RSA supplies answer to drive-by hacking?
But devil remains in the detail
RSA has improved the algorithm underpinning the security of wireless networks. This could halt 'drive-by hacking' in its tracks -depending how it is implemented.
The IEEE 802.11 committee has accepted the " Fast Packet Keying" technology, created by RSA Security and networking firm Hifn, as a way of fixing the flawed WEP standard used by 802.11b wireless networking kit.
Tools, such as AirSnort, enable crackers to deduce WEP keys, because the keys used for different packets are too similar, not because the algorithm is too weak. Fast Packet Keying addresses this problem but not some wider issues.
It's not clear when wireless LAN vendors will make available Fast Packet Keying as either a software or firmware patch.
Gunter Ollman, principal consultant at security tools vendors ISS, said: "From what we can tell this is a better way of generating keys, and if implemented correctly it'll be a lot more secure."
Ollman expressed concern that not enough attention has been paid to interoperability - so the improved version of WEP will only work if organisations purchase and use equipment from the same vendor. This may be used to lock users into contracts with only a particular vendor, he added.
For now, the orthodox advice from security consultants is to avoid WEP and instead to plug 802.11b wireless LANs into an organisation's VPN infrastructure. This
custom is more honoured in the breach than its observance. ®