Wi-Fi security in UK retail environments is improving, but shops remain vulnerable to the sorts of attacks carried out as part of the infamous TJX credit card heist. The cybercrooks, who lifted more than 21 million credit card records, leapfrogged onto the retailer's credit card database after first breaking into the wireless …
"the older, slower 802.11a protocol"?
Older and slower than 802.11g? 802.11a doesn't need to cater for stepping down to slower devices (802.11b).
I'm quite happy with my 802.11a performance!
oh noes how can we defeat this?
use cash - problem solved, also fixed the problem of over spending on credit cards...
802.11a is not slower than g. It is at 5.4Ghz giving it less range but normally better channel availability and may in fact by faster!
The figures seem pointless if they include free public wifi points.
Yes TKIP has been shown to have weaknesses but nothing that useful yet (no key recovery, ARP poison possible, but what are you going to poison it with if you don't have another machine on the network?)
I don't think security by obscurity is going to work for a storefront trying to 'hide' its APs with different names. Most AP's range means that it will truly be obvious.
Ever heard of cable?
Little wonder that CC details are leaking out over radio links.
The credit card companies, who set security policy, as to blame.
They should insist that all credit card transactions be carried over Ethernet cables aince most frequently all transaction terminals are co-located making wiring a minimum difficulty.
Using WiFi for high security applications is foolhardy.
Still not good for one major chain
Not to name a large mobile phone chain who even wasn't aware their entire store network wifi was wide open for people to use for certain sites and as soon as they were informed, they don't seem to have much to secure it all up .
and whats wrong with 802.11a then?
'the older 802.11a'
you mean the one that can also do 54mbits and operates in the far less noisy 5GHz channels
and also leaks less out of your building without having to turn the power down? the one where you can have higher density of APs because of the larger number of channels and doesnt allow some old device to mess up the whole part (look at what a single 802.11b naff host can do do a mixed mode b/g network.
the important part is using AES/CCMP. and even then, using it properly (ie with 802.1X - a RADIUS server dealing with the sessions, key creation and auth/accounting).
companies should (and usually are) be audited. and these days they need to be audited technically too. not just the paper work, H&S etc. shops using naff APs for business purposes should be fined... they can fall back to using cat5e cabling and a dumb switch or 2 - their business can continue then - safely!
Lets face it wifi is crap. It's an arse to secure it is is easily-man-in-the-middled all for the sake of not needing to use a cable. By the time youv've set upo RADUIS added VPN encryption to client server comms locked down the AP by some other IP majic cable seems to be a lot more productive. BTW those lovely wireless POS card terminals you put you precious PIN into to pay for your meal aren't even fliipin encrypted - use cash or credit card.