Researchers: Wireless LANs have serious security flaws

Computer scientists at the University of California at Berkeley have sounded new warnings about the vulnerabilities of wireless LANs, saying flaws in a common encryption algorithm pose major security issues. The Internet, Security, Applications, Authentication and Cryptography (ISAAC) research group said in a report posted on the Web that it had “discovered a number of flaws” in the Wired Equivalent Privacy (WEP) 40-bit algorithm used to secure all IEEE 802.11 standard wireless LANs. These flaws, the ISAAC report added, “seriously undermine the security claims of the system.” Wireless LANs have a number of vulnerabilities, the report said, including passive attacks to decrypt traffic based on statistical analysis. WEP also has flaws that make it easier to inject unauthorized traffic from mobile base stations or launch active attacks to decrypt traffic by tricking the access point (the base station), the report said.

Industry officials dismissed the report as old news, adding that the IEEE and manufacturers are already taking steps to beef up security. However, analysts said the ISAAC report is the first to illustrate how easy it is to hack wireless LANs.

JavaScript spy creates an e-mail wiretap

A newly-identified snooping technology allows someone sending an e-mail to see what the recipient wrote when it is forwarded on to another user, an Internet privacy group has announced.

It’s a wiretap and it’s “very illegal and very easy to do,” said Richard Smith, chief technology officer for the Privacy Foundation based in Denver, in a column he wrote for the non-profit educational and research organization. The vulnerability exists in mail that uses HTML. A few lines of JavaScript can be embedded in an e-mail message and allows the recipient’s mail to be returned to the original sender. It only works, however, if the recipient’s e-mail program is set to read JavaScript.

DSL growing despite teething problems

Despite experiencing frequent installation and provisioning problems, users are signing up for DSL services in droves. According to industry consulting firm TeleChoice Inc., there were 2.7 million DSL users at the end of last year in North America.

The report said 700,000 DSL orders were provisioned in the fourth quarter. TeleChoice said that the incumbent local exchange carriers maintain a leadership role with 78 per cent of the market, followed by competitive local exchange carriers with 21 per cent and interexchange carriers with one per cent.