SOURCE: Network Chemistry

March 06, 2006 08:00 ET

Wireless Vulnerabilities and Exploits Database Becomes the Industry Standard for Defining and Cataloguing Wireless Threats

Industry-Driven Initiative Adds Key Members to Its Editorial Board and Has Been Used Nearly a Quarter-of-a-Million Times Since Launch

REDWOOD CITY, CA -- (MARKET WIRE) -- March 6, 2006 -- Network Chemistry, the wireless security experts, announced today that in the first three months since its launch the Wireless Vulnerabilities and Exploits (WVE) database (www.wirelessve.org) has been used by over 230,000 visitors and is providing significant insights into emerging new threats. The fact that the database is now widely used is reflected by the more than 20 new entries that have been added since the beginning of the year and the articles that have been published referencing it as a source. For the first time, members of the general technical community can determine the exact nature of the vulnerabilities they face and use a standard nomenclature for describing those threats.

The industry initiative is managed on a day-to-day basis by a group of prominent wireless and security experts who make up the Editorial Board. This group has recently been expanded to broaden the scope of expertise and to include thought leaders from various companies and disciplines. New board members include:

--  Scott Haugdahl: CTO of WildPackets, Inc., and a network-analysis
    industry expert who authored the book "Network Analysis and
    Troubleshooting"
--  Rodney Thayer: Security analyst, researcher, author, lecturer, and
    Shmoo member
--  Dr. Tim Cranny: Chief architect at Senforce Technologies, specialists
    in the active enforcement of wireless security policies on the endpoint
--  Victor R. Garza: Senior contributing editor, "InfoWorld," and network
    security consultant
    

"WVE is working exactly as everyone had hoped; it has quickly gained a strong following and people are using it to learn more information about emerging wireless security threats," said Dr. Chris Waters, co-founder and chief technology officer at Network Chemistry. "We set out to contribute back to the technical community and provide a needed resource, and the WVE is clearly raising awareness of wireless vulnerabilities and exploits and how to mitigate them."

Insights Into the Emerging Threats to Wireless Networking

Anyone can submit a discovered vulnerability or exploit to the WVE database. The WVE Editorial Board reviews these candidates before they can become an official entry in the database. Now that the database has been operational for over three months and has nearly 100 entries, interesting trends about the nature of wireless threats are emerging. Detailed analysis of the WVE database reveals that the following types of vulnerabilities represent the greatest threats to wireless networking:

--  Product Defects: Vulnerabilities exist in all complex networking
    systems, especially in emerging solutions that support wireless
    communications. This is particularly true for core wireless networking
    infrastructure such as access points (APs) and VoIP phones. The database
    contains a number of product defect entries and the number of these will
    likely increase with the wider deployment of voice over wireless.
    
--  User and Client Behavior: The increased use of wireless-enabled
    devices by business travelers, the growing amount of confidential data
    residing on wireless laptops, and the ease with which users can engage in
    risky behavior are all cause for concern. Because users typically value
    connectivity over security, they may use ad hoc networks. Client software
    is also partially responsible for problems; a recent advisory note from the
    WVE Editorial Board noted that in some configurations a client will connect
    to an ad hoc network with the same service set identification (SSID) as one
    of its preferred networks. In addition, another recently published entry on
    the site described a vulnerability that can enable an attacker to spoof
    wired equivalent privacy (WEP)-encrypted networks that a client has been
    configured to connect to. This combination of behavior and client
    vulnerability is leading the hacking community to focus on attacking
    endpoints rather than on finding more efficient ways to attack 802.11
    itself.
    
--  Advancements in Attacks and Tools: Understanding the tools hackers use
    to penetrate security mechanisms is critical when it comes to designing
    secure wireless networks. The WVE analysis shows hackers are now beginning
    to use more sophisticated techniques such using 'gray' or 'covert' channels
    that make it harder for an intrusion detection system to detect an attack.
    Attackers also are increasingly using offline Rainbow-table-like tools,
    which can reveal passwords quickly, to mount attacks against networks.
    

The WVE database catalogues security threats for products or protocols specifically designed for wireless communications including 802.11, Bluetooth, VoWLAN, RFID, and other emerging wireless standards. The vendor-neutral initiative is sponsored by CWNP, the industry standard for wireless LAN training and certification; the Center for Advanced Defense Studies, a Washington D.C.-based think thank that coordinates and directs research and education in cyber security and information assurance; and Network Chemistry.

About Network Chemistry

Network Chemistry is the industry standard for assuring the security of wireless networks, data, and users. More than 300 of the world's most successful enterprises and demanding government agencies trust Network Chemistry's wireless threat protection solutions to prevent attacks, detect vulnerabilities, intrusions and policy violations, accelerate incident response, and conduct surveys for wireless LAN deployment planning. Network Chemistry has received numerous accolades, including the top score in SC Magazine's "Wireless Security Group Test," as well as its "Global Award," and "5 Star Winner" honors; Network Computing's "Best Value," for two consecutive years; and 802.11 Planet's "Best of Show." The company is headquartered in Redwood City, California. For more information, visit www.networkchemistry.com or call 1-888-952-6477.

All product and company names herein are trademarks of their respective owners.

Contact Information