-
12 Nov 2008New way to crack WPA on wireless networks
Everything in security is just a matter of time, right? Well, a couple of researchers - one of which is the author of the Aircrack-ng tool that I've covered a lot over the years - have found a new way to crack the WPA TKIP key in a just a few minutes without using a dictionary attack (previously the only way to crack it). Reaffirms the arms race we're mired ...
Continue Reading... -
04 Sep 2008
PCI v1.2 = 802.1x for wireless? Yeah right!
Apparently the new changes in PCI DSS v1.2 (due out in October) are going to require more robust wireless security. As if no new WEP implementations after March 2009 and none at all after June 2010 weren't enough...Wireless must now be "implemented according to industry best practices (e.g., IEEE 802.1x) using strong encryption for authentication and transmission".Yeah right!! So people using WEP not only have to upgrade their hardware but ...
Continue Reading... -
28 Aug 2008
Crazy things people do to get a Wi-Fi connection
Here's a funny bit about things people have done to get wireless Internet access. Some of these are pretty stupid when you consider the consequences of connecting to a rogue AP where someone's watching your every move on the other end (i.e. web sites browsed, passwords entered, emails sent, etc.). Not to mention exploiting your system for remote access.Reminds me of how much I love my air card.......
Continue Reading... -
21 Aug 2008
A wireless security assessment tool you can’t overlook
Many people tout how great open source and freeware wireless tools are for finding and exploiting wireless network vulnerabilities - myself included. However, if you're performing a wireless assessment, you don't want to overlook the value the commercial tools have to offer.The commercial tool I've been using for a while - since before I co-authored Hacking Wireless Networks For Dummies - is AirMagnet's WiFi Analyzer (formerly their "Laptop" product). It's ...
Continue Reading... -
20 Aug 2008
Can’t wait to try this tool out…
...it's been out for a few weeks and wow, it looks really neat. Great way to demonstrate the vulnerabilities associated with Wi-Fi in the enterprise. I've actually been wondering when someone would come up with a tool like this.http://metasploit.com/dev/trac/wiki/KarmetasploitKarmetasploit acts as a wireless access point serving up legitimate-looking services such as SMTP, DNS, etc. It can be used to capture email passwords, retrieve info from Web form fields, exploit Web ...
Continue Reading... -
01 Feb 2008
My security content from this week
No articles published this week. For all of my past information security tips and tricks be sure to check out www.principlelogic.com/resources.html....
Continue Reading... -
14 Jan 2008
Wireless hotspot security measures you can’t afford to overlook
Here's a not-so-innovative piece from one of the prominent wireless gurus, Lisa Phifer, on hotspot security but it's a good reminder of what to do nonetheless: http://www.wi-fiplanet.com/tutorials/article.php/3720151...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
