Hãy cùng chia sẻ với Ixij

Computers with wireless internet should not be placed on children's laps, says the head of the government's committee on mobile phone safety research.

Prof Challis says children should not use wi-fi laptops on their laps

Professor Lawrie Challis told the Daily Telegraph children using wi-fi networks should be monitored until research into potential health risks is completed.

He says children should keep a safe distance from the embedded antennas.

The Health Protection Agency has said wi-fi devices are of very low power - much lower than mobile phones.

Prof Challis, retired professor of physics at the University of Nottingham, said: "With a desktop computer, the transmitter will be in the tower.

"This might be perhaps 20cms from your leg and the exposure would then be around one per cent of that from a mobile phone.

"However, if you put a laptop straight on your lap and are using wi-fi, you could be around two centimetres from the transmitter, and receiving comparable exposure to that from a mobile phone."

'Bigger problem'

Prof Challis added that children are much more sensitive than adults to dangers such as pollutants like lead and UV radiation.

"So if there should be a problem with mobiles, then it may be a bigger problem for children.

"Since we advise that children should be discouraged from using mobile phones, we should also discourage children from placing their laptop on their lap when they are using wi-fi.

Meanwhile, teachers have called for an investigation into whether there are any health risks from wireless computer networks in schools.

The Professional Association of Teachers union is writing to the education secretary for a clarification on wi-fi safety.

Many primary and secondary schools use wi-fi networks - but the PAT believes there is insufficient long-term evidence to demonstrate whether such networks are safe.

(BBC)

TraceSecurity CTO has demonstrated how ID thieves can imitate Wi-Fi services and lure unsuspecting consumers into an ID theft nightmare. During today's broadcast of NBC's TODAY show, Jim Stickley demonstrated how Wi-Fi at a hotel can present the perfect bait for ID thieves. The purpose of the segment was to demonstrate how an ID thief could offer their own Wi-Fi service from within a hotel and lure unsuspecting guests into using their Wi-Fi service. Once the guest logged onto the ID thief's Wi-Fi service, the thief would be able to gain access to the guest's laptop, Internet communications as well as their company's network if they were trying to gain access to it.

"Wi-Fi connections are just another sweet spot for ID thieves to exploit and gain access to personally identifiable information, or worse yet, access to a company's network should the individual try to use Wi-Fi to gain that access," said Jim Stickley, CTO and co-founder of TraceSecurity. "Identity theft and cyber spying scams are becoming too commonplace during our lifetime, so it's important to remind the public just how guarded they need to be when it comes to protecting not only their personal information but also their employer's data, too."

To watch the ongoing series on identity theft and cyber spying scams, as seen on NBC's Today Show, please visit NBC's TODAY show site. To watch the Wi-Fi segment on today's broadcast, please click on the screen "Dangers of wi-fi" at the following URL: http://today.msnbc.msn.com/id/3032633.

German researchers got into a 'protected' network in 60 seconds

April 04, 2007 (IDG News Service) -- The Wi-Fi security protocol WEP should not be relied on to protect sensitive material, according to three German security researchers who have discovered a faster way to crack it. They plan to demonstrate their findings at a security conference in Hamburg this weekend.

Mathematicians showed as long ago as 2001 that the RC4 key scheduling algorithm underlying the WEP (Wired Equivalent Privacy) protocol was flawed, but attacks on it required the interception of around 4 million packets of data in order to calculate the full WEP security key. Further flaws found in the algorithm have brought the time taken to find the key down to a matter of minutes -- not necessarily fast enough to break into systems that change their security keys every five minutes.

Now it takes just three seconds to extract a 104-bit WEP key from intercepted data using a 1.7-GHz Pentium M processor. The necessary data can be captured in less than a minute, and the attack requires so much less computing power than previous attacks that it could even be performed in real time by someone walking through an office.

Anyone using Wi-Fi to transmit data they want to keep private, whether it's banking details or just e-mail, should consider switching from WEP to a more robust encryption protocol, the researchers said.

"We think this can even be done with some PDAs or mobile phones, if they are equipped with wireless LAN hardware," said Erik Tews, a researcher in the computer science department at Darmstadt University of Technology in Darmstadt, Germany.

Tews, along with colleagues Ralf-Philipp Weinmann and Andrei Pyshkin, published a paper about the attack, showing that their method needs far less data to find a key than previous attacks: Just 40,000 packets are needed for a 50% chance of success and 85,000 packets for a 95% chance, they said.

Although stronger encryption methods have come along since the first flaws in WEP were discovered, the new attack is still relevant, the researchers said. Many networks still rely on WEP for security: 59% of the 15,000 Wi-Fi networks surveyed in a large German city in September 2006 used it, with only 18% using the newer WPA (Wi-Fi Protected Access) protocol to encrypt traffic. A survey of 490 networks in a smaller German city last month found 46% still using WEP and 27% using WPA.

In both surveys, over a fifth of networks used no encryption at all, the researchers said in their paper.

Businesses can still protect their networks from the attack, even if they use old hardware incapable of handling the newer WPA encryption.

For one thing, the researchers said, their attack is active: In order to gather enough of the right kind of data, they send out Address Resolution Protocol requests, prompting computers on the network under attack to reply with unencrypted packets of an easily recognizable length. This should be enough to alert an intrusion-detection system to the attack, they said.

Another way to defeat such attacks, which use statistical techniques to identify a number of possible keys and then select the one most likely to be correct for further analysis, is to hide the real security key in a cloud of dummy ones. That's the approach taken by AirDefense Inc. in its WEP Cloaking product, which was released Monday.

The technique means that businesses can cost-effectively protect networks using old hardware, such as point-of-sale systems, without the need to upgrade every terminal or base station, the company said.

If a network supports WPA encryption, though, users should rely on that instead of WEP to protect private data, Tews said.

"Depending on your skills, it will cost you some minutes to some hours to switch your network to WPA. If it would cost you more than some hours of work if such private data becomes public, then you should not use WEP anymore," he said.