Well Informed Translates To Greater Awareness

Wireless security and its protocols were strong enough to keep users safe. Recently it has been discovered that a vulnerability exists in the wireless security protocol named WPA2. WPA2 which stands for Wireless Protocol Authentication Version 2 is currently the strongest method of authentication and encryption. The vulnerability can be exploited by a man in the middle attack, which is where a hacker can take over the air transmissions and decrypt the private data, insert their own malicious code as well as compromise other devices.

Another standard, the Advanced Encryption Standard has not been currently broken and is a derived function based on WPA2. Even though it has not been broken the vulnerability can be exploited when any user who is authorized users a common shared key in reverse order, thereby delivering various packets that have been spoofed and encrypted through the shared group key. Since WPA2 utilizes two kinds of keys known as PTK or Pairwise Transient Key, and GTK or Group Temporal Key, The Pairwise Transient Key has the ability to recognize address spoofing and the forgery of data. It is the Group Temporal Key that does not have this ability. This is where the vulnerability lies. Client devices use this particular protocol when they receive broadcast traffic. A hacker could then exploit the group key and develop their own broadcast packet. From here, the client device responds to the MAC address using their private key data.

The original researcher who discovered the vulnerability utilize approximately ten lines of code from software readily available from the Internet as well as a client card to prove the vulnerability concept. Any hacker has the ability to create a denial of service attack, snoop around within the data itself, or create traffic drops. This exploitation can only be performed by users who are authorized on that particular network. Studies continually show the many security breaches occur from the inside and are huge source of business losses in productivity, and comes from either individuals or spies interested in the theft of confidential information to sell or give to competitors, or disgruntled employees.

Right now this exploit is being seen as a zero day exploit that leaves a breach opportunity.

In other areas, the utilization of shortened URLs have increased to the point where it has become a very popular tactic for hackers and cyber criminals to exploit. One company has noticed a year ago, during the second quarter, e-mails only contained a shortened URL with a ratio of one e-mail in every two hundred that were received. Now, this can occur approximately every forty three to forty five days. The company is also noticed close to twelve percent of all spam received was due to the Storm botnet which use shortened URLs. An analyst from MessageLabs, Paul Wood, stated, “In relation to spammers, they are going to use any tactic possible that will make it more difficult to block their e-mails that contain spam.” The spam that contains short URLs has become a favorite tactic because of its ability to defeat reputation filtering. Depending on the popularity of the website, MessageLabs thinks one website can be visited per sixty three thousand to seventy four thousand e-mail messages.

A CISSP boot camp is an excellent environment suitable for learning a great deal of information in a time period of a few days to a couple weeks. Staying on top of current events and remaining aware of the various exploits as well as known fixes and security patches for vulnerabilities should should be a continuing process. A certification training course in the area of information security should also be a necessity of enterprises and other businesses that contain critical information and need to keep their business continuity flowing. The K Alliance training in the area of information security is very comprehensive and explains the various areas of data security including organizational security, network security, security risk management, business continuity and disaster recovery, security rules, policies, and compliance, and more important issues.

About Us: Microsoft Office 2010 and Windows 7 Microsoft's two largest software solutions and Office Training CD provides training for these two applications and many, many more. IT certification training and desktop training courses are also available. Microsoft Excel 2010 training videos help all users understand the advanced concepts and menu options created to help them save time and work efficiently. Office Training CD has a very wide selection of training courses and custom development training courses to satisfy your training requirements.