Return-Path: <sentto-279987-3915-1006666310-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Sat, 24 Nov 2001 21:34:08 -0800 (PST) Received: (qmail 16992 invoked by uid 510); 25 Nov 2001 05:30:20 -0000 Received: from n22.groups.yahoo.com (216.115.96.72) by all.net with SMTP; 25 Nov 2001 05:30:20 -0000 X-eGroups-Return: sentto-279987-3915-1006666310-fc=all.net@returns.groups.yahoo.com Received: from [10.1.4.55] by n22.groups.yahoo.com with NNFMP; 25 Nov 2001 05:31:50 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 25 Nov 2001 05:31:50 -0000 Received: (qmail 64674 invoked from network); 25 Nov 2001 05:31:50 -0000 Received: from unknown (216.115.97.167) by m11.grp.snv.yahoo.com with QMQP; 25 Nov 2001 05:31:50 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta1.grp.snv.yahoo.com with SMTP; 25 Nov 2001 05:31:49 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fAP5XMK13936 for iwar@onelist.com; Sat, 24 Nov 2001 21:33:22 -0800 Message-Id: <200111250533.fAP5XMK13936@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 24 Nov 2001 21:33:22 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:City.firms.risk.drive-by.hacks] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit City firms risk drive-by hacks By Andy McCue, VNU Net, 11/16/2001 <a href="http://www.vnunet.com/News/1126890">http://www.vnunet.com/News/1126890> City and financial institutions are at risk from 'drive-by' hackers because they have not secured their wireless networks. A group of security experts have revealed how easy it is to access data from outside a company building. Consultants from Orthus picked up signals from 124 company wireless local area networks (Lans) in and around the City. The signals from wireless Lans in an office have a range up to 200 meters, but Orthus found two-thirds were unencrypted and easily accessible by anyone with inexpensive equipment. The consultants needed only a laptop, a 129 wireless network card and free software downloaded from the net. Eight areas of the capital, including the City, home to the UK's largest financial institutions, were tested in the study, sponsored by security specialist RSA. Although security was tighter in the City, some 48 companies out of the 124, including some well-known institutions, were still exposed, with more than half using unencrypted signals. Anyone with malicious intent could have grabbed user IDs, passwords, and even wire fund transfers, said Richard Hollis, managing director at Orthus. "This is easy pickings for a hacker, and once breached, a wireless Lan can be used as a base to launch other attacks with complete anonymity," he said. Data sent by users authorised to use a wireless Lan carries an identifier (SSID) that is unique to that network. These SSIDs can be used to gain unauthorised access to the network and can reveal the name of a company, making it easier for a hacker to target attacks. But the technique, also known as 'wardriving', can be easily defended, said ethical hacker Chris McNab, now a consultant at security company Matta. "Security should be as strong as it is for wired networks and dial-up access connections," he said. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Universal Inkjet Refill Kit $29.95 Refill any ink cartridge for less! Includes black and color ink. http://us.click.yahoo.com/E11sED/MkNDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST