Wireless Security Portal Opens
The company claims that the wireless vulnerabilities and exploits (WVE)database is the first of its kind. The initiative is backed by wireless LAN training and certification firm CWNP and the The Center for Advanced Defense Studies think tank.
Although most of the widely-reported security flaws in enterprise wireless currently involve WiFi, the WVE database is going to cover a far wider array of protocols, including 802.11, Bluetooth, 3G cellular technology, WiMax and RFID technology.
"Enterprise wireless is more than just wireless LAN," explains Robert Markovich, president and CEO of Network Chemistry, explaining that as the use of wireless devices grows in the corporate world there will be many more "back doors" into company networks.
Potential threats and exploits can be reported here. Submissions are considered by the site's editorial board, which is comprised of Devin Akin the CTO of CWNP; cyber security expert Newton Howard; Mike Kershaw, author of the Kismet WiFi sniffing tool; Andrew Lockhart, lead security analyst at Network Chemistry; Lisa Phifer, vice president of consulting firm Core Competence Inc. and wireless security researcher Joshua Wright.
Long-time readers will remember Mr. Wright, who caused quite a stir at an Unstrung conference in 2003 with his "asleap" tool, which exposed vulnerabilities in Cisco Systems Inc.'s (Nasdaq: CSCO) proprietary Lightweight Extensible Authentication Protocol (LEAP) wireless LAN security mechanism. (See Look Before You LEAP.)
The site is already populated with around 60 vulnerabilities and exploits, mainly focused on 802.11 and Bluetooth. If nothing else WVE could prove to be a rich source of vaguely amusing names with entries such as the "Car Whisperer" and the "BlueFart" already on the site.
— Dan Jones, Site Editor, Unstrung