Tim Newsham
Encyclopedia
Tim Newsham is a computer security
professional. He has been influencing and contributing to the security community for more than a decade. He has performed ground-breaking research while working at security companies including @stake
, Guardent, ISS, and Network Associates (originally Secure Networks). Mr. Newsham is best known for co-authoring the paper Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection with Thomas Ptacek, a paper that simultaneously broke every Network Intrusion Detection product on the market and
has been cited by more than 150 academic works on Network Intrusion Detection since.
He is also known for publishing a number of other prominent white papers:
In addition to his research, Mr. Newsham is also known for his pioneering work on several influential security products, including:
The Newsham 21-bit attack is a method used primarily by KisMAC
to brute force WEP keys. It is effective on a variety of routers such as Linksys
, Netgear
, Belkin
, and D-Link
(to name a few), but does not affect Apple
or 3Com
, as they use their own algorithms for generating WEP
keys. Using this method allows for the WEP key to be retrieved in less than a minute. When the WEP keys are generated, they use a text based key that is generated using a 21-bit algorithm instead of the more secure 40-bit encryption algorithm, however the router presents the key to the user as a 40-bit key. This method is 2^19 times faster to brute force than a 40-bit key would be, allowing modern processors to break the encryption at an extremely fast rate.
More information on the Newsham 21-bit attack can be found at kismac-ng.org and projects.cerias.purdue.edu/secprog/class3/7.Wireless.pdf
In 2008, Newsham was awarded a Lifetime Achievement Pwnie award
.
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
professional. He has been influencing and contributing to the security community for more than a decade. He has performed ground-breaking research while working at security companies including @stake
@stake
ATstake, Inc. was a computer security professional services company in Cambridge, Massachusetts, United States. It was founded in 1999 by Battery Ventures and Ted Julian...
, Guardent, ISS, and Network Associates (originally Secure Networks). Mr. Newsham is best known for co-authoring the paper Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection with Thomas Ptacek, a paper that simultaneously broke every Network Intrusion Detection product on the market and
has been cited by more than 150 academic works on Network Intrusion Detection since.
He is also known for publishing a number of other prominent white papers:
- The Problem With Random Increments
- Format String Attacks
- Cracking WEP Keys: Applying Known Techniques to WEP Keys
In addition to his research, Mr. Newsham is also known for his pioneering work on several influential security products, including:
- Internet Security Scanner
- Ballista (Cybercop) Scanner
- The software that would later drive VeracodeVeracodeVeracode is a Burlington, Massachusetts-based application security company offering a cloud-based platform for application risk management. Veracode was founded in 2006 by a team of application security practitioners from @stake, Guardent, Symantec, and VeriSign to provide an automated third party...
WEP Security
He is believed to have discovered, or partially discovered the Newsham 21-bit WEP attack.The Newsham 21-bit attack is a method used primarily by KisMAC
KisMAC
KisMAC is a wireless network discovery tool for Mac OS X. It has a wide range of features, similar to those of Kismet...
to brute force WEP keys. It is effective on a variety of routers such as Linksys
Linksys
Linksys by Cisco, commonly known as Linksys, is a brand of home and small office networking products now produced by Cisco Systems, though once a separate company founded in 1995 before being acquired by Cisco in 2003...
, Netgear
Netgear
Netgear is a U.S. manufacturer of computer networking equipment and other computer hardware....
, Belkin
Belkin
Belkin International, Inc., is a Californian manufacturer of computer hardware that specializes in connectivity devices, headquartered in Playa Vista, Los Angeles, California...
, and D-Link
D-Link
D-Link Corporation was founded in June 1986 in Taipei as Datex Systems Inc. It began as a network adapter vendor and has gone on to become a designer, developer, and manufacturer of networking solutions for both the consumer and business markets.In 2007, it was the leading networking company in...
(to name a few), but does not affect Apple
Apple
The apple is the pomaceous fruit of the apple tree, species Malus domestica in the rose family . It is one of the most widely cultivated tree fruits, and the most widely known of the many members of genus Malus that are used by humans. Apple grow on small, deciduous trees that blossom in the spring...
or 3Com
3Com
3Com was a pioneering digital electronics manufacturer best known for its computer network infrastructure products. The company was co-founded in 1979 by Robert Metcalfe, Howard Charney, Bruce Borden, and Greg Shaw...
, as they use their own algorithms for generating WEP
WEP
WEP may stand for:* Wired Equivalent Privacy, a deprecated wireless network security standard. Sometimes erroneously called "Wireless Encryption Protocol".* War emergency power, for fighter aircraft...
keys. Using this method allows for the WEP key to be retrieved in less than a minute. When the WEP keys are generated, they use a text based key that is generated using a 21-bit algorithm instead of the more secure 40-bit encryption algorithm, however the router presents the key to the user as a 40-bit key. This method is 2^19 times faster to brute force than a 40-bit key would be, allowing modern processors to break the encryption at an extremely fast rate.
More information on the Newsham 21-bit attack can be found at kismac-ng.org and projects.cerias.purdue.edu/secprog/class3/7.Wireless.pdf
In 2008, Newsham was awarded a Lifetime Achievement Pwnie award
Pwnie award
The Pwnie Awards recognize both extreme excellence and incompetence in the field of information security. Winners are selected by a committee of security industry luminaries from nominations collected from the information security community...
.