Brute Force in the Cloud
Reuters reports that Thomas Roth, a computer security consultant, has used rented computers for a proof-of-concept brute force attack on wireless networks.
An excerpt:
Thomas Roth, a computer security consultant based in Cologne, Germany, says he can hack into protected networks using specialized software that he has written that runs on Amazon’s cloud-based computers. It tests 400,000 potential passwords per second using Amazon’s high-speed computers.
(snip)
Roth will distribute his software to the public and teach people how to use it later this month at the Black Hat hacking conference in Washington, D.C.
He said he is publicizing his research in a bid to convince skeptical network administrators that a commonly used method for scrambling data that travels across WiFi network passwords is not strong enough to keep crafty intruders from breaking in to networks.
The historical pattern on marketing in the computer industry has been sales first, security as an afterthought. And we are certainly seeing a frantic attempt to market the “cloud” (I have documented my skepticism about “cloud computing elsewhere in these pages). This results in attempts to bandaid security patches onto inherently insecure systems, and the bankaids don’t seem to work too well. Retroactive security is insecurity.
More to the point, individual users need to educate themselves about good security practices and, just as important, about how to avoid false alarms and scams.