- Get a grip or you don't get the job
- Desktops of the future here today
- Researcher hides IE attack on Web
- Cisco third quarter 2008 channel stuffing
- Sci-Fi's goofiest gadgets and technology
Rss FeedRss Feed
Crackin' the Kraken bot. Listen now!
Wireless dangers at airports. Listen now!
Before now, midsize customers settled for either an expensive and complex array or low cost solution that lacked functionality. Now experience virtual storage with enterprise class functionality at an affordable price.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
HP's Network Lifestyle Management can help you automate network processes and improve NOC efficiency. This webinar is part three of a four part series on Business Services Management (BSM) evolution to help you better align IT with business objectives. Register for this event scheduled for Wednesday, January 30, 2008 at 11:00 a.m. PDT/2:00 p.m. EDT to learn more. Register for this live webcast now.
So the line of defence remains is "PIN NUMBER" Wowww what a strong security ? HSBC , invest some money...- Anonymous
TJX may be in a class all by itself in terms of the number of records compromised in a data breach. But the retailer apparently has plenty of company when it comes to wireless security issues of the sort that led to the compromise it disclosed earlier this year.
A survey of over 3,000 retail stores in several major U.S. cities by wireless security vendor AirDefense reveals that a large number of retailers are failing to take even the most rudimentary steps for protecting customer data from wireless compromises.
Among the biggest issues: weakly protected client devices, wrongly configured wireless access points inside stores, data leakage, poorly named network identifiers, and outdated access-point firmware.
According to AirDefense, about 85% of the 2,500 wireless devices that it discovered in retail stores, such as laptops and barcode scanners, were vulnerable to wireless hacks. Out of the 4,748 access points that were monitored for the survey, about 550 had poorly named SSIDs that could give away the store's identity.
"One thing we did not expect was the large number of point-of-sale devices that looked as if they had been turned on" and left in essentially the configuration in which they arrived at the store, said Richard Rushing, chief security officer at AirDefense . Many of the access IDs that were being used by retailers had names that were dead giveaways, such as 'retail wireless', 'POS Wi-Fi' or 'store number 1234'," Rushing said. "I can guarantee that all of these stores were also using default configurations" on their access points, he said. "You really are knocking at the doors of hackers," with such weak security practices, he said.
About 25% of the access points that were monitored used no encryption at all. In total, of the 3,000 stores monitored, about a quarter of them were still using the Wired Equivalent Privacy (WEP) protocol for encrypting traffic. WEP is considered to be among the weakest of the encryption options available today and was the standard in use by TJX when it was first breached.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
