Cloud & Telecom Security

据computerworld.com报道，下周将在东京召开的PacSec会议上将由Erik Tews演示他是如何破解WPA的。透露的主要破解原理是利用WPA将会自动向下兼容旧客户端，从而通过协商使用TKIP。这时他就有机会使用12-15分钟来破解整个通信的密钥。

所以，专家的推荐是：

-Use only CCMP(AES).
-Disable Negotiations to TKIP from CCMP(AES).
-If you must use TKIP, rekey every 120 seconds.

At Oct. 30, China Telecom, a giant telecom operator of China, host the 6th meeting for its multinational company customer meeting at Nanjing, Jiangsu province, south China. Tens of their MNC customers, including Cisco, Nokia, Ford, Sony and etc. attended the meeting. I joined as well on behalf of Lenovo.

At the meeting, China Telecom introduced its C+W strategy and demonstrate its new product offereing, e.g. global eye service, video conference service, remote training platform and etc.

Read more…

俄国公司ElcomSoft Co. Ltd研究成功使用nVidia视频卡GPU破解WPA/WPA2提速100倍。这个报道引起了很多安全人士的兴趣。

之前，由于WEP的安全问题，很多公司和安全标准都对WiFi网络进行了升级，建议使用WPA/WPA2，包括PCI-DSS。虽然，使用更多的计算资源和定制的优化算法对加密算法破解并不是新闻，可是针对WPA/WPA2的攻击、以及利用较为廉价的图像处理芯片来达成这一目的，相当于使的破解成本答复下降。

这些破解技术的发展使用单纯使用WPA/WPA2也不再是安全的，而是根据安全需要使用更为复杂的密码，或者使用更高级的认证方法.

China has adopted WAPI as its national wireless access standard in 2003, instead of 802.11i, which lead to furious debate at that time. 3 years passed. According to a report by Xinhua agency, the largest mobile operator in China – China Mobile has conducted a security testing to 802.11i and found security vulnerabilities in it.

Test results to date show that the current WLAN technology 802.11i has big security loopholes and is easy to attack, said Ma Benteng, senior engineer with China Mobile.

The Beijing Olympics will be the first to use WLAN in the Games’ history. Journalists would be major users of the networks.

At a meeting held by China Mobile recently, media users were skeptical about the safety of the current WLAN technology.

Results from more than a month of tests carried out by the national safety research center on information project show that 802.11i has serious technological defects and safety risks, said Ma, who is in charge of mobile planning for the 2008 Olympics.

Researchers said that articles on the technological defects of 802.11i were freely available on the internet, as well as tools for exploiting the defects. The internet also provides methods for decoding the technology.

Anybody who can connect to the Internet could download the software and steal private information from others, said Ma.

See the original report…