Our close associate Robert Moskowitz has just released a paper describing a substantial weakness in the new WiFi Protected Access (WPA) interface. As it turns out WPA can fall prey to prying eyes as easily as the now greatly dismissed WEP standard. But this time around, it's not a problem with the algorithm or the key exchange methodology. It all comes down to the password chosen. If you pick a short or predictable passphrase, an attacker could easily conduct a dictionary attack after sniffing key exchanges. Bob's short paper is a heady read but it points out clearly the need to consider the human as well as the machine in constructing a security mechanism.