PCI Council to Merchants: Kiss Your WEP Goodbye
Bill Brenner writes on CSO Online:
The security savvy know WEP is full of holes and shouldn't be used. That's not stopping some merchants from doing just that.More here.
As a result, the PCI Security Standards Council is mandating its eradication in the next two years. The first step toward that is some fresh language on wireless security in the next version of the PCI Data Security Standard (PCI DSS).
The council released a summary [.pdf] of PCI DSS Version 1.2 earlier this week and will officially launch it Oct. 1. Among other things, the council will remove references to WEP security and instead push organizations to use stronger forms of wireless network encryption. New WEP deployments won't be allowed after March 31, 2009, and current implementations must stop using WEP after June 30, 2010.