#CyberSecurityPulse: The Attack Against the WPA2 Encryption that Poses a Threat to Our Wireless Security

Tuesday, October 17, 2017

On October 16, a research has been published about an attack to the current recommended encryption standard for WiFi networks, WPA2. Although the risks to these networks are not new and attacks against WEP or WPA have already proliferated, making these protocols unsafe, the current scheme was considered robust. Until now.

The scope of the attack, proposed by Mathy Vanhoef and Frank Piessens and known as Key Reinstallation Attack (KRACK), exploits a severe weakness that would allow an adversary phisically located in the range of the wireless connection to have access to previously assumed information as safe. Once reviewed the information that has just been released, the consequences are serious if the attack is confirmed and would involve up to 10 different CVE whose content has not been published yet. However, that does not mean that all our connections are affected. The attack affects the WPA2 Wi-Fi networks and the most dangerous scenarios would assume the physical proximity of the attacker to the networks and would always affect the confidentiality of the communications within that WiFi network that would be potentially readable if they did not include another layer of additional encryption as HTTPS does for example. Under certain circumstances, the researchers have also been able to not only decrypt, but also inject packets into the network. In any case, the problem is still serious, because it would be expanding the range of attacks that have traditionally been implemented on public networks to a number of environments that we have assumed to be reliable.

Telefónica and ElevenPaths integrate its digital signature solution and biometric SealSign with Microsoft Azure

Thursday, October 5, 2017

The company presents its latest developments at the 5th Security Innovation Day

  • This integration of the SealSign platform with Microsoft Azure Key Vault, thanks to the Gradiant technology, will provide users with improved storage, scalability and availability with a saving of implementation costs of up to 80%.

  • A large number of Telcos around the world are joining together to tackle cybersecurity threats. This supplements the 2016 collaboration announcements with Fortinet, Symantec, McAfee, Cisco, Check Point Software Technologies, RSA, Microsoft o Palo Alto Networks.

  • Mikko Hyppönen, Chief Research Officer at F-Secure, and creator of various patents such as the US patent 6577920 “computer virus screening”, is the invited star of the event.

  • It is possible to follow the 5th Security Innovation Day via streaming at https://securityinnovationday.elevenpaths.com/streaming.