With growing numbers using wi-fi in their homes, Paul Rubens looks at how good security is on these networks.

In less than two minutes hackers can defeat the security measures protecting many home wireless internet connections.

Defeating these measures could let them capture passwords, steal confidential information or download illegal pornographic material using the connection.

Many home internet users rely on an encryption system called Wireless Equivalent Protection (WEP) to stop others using their wi-fi link, even though WEP has long been known to be flawed.

"Breaking in to a WEP protected network is now very easy to do," said Erik Tews, an internet security researcher.

"Doing it in 60 seconds is realistic, or five minutes in the very worst case. We think now that WEP is really dead and we recommend that no-one should use it."

In its place he recommends an encryption system called Wi-fi Protected Access (WPA), introduced four years ago to replace WEP. "We have had a very close look at WPA and we can't find anything to exploit," he said.
Full Story...

PASADENA, Calif. — No one in the evening crowd at a Starbucks here knew Humphrey Cheung. But Cheung, working on his laptop, knew things about them.

Several tables away was a guy sitting alone with his own laptop.

“He's starting a business,” Cheung said.
And the young couple in the far corner?

“They're getting married,” he confided.

Cheung isn't psychic. He had hacked into the coffee shop's wireless Internet connection on his Toshiba laptop. It took about five minutes to do so, using free software available online.

Public Wi-Fi, or “wireless fidelity,” is very handy for perusing the Internet away from the office or home. Just remember that you may have company while surfing.

Once hooked into the system, Cheung was able to monitor the online activity of other laptops in the shop. Luckily for the people around him, he wasn't snooping for any reason except to make a point: As wireless hot spots proliferate, the tools for secretly monitoring these Internet connections are becoming more sophisticated.

“When people are on a public wireless connection, they have the same expectations about privacy as when they are on the Internet at home,” said Cheung, 32, a computer security expert and an editor for TG Daily, a technology news Web site.

“But it doesn't work that way. Someone could be listening in.”
Full Story...
---

The next time you splurge on a double latte and sip it while browsing the Internet via the cafe's Wi-Fi, beware of the "evil twin."

That's the term for a Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up by a hacker to eavesdrop on wireless communications among Internet surfers.

With the growth in wireless networks, the "evil twin" type of attack is on the rise, said Phil Cracknell, president of the U.K. branch of the Information Systems Security Association. Such attacks are much easier than others seeking logins or passwords, such as phishing, which involves setting up a fraudulent Web site and luring people there, Cracknell said.

The hacker's computer can be configured to pass the person through to the legitimate access point while monitoring the traffic of the victim. Several free programs available on the Internet can decode packets to reveal clear-text logins and passwords.

Consumers can protect themselves at least one way: be wary of free hotspots. Many airports and cafes charge for access, so a free hot spot could be designed to ensnare potential victims. Also, the attack has been used in hotels, with the "evil twin" actually coming from a nearby hacker guest.
Full Story...
---
Bob Randall's RV Buyer's Survival Guide The #1 Rated Guide For RV Buyers - Over 10,000 Copies Sold Since 2001. Before you take that critical first step in buying any RV, you must read this guide. Written by a "RV Industry Insider", you'll learn the secrets to making the perfect selection while saving more money than you ever dreamed possible. Click Here!

Subscribers to Time Warner Cable Inc.'s cable modem service in the U.S. can now share their broadband Internet connection with others through Fon Technology SL, which provides a special public/private router.

Fon's La Fonera router lets broadband users in homes and small businesses operate an internal Wi-Fi network that is secure and another one that is open. Users can choose how much of their broadband capacity is dedicated to their own use and how much is available to the public. Anyone who uses the router to share access at home can use other La Fonera routers when they are away from home. Other people, called "aliens," can pay US$3 per day for access. Business users can choose another plan in which they get a portion of that $3 per day fee instead of getting free access on the road.

Time Warner Cable will share in the fees aliens pay, but also believes it will benefit because Fon makes broadband more attractive because more consumers would sign up for broadband if they knew they could take advantage of it on the road.
Full Story...
---

AUSTIN, April 16 /PRNewswire/ -- The Wi-Fi Alliance has taken the guesswork out of buying Wi-Fi gear with a free white paper and new product search capabilities on its Web site, http://www.wi-fi.org/.

The paper targets retailers interested in learning more about the benefits of Wi-Fi CERTIFIED products, which include lower return rates and fewer tech support calls. In addition, the improved online search tool for Wi-Fi CERTIFIED product information helps consumers research Wi-Fi products before they head to the retail store or Web site.

The white paper, entitled "Wi-Fi CERTIFIED Makes it Wi-Fi: What Retailers and Consumers Need to Know," provides easy-to-use information about Wi-Fi technology and the certification programs in place to support it. Retailers who offer Wi-Fi CERTIFIED products can be confident that their customers are taking home products that have been thoroughly tested for interoperability with other Wi-Fi CERTIFIED gear, and that those products will provide the very best user experience.

The new product search tool and white paper are available at http://www.wi-fi.org/.

April 16, 2007 (Computerworld) -- McDonald’s best-kept secret may be that it offers free Wi-Fi with every meal. More than 8,000 of its restaurants provide high-speed wireless service to customers. The fast food giant has yet to fully promote the perk, but it has already attracted one group: Gamers using Nintendo DS systems currently account for 25% of the Wi-Fi traffic in its restaurants.

Although Wi-Fi attracts customers, that’s not why McDonald’s put it in. “It gives us a platform to use wireless applications within the restaurant,” says David Grooms, vice president of IT at McDonald’s USA.

For example, handheld devices are used for order-taking and inventory management. But since McDonald’s has opened up access to draw in more customers, “getting the word out that we are a secured wireless haven is really big for us this year,” Grooms says.
Full Story...
---
Get Mark Polk's Class A Motorhome 101 RV DVD All of Mark's DVD's offer practical information and he has one for every RV type. Find all the RV Education 101 DVDs here.

An ISP - Internet Service Provider - is a company that provides a gateway to the Internet for individuals and companies. In its simplest form, connecting to the Internet requires a telephone line to dial up an ISP using a computer and modem. The ISP then provides the route onto the Internet.

Choosing an Internet Service Provider requires a simple first step. Ask yourself: "What do I want to use the Internet for?" If you can answer this, you can then start to work out your requirements.

Answers to the question "What do I want to use the Internet for?" can include:

* How much will I use the Internet each month?
* What time of day will I use it?
* Do I need web space?
* Is customer support important to me?
* How many e-mail addresses will I need?
* Can the ISP support online payments?
* How much does it cost?

Another question to ask is “How long has the ISP been in business?”
Full Story...

Apr. 8 - The first Internet cars are beginning to appear on Bay Area roads: Min- vans with Web video playing in the back seat, and SUVs sharing traffic advice with each other. Your car could have its own email address. The Information Highway is merging onto the real highway.

In the trunk is a wireless modem made by startup company AutoNet, an Internet Service Provider for cars. Kids in the back seat can watch video streaming from back home, no DVD required.

Sterling Pratz/AutoNet: "We found that people get tired of watching the same DVD over and over. What they want is full Internet access in the car."

Autonet Mobile is a Wireless Internet Service designed to maintain seamless connectivity within the car. Our service turns the car into a WiFi hotspot, allowing multiple people to connect their own WiFi enabled computers to the internet.

The system operates over both 3G and 2.5G (EVDO, 1xRTT) cellular Data networks. Simply plug the in-car router into your cigarette car lighter, connect your WiFi device(s) and surf the net.

The Autonet Mobile In-Car Router retails for $399 with a monthly subscription of $49.95 for unlimited data.
More Info...

Devicescape Software today announced that it has added support for Mac OS X. With Devicescape, Mac laptop users can now automatically connect to any Wi-Fi hotspots and municipal networks without having to click through log in screens or re-enter user names and passwords.

"We're continuing to deliver on our promise to provide effortless Wi-Fi connections from any device," said Dave Fraser, CEO of Devicescape. "Our Devicescape service is the perfect complement to Apple’s philosophy of simplicity, ease of use and always putting the needs of the consumer first. Now with Devicescape on your Mac laptop, getting connected at hotspots and on municipal networks is simply automatic. It can't get any easier than that."

The Devicescape software for Mac OS X is available as a download from the Devicescape website at: www.devicescape.com. The software and the service are currently free. Once the software is installed, the user simply sets up an account and enters their user names and passwords for any network subscriptions they own. Users can also opt to accept access to free networks. In addition, if a users’ favorite network isn't among the hundreds of thousands of hotspots that Devicescape already works with, users can request new networks with a simple web-based form. Once set up — connecting to hotspots and Wi-Fi networks is automatic and requires no user interaction.

Currently, Devicescape supports more than 60 public networks including the world's largest commercial carriers such as T-Mobile and British Telecomm Openzone, as well as free and municipal networks such as Google Mountain View, and university networks such as the AirBears Network at UC Berkeley. In addition to Mac OS X, Devicescape's service supports PCs with Microsoft Vista and Windows XP, Windows Mobile 5 Smartphones, the Nokia 770 and N800 Web tablets and the Linksys WIP 300 VoIP phone — with many more planned.

About Devicescape

Headquartered in San Bruno, Calif., the company is privately held and venture-backed by Kleiner Perkins Caufield & Byers, Enterprise Partners Venture Capital, JAFCO Ventures, August Capital and Applied Materials. To learn more, please visit www.devicescape.com

German researchers got into a 'protected' network in 60 seconds

April 04, 2007 (IDG News Service) -- The Wi-Fi security protocol WEP should not be relied on to protect sensitive material, according to three German security researchers who have discovered a faster way to crack it. They plan to demonstrate their findings at a security conference in Hamburg this weekend.

Mathematicians showed as long ago as 2001 that the RC4 key scheduling algorithm underlying the WEP (Wired Equivalent Privacy) protocol was flawed, but attacks on it required the interception of around 4 million packets of data in order to calculate the full WEP security key. Further flaws found in the algorithm have brought the time taken to find the key down to a matter of minutes -- not necessarily fast enough to break into systems that change their security keys every five minutes.

Now it takes just three seconds to extract a 104-bit WEP key from intercepted data using a 1.7-GHz Pentium M processor. The necessary data can be captured in less than a minute, and the attack requires so much less computing power than previous attacks that it could even be performed in real time by someone walking through an office.

Anyone using Wi-Fi to transmit data they want to keep private, whether it's banking details or just e-mail, should consider switching from WEP to a more robust encryption protocol, the researchers said.

"We think this can even be done with some PDAs or mobile phones, if they are equipped with wireless LAN hardware," said Erik Tews, a researcher in the computer science department at Darmstadt University of Technology in Darmstadt, Germany.

Tews, along with colleagues Ralf-Philipp Weinmann and Andrei Pyshkin, published a paper about the attack, showing that their method needs far less data to find a key than previous attacks: Just 40,000 packets are needed for a 50% chance of success and 85,000 packets for a 95% chance, they said.

Although stronger encryption methods have come along since the first flaws in WEP were discovered, the new attack is still relevant, the researchers said. Many networks still rely on WEP for security: 59% of the 15,000 Wi-Fi networks surveyed in a large German city in September 2006 used it, with only 18% using the newer WPA (Wi-Fi Protected Access) protocol to encrypt traffic. A survey of 490 networks in a smaller German city last month found 46% still using WEP and 27% using WPA.

In both surveys, over a fifth of networks used no encryption at all, the researchers said in their paper.

Businesses can still protect their networks from the attack, even if they use old hardware incapable of handling the newer WPA encryption.

For one thing, the researchers said, their attack is active: In order to gather enough of the right kind of data, they send out Address Resolution Protocol requests, prompting computers on the network under attack to reply with unencrypted packets of an easily recognizable length. This should be enough to alert an intrusion-detection system to the attack, they said.

Another way to defeat such attacks, which use statistical techniques to identify a number of possible keys and then select the one most likely to be correct for further analysis, is to hide the real security key in a cloud of dummy ones. That's the approach taken by AirDefense Inc. in its WEP Cloaking product, which was released Monday.

The technique means that businesses can cost-effectively protect networks using old hardware, such as point-of-sale systems, without the need to upgrade every terminal or base station, the company said.

If a network supports WPA encryption, though, users should rely on that instead of WEP to protect private data, Tews said.

"Depending on your skills, it will cost you some minutes to some hours to switch your network to WPA. If it would cost you more than some hours of work if such private data becomes public, then you should not use WEP anymore," he said.