I’m going to try something fun this year. I’m going to republish all of the classic holiday songs to align with the security industry 🙂

Here is the first one…

Oh Firewall (sung to the tune of Oh Christmas Tree)

Oh firewall, oh firewall, your blinking lights protect me
Oh firewall, oh firewall, your blinking lights protect me
Each day you bring me such delight, safety in the dead of night
Oh firewall, oh firewall, your blinking lights protect me

Oh firewall, oh firewall, perimeter protector
Oh firewall, oh firewall, perimeter protector
Your rules are just, in line with policy and won’t be changed because you fuss
Oh firewall, oh firewall, perimeter protector

Each day you bring me such delight, safety in the dead of night
Oh firewall, oh firewall, your blinking lights protect me

According to several sources, security researchers Erik Tews and Martin Beck have found a way to break the Temporal Key Integrity Protocol (TKIP) key used by WPA. Cracking the TKIP key was never thought to be an impossible feat and it was previously thought that the angle of attack would be via a massive dictionary attack over an extended period of time.

Tews and Beck, however, did not use a dictionary attack to crack TKIP. According to Dragos Ruiu (via this Network World article), the organizer of the PacSec conference where Tews plans on discussing the crack, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a “mathematical breakthrough,” that lets them crack WPA much more quickly than any previous attempt.

And how long did it take Tews and Beck….12 to 15 minutes.

Beck, creator of the Aircrack security tool, has also added the ability to exploit this weakness over the past two weeks. Note, this attack only impacts WPA and not WPA2, which is still deemed “safe”. Over the past few years people who were using WEP, which was determined to be an unsafe and easy to crack protocol, were advised to switch over to WPA due to prevent an attack of this magnitude. Now many enterprise customers will be left scratching their heads and wondering how long it will be until they have to switch to something other than WPA2…and at what cost.

This month The Academy thought that it would be fun to partner up with Hackers for Charity in order to raise money for the people of Uganda. The Academy has offered to donate $1 to Hackers for Charity for every user that registers for a free account at www.theacademy.ca in the month of November. Please let your friends know about this and blog about it. Anything you can do to spread the word would be greatly appreciated. Let’s try to make a substantial donation to charity this month. Thanks everybody!