WiFi “switch” vendor Aruba, says a recently discovered flaw enables relatively easy interception of encrypted keys between a wireless access point and a RADIUS server, according to David Callisch, communications director for Aruba Wireless Networks. The recently-ratified 802.11i wireless security standard doesn’t solve the problem, he added.
While this is the same flaw that has been previously discussed for wired networks, the problem is made worse by wireless technology.
“Wireless inherited the flaw but wireless also exacerbates it,” Callisch said. “With wireless, people can mount attacks more easily and use publicly available tools. They can mount the attack from outside, but also from inside. Anybody who sets up a rogue access point, even if their intent isn’t malicious, also opens up (the network) to attack.”
By contrast, the flaw required the attacker to tap directly into a wired network, which is a more difficult task, Callisch noted.He said Aruba will present a paper on the flaw next week to the IETF.
“There are a number of solutions to this problem,” Callisch said. “We have one and we’d love it, of course, if everybody bought our stuff”.
Meanwhile, the sky is falling at Google even as it’s employees estimate their good fortune with an IPO estimated at up to $135 per share.
A new version of the Mydoom e-mail worm, dubbed Mydoom.O, is spreading on the Internet and causing general FUBAR. The worm targets Google, Yahoo and Lycos. The AltaVista search engine owned by Overture Services Inc. is also a target, according to a statement from Computer Associates International Inc. Technical staff members at The Goog are investigating the slowdowns and expect to have service restored for all users shortly. User reports have poured in to The Register noting that numerous searches have turned up nothing but error messages.
.gif)
