The protocol widely used to set up VPN tunnels is potentially insecure and work on extending its use should be halted, according to The Internet Engineering Task Force.
Administrative groups within the IETF have put a temporary moratorium on extensions to Internet key exchange (IKE) without saying how long that moratorium should last. The decision rests in part on IKE security flaws identified in a 1999 paper by William Simpson, a consultant with Computer Systems Consulting Services in Madison Heights, Mich. These include the possibility of swamping a server with a flood of requests to initiate security sessions and sending apparently valid packets that propose security associations with the intent of chewing up processing power by having the server calculate unnecessary security keys.
Toshiba to cut memory chip output by 25 percent
In the face of what it describes as a “deepening global downturn” in the semiconductor sector, Toshiba Corp. plans to permanently close by September a memory chip production line at its Yokkaichi plant in western Japan.
The plant has two production lines, which are jointly responsible for a monthly output of 70,000 eight-inch (20-centimeter) wafers per month. Closure of Line 1, which produces DRAM (dynamic random access memory) chips using a 0.2-micron process and SRAM (static random access memory) chips using a 0.4-micron process, will mean an approximate 50 per cent cut in wafer output from Yokkaichi, said Kenichi Sugiyama, a company spokesman.
Security hole exposed in 802.11b wireless LANs
A security weakness in the encryption standard used within IEEE-based wireless LANs has been uncovered.
Three cryptographers have described a practical way of attacking the key scheduling algorithm of the RC4 cipher, in a paper entitled “Weaknesses in the key scheduling algorithm of RC4.” The RC4 cipher forms the basis of the wired equivalent privacy (WEP) encryption that is used in IEEE 802.11b (also known as WiFi) wireless networks. A PostScript file of the document can be found at http://www.crypto.com/papers/others/rc4_ksaproc.ps .