Tag Archives: Infosecurity Magazine

Wi-Fi hack leverages Amazon cloud technology

A hack which bypasses WPA Wi-Fi security in a few minutes has been created by a German security expert using the vast resources of Amazon’s cloud computing services in an all-out assault.

Researcher Thomas Roth has developed this hacking technique to try more than 400,000 passwords each second, by harnessing the collective power of the cloud, according to the latest reports from Germany.

By cracking the WPA-PSK encryption which protects a majority of Wi-Fi networking across the globe, observers at Infosecurity Magazine are now stating that it is no longer possible to classify any Wi-Fi interaction as totally secure.

Amazon has been contacted in order to comment on the exploitation of its cloud computing resources but, at the time of writing, it has not released a statement explaining its position.

It is thought that Mr Roth will be using the findings of his experiment in order to make a presentation at the Black Hat conference which is taking place in a few weeks in the US.

Mr Roth is one of the many security experts who uses hacking techniques in order to dispel data security myths and, in this case, identify core weaknesses in current Wi-Fi encryption which can easily allow third parties to hijack secure channels for their own nefarious means.

The cost of using Amazon’s cloud computing resources is the equivalent of 20p every 60 seconds, which means within this period more than 24 million different password combinations can have been tried in a brute force attack on a WPA-protected network.

On Roth’s first attempt it took him 20 minutes to find a password, but with some honing and refinement he dropped this down to a six minute stint. This puts the cost of hacking a typical Wi-Fi network at around 1.20, a dangerously low number for anyone who is attempting to protect their organisation from the meddling of external forces.

This issue is sure to have ripples across the world and should highlight how difficult Wi-Fi security can be to control.

Portable devices pose biggest risk to data security in 2011

A UK think tank has concluded that the prevalence of portable storage devices and mobile phones will be the biggest headache for those who want to protect data and ensure total system security over the coming 12 months.

The Digital Systems Knowledge Transfer Network has made this announcement, with director, Tony Dyhouse, saying that devices capable of storing data in a portable form factor, will allow cybercriminals the opportunity to exploit new security weaknesses in 2011.

It is not just the data storage abilities of these devices but also the fact that they can connect to wireless networks that makes them vulnerable, according to Mr Dyhouse.

He expects hackers to find new ways of hijacking the data being sent and received over Wi-Fi and Bluetooth, allowing criminals to act in a clandestine manner which is difficult to detect, while harvesting significant amounts of information.

Mr Dyhouse believes that the average user needs to wise up to the potential threats posed by using this type of device. He said that the firms which provide portable gadgets will not take responsibility for the security in the event of data loss and, as such, it is down to the end user to act as ultimate guardian of the details stored within.

The potential for human error to result in data loss or even for users to become complicit in data theft, is of great concern among security professionals and the think tank is urging organisations to make employees take responsibility for how they use portable devices.

Mr Dyhouse emphasised the fact that he is not expecting every user to become an expert in data protection overnight, but, instead, is seeking an improvement in the general level of understanding with regards to how cybercriminals operate and how they leverage social engineering to prey on their victims.

Mr Dyhouse told Infosecurity Magazine, that the government’s pledge of investing 650 million to help combat the threat of cybercrime was a positive step, but that when compared to the losses suffered by businesses, it is a fraction of what is required.

Data loss overtakes physical theft in global business community

Businesses from around the world are now more likely to suffer from data loss and digital theft, than the actual appropriation of material assets, according to a report conducted by Kroll.

The latest Annual Global Fraud Report found that 27.3 per cent of firms have announced the theft of data during the last year. In 2009 this figure was just 18 per cent, showing that there has been a significant increase.

There has been a smaller drop in the number of businesses reporting the theft of material goods, with 2009’s level of 28 per cent, falling to 27.2 per cent in 2010.

Kroll’s Richard Plansky, said that he anticipates this to be a continuing trend that is gathering momentum. He puts this down to the fact that information is now the lifeblood of the global economy and as such, businesses place greater importance on concepts rather than tangible products.

Speaking to Infosecurity Magazine, Mr Plansky explained that the move towards the digital age was both beneficial and a hindrance. While giving greater access to important information can improve productivity, he also said that this allows those with malicious plans a greater chance to influence and corrupt data.

The survey concluded that it was those businesses in the financial sector that had seen the most significant increase in the number of data theft incidents, up to 42 per cent from 24 per cent in 2009. Media and telecoms firms were also hit with a big increase which saw 37 per cent report data theft incidents in 2010.

The increasing complexity of network infrastructures is being labelled as the key cause for heightening the threat of security breaches by 28 per cent of those questioned as part of the survey. In turn nearly half of all firms are going to invest in data protection within the coming year, which is actually a drop of three per cent compared to the previous 12 month period.

Only firms with revenues in excess of half a billion dollars were included in this survey, so the significant threat of data theft is clearly being felt on a global scale in all industries.

The importance of conforming to PCI DSS

PCI commentators and recent surveys have again reinforced the importance of the Payment Card Industry Data Security Standard, as well as highlighting the penalties and pitfalls of ignoring PCI DSS guidelines. Writing for Infosecurity Magazine, independent security analyst Mark Gillespie collates and analyses recent findings which support and promote PCI DDS.

Gillespie identified the current confusion surrounding the application of and adherence to PCI DSS. Since its introduction in 2004 a number of big name brands have incurred fines for improper protection of cardholder data. The highest profile case occurred in 2007 when high street chain TK Maxx was penalised for a lack of adequate safeguards in its payment card system. Continue reading

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal