malware writers. The advent of NTFS brought...
