AirTight Finds Good News and Bad News for Wireless Security Best Practices at RSA 2008

Key Findings Reveal WPA Usage Very High, Viral SSID Infection Also Very Prevalent and a Potential Honeypot

San Francisco, CA - April 9, 2008 - At RSA 2008, AirTight^® Networks, the global leader for wireless vulnerability management, today issued the findings from its wireless vulnerability assessment of the airspace at the event. 

The good news is that AirTight security researchers found the use of WPA and WPAv2 encryption much higher (50%) than AirTight has found in its scans of other venues, such as airports worldwide. The bad news is that the percentage of viral SSID infection is higher than what AirTight found in its recently released airport studies – close to fifteen percent.

“RSA is one of the largest gatherings of security professional in the world so it is surprising to still find these professionals are not following best practices for wireless connectivity” said David King, chairman and CEO of AirTight. “It appears more than one or two out of ten attendees is infected by viral Wi-Fi SSID which is alarming.”

AirTight also noted that the conference has an official WiFi site called “rsa2008peap” but researchers spotted another unofficial site called “FREE-RSA-WIFI”, which is a potential Honeypot that could be luring attendees to it.

AirTight security researchers found attendees:

• Are infected with viral SSIDs (10% to 15%) and spreading them to others.
• Are using APs with out-of-the-box default configuration at either home or work.
• Are not cleaning up profiles after using hotspot Wi-Fi networks
• Are unknowingly leaking their identity

The top ten active ad-hoc viral infections observed at RSA on the first day of the event were:

• Free Public WiFi
• Hpsetup
• Guest Internet Access
• Free Internet Access
• fwf60b-public
• Hotel WIFI
• Internet Oasis (FREE)
• US Airways Free WiFi
• Wireless Network
• BelleAire

In its continuing series of studies, AirTight has set out to understand the risks to business travelers and their corporate networks of data leakage. Specifically at RSA, AirTight wanted to assess the wireless vulnerability exposure of Wi-Fi users at RSA 2008 and to assess adoption of wireless security best practices by this sophisticalted group of conference attendees.

How the study was conducted
AirTight performed ongoing scans of Wi-Fi signals throughout the day at randomly selected locations in and around the RSA (exhibition floor and convention center). The total number of APs found was 92 and 441 Clients.

If you would like to speak to an AirTight security researcher, please contact Della Lowe at 650-934-8191 (office) or 650-868-5829 (mobile).

About AirTight Networks
AirTight Networks is the global leader in wireless security and compliance solutions. AirTight's patented technology protects enterprises from the growing problem of Wi-Fi security threats, while allowing organizations to better manage their WLAN environment and comply with emerging wireless compliance standards (i.e. PCI). The Company's award-winning SpectraGuard wireless intrusion prevention solution (WIPS) family provides enterprise security and compliance professionals with unparalleled capabilities to accurately detect, classify, block and locate all Wi-Fi security threats, while helping network operations staff to quickly monitor and troubleshoot WLAN performance issues. AirTight's pioneering Cloud Services family of cloud-hosted subscription services delivers the world's first and only "No Capex" multitenant WIPS, PCI wireless compliance and controller-less WLAN access solutions all in a single device.

AirTight's award-winning solutions are used by customers globally in the government, financial, retail, hospitality, telecom, technology, manufacturing, transportation, healthcare and education sectors AirTight owns the seminal patents for wireless intrusion prevention technology with 23 U.S. and international patents granted to date (UK, Australia Japan) and more than 20 additional patents pending. AirTight Networks is a privately held company based in Mountain View, CA.

Media Contacts:
Della Lowe
AirTight Networks
Tel: +1 (650) 934 8191
della.lowe@airtightnetworks.com