Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Technology

Promiscuity And Wireless LANs 183

VB writes: "I saw this article at ZDNet "cleverly" entitled Hackers poised to land at wireless AirPort. We've probably all seen this coming, but, I'd be curious to see what people think about the possibility of securing a network that sends data through the air. What about promiscuous mode devices within range of transmitters, or satellite communications?"
This discussion has been archived. No new comments can be posted.

Promiscuity and Wireless LANs

Comments Filter:
  • This is really the same problem as always: if you set the LAN up correctly it is pretty secure, but out of the box it isn't. The cheap 802.11 Frequency Hopping stuff is easy to monitor - strong signal strength, known hop sequences etc, but if you use 128 bit WEP, Access Control Lists and encryption over IP (IPsec or others) then you are not too open. Go to 802.11b Direct Sequence and unless you have the correct chipping set, you can often find the signal is at a lower level than ambient RF noise, which adds to the intruders problems

    Anyone who allows broadcast ESS ID's or unknown MAC addresses into their network is just asking for trouble. That is like allowing an intruder to patch straight into your hub!

    Follow the instructions and you make the hackers task harder - never impossible - but make it too annoying or too time-consuming and they will go on to easier targets.


    Frog51
  • The problem, as the article seems to say, is that the people who developed the standard left the crypto people out of the process. That seems to me to have been a pretty stupid decision.

    As an aside, taking a cab through New York with an iPaq and a Wavelan card, it's pretty amazing how many 802.11 LANs you'll pick up (I counted 6 in 40 blocks). I assume I was only getting the unencrypted ones, but if it is really easy to crack the WEP protected ones, this standard is probably going to disappear fast from business use. Or something.

  • Having alarms go off when someone is plugged into an unathorized jack is nice. But what is to prevent someone from splicing the uplink, adding a tap, and just SNIFFING the traffic that goes by for that segment? Unless you do quite a bit of work, Nothing.

    In most places, wiring closets are HORRIDLY laid out. An extra device can easily be hidden, especually if it all the device is doing is sniffing.
  • If someone steals your car and then uses it in a robbery, it's still likely that you will not be charged with that robbery. If someone gais access to your network at home and starts attacking government sites, then it's hard to say what would happen.
  • If only I had a neighbor with more mp3's.

    Rader

  • Yeah, right. IR has a limit of 20 feet, and not Every laptop has one. AirPort 802.11b is advertised as 11Mbps, though I get a little less than 10BaseT performance
  • No, they are sniffing the wireless. The traffic is encrypted (maybe), but if you are a legit user you have the keys. So, just run tcpdump / ethereal / etc. when the card is up and running. Voila, full packet dump. That's one reason why the WEP isn't providing much in the way of security. It just tries to make the wireless equivalent to a shared ethernet. Just like everybody connected to the same hub as you can sniff your traffic, everybody on the same wireless LAN can sniff your traffic.
  • Why not email everyone a copy of everyone's salary while you're at it :!

    Rader

  • So what's new here? You should always assume your packets are being sniffed, regardless if you're behind a firewall or not. Use ssh, ssl, or ipsec for everything. You'd be a fool not to. The extra layer of encryption provided by WEP is a nice frosting, but it ain't the cake.

  • Why not email everyone a copy of everyone's salary while you're at it

    Actually, if this is a public school, that's already public information anyway.

    --

  • Yeah, but you can only turn off the encryption link at the base station.
  • It's not that easy, especially if WEP is employed. Combine this with a decent VPN encryption algorithm and you have pretty decent effective security--especially if your name is Joe Schmoe. Who really wants to break into your dialup network when there are much better and softer targets out there? What's more, if you're using your network primarily to access the internet, the threat from the internet is far greater than the threat from the wireless side. If you think any and all encryption that can be employed on a wireless setup is "worthless", then the internet should be similarly worthless.

    Also, if your name is Joe Schmoe, I suspect the physical security of your person, your home, your car, and other personal property is of greater concern, yet I doubt you expend the same amount of paranoic energy at them.
  • Apple is responsible for getting USB and firewore off the ground.

    USB became a hit as soon as the iMac shipped, with only USB as its connections. With encougagement to developers, USB became extremely popular becuase people could produce cross-platform peripherals.

    Apple has invested heavily in Firewire, making sure more peripherals like hard drives worked with it.
  • A few corrections.

    Number one is correct. This is the hardest part of getting WEP to work, and also the biggest vulnerability (social engineering of the WEP keys)

    On two, you should read the referenced article. All of the weaknesses they discovered are independant of the size of the encryption key. They are just as valid for 1024 bit keys as 8 bit keys. The main problems are the too small (24-bit) IV which results in a high rate of reuse of keying material, and the poor choice of a checksum method which allows an eavesdropper to change arbitrary bits in a packet and update the CRC without knowing they WEP key. Had the vendors doing 128-bit WEP gone to a 64/64 split between key and IV it would have been a big improvement. Instead, they split it 104/24 providing no increase in security over the 40/24 split for many attacks.

    I'm not sure what you are talking about in three. 802.11 specifies two authentication algorithms. One is a crude "open" method which allows any client to "authenticate". The other is "shared key" which is based on a simple challenge-response using WEP key #1. At no point is DNS involved. In fact, 802.11b has no dependance on any portion of the TCP/IP protocols. It may be that your vendor has included their own authentication on top of 802.11, but if so it has nothing to do with WEP.
  • This is the biggie - the WEP authentication protocol relies on DNS

    Can you explain this further? I was unaware of any dependency between 802.11b and DNS, and I certainly didn't have to make any DNS changes to get my setup working - including full encryption. Is this an optional part, perhaps related only to the key-distribution you give as concern #1?

  • Bluetooth is vaporware. It's not going to happen.
  • Surely authentication and encryption are built into any wireless networking technology worth it's salt. Encryption is obviously needed to stop anyone from listening in, and authentication is needed to stop anyone from logging onto the network. Something as simple as SSL with some use management would do the trick. An example being that each client card would have an keypair, and you would teach the network to accept each client card just the same way that you can teach car alarms to accept different remotes. Simple really, not much more to say on the topic.
  • by Anonymous Coward
    The wireless groups in austrilia have been discussing, ppoe ,vpns, and ssh encrypted ppp connections. the general consenses is that the ssh path would be too slow. likewise most any addititional encryption would slow the network. the wireless cards already use encryption, but it seems to be useless if someone else has a wireless ethernet card. kinda redundant
  • Just use encryption - IPSec is ideal for this sort of thing, or PGPnet. It's either that or change your working methods.


    Frog51
  • Sad but true, the actual transmitters themselves can do a lot to prevent un-authorized access. Spread spectrum, especially when combined with synchronised frequency hopping is brutally effective at stopping people "listening in". The US armed forces have been useing the technologies for years. Seems a shame that with so many "off the shelf" components that could implement this technology, large manufacturers are still going for unsecure links.
  • by segmond ( 34052 ) on Monday February 05, 2001 @05:05AM (#456460)
    This problem will never go away unless new security related technologys are shown to the crypto and security community for peer review before deployment. This is why I respected the recording industry when they asked for SDMI to be tested.

  • The gold cards aren't strictly WEP -- they use 128-bit RC4.
  • Can I ask you which dept you're referring to? Because I've never heard of OSU doing anything remotely similar to this :P
  • Comment removed based on user account deletion
  • What the hell did I do to piss you off, buddy?
  • They frequently imply that they log all activity, and then refer back to it if they catch you in a violation. In any case, all our traffic goes out the T1, so they can watch it themselves exceedingly easily, without bothering to use sniffing on the wireless part of the network.

    --
  • by Salamander ( 33735 ) <jeff.pl@atyp@us> on Monday February 05, 2001 @11:05AM (#456466) Homepage Journal

    Ho hum. Not a single argument that was not completely predictable. Oh well, guess I'll have to restate the obvious for your benefit.

    Thus we have total expected storage requirements of ~45 GB, and a total running time of 400 hours to decrypt all future traffic on the network

    That's a non-trivial effort. Do you think the average script kiddie is going to take their wireless-equipped laptop, with 45GB worth of storage, and go sit within range of the target network for 400 hours, and then apply all the compute power to crack the keys? Dream on. Yes, some people can do this, but those are specialized organizations devoted to this kind of task - not random script kiddies.

    Do you understand the term "script kiddie" at all?

    Yes, I do, thanks very much for asking. Do you? One of the things about script kiddies that you seem to have missed is that the programs they like to use are relatively easy to write and don't care very much about the exact flavor of the underlying hardware. The "confusing the firmware" exploit we're talking about would have to be repeated for every hardware/firmware combination, and would not be at all easy to write. Half of this hardware doesn't even work on Linux due to lack of driver support. Do you really think more skill and effort will be applied to "confusing the firmware" than has been to unconfusing it and getting it to work? Again, dream on.

    Of course, you're right that all it takes is one person to write the program and thousands to use it, but it might still take a while before that one person gets done. With a responsible approach to security, it might have taken them long enough that the vendors would already have plugged the holes by the time the exploit code was ready.

    Your hope that equipment manufacturers address this problem is probably misgiven

    That's your opinion. Please back it up.

    Do you really think it's that hard for vendors to incorporate a 4096-bit cryptographically secure certificate into the firmware image, such that the card will refuse to operate if the certificate is invalid? Think again. I've worked on firmware, and this is the easiest thing in the world for them. Lots of cards have to decompress their firmware as part of the bootstrap procedure anyway; once you're decompressing, it's trivial to add validation. There is no need for the "hardcoded drivers" (what an absurd concept) or other strawmen you suggest.

    However, I do know that if this protocol was indeed opened up to peer review as you seem to suggest (without any evidence)

    It's an IEEE standard, moron. Do you know what that means? The IEEE goes to extraordinary lengths to solicit and incorporate input from interested parties, many of whom I'm sure are pretty well qualified in their fields. We're not talking about some obscure closed trade group here. IEEE standards are in many ways more open than the not-really-standards of open source. Without IEEE standards we probably wouldn't be talking. How do you think your packets get to slashdot? In large part you owe thanks to IEEE for that.

    It's your claim, that the process was somehow not open, that is absurd and that requires proof. Get to it.

    Frankly, I can't believe that any serious peer review wouldn't flag the problems....

    You just don't know anything about peer review, do you? How many of these sorts of activities have you participated in? The fact is that when you're dealing with complex new technology people sometimes make mistakes. Sometimes the mistakes are real howlers in retrospect. That's life. How many problems do you suppose these guys anticipated and dealt with that you would have flubbed if you'd been in their place? It's really easy to jeer from the peanut gallery, with full benefit of hindsight, but really people who do that are just being pricks.

    • The right thing to do would have been to alert the equipment manufacturers, discreetly, and let them decide how they want to alert their customers
    This is so beyond ludicrous I'm not even going to touch it.

    No, really, try to give us a responsible rebuttal, instead of trying to substitute sneering for reasoning. Try, anyway. What you dismissed so flippantly is actually a very hot issue among security professionals: who gets to find out first?

    Now, I knew when I suggested it that the "tell the vendors" approach wouldn't be very popular here on ScriptKiddieDot, but that doesn't make it a troll (and neither does calling it one). It's worth considering how this audience differs from the Real World. For one, the attitude here is "openness at all costs". There's no room allowed for discretion or careful handling of delicate issues. No, I'm not talking about "security through obscurity" because that never works. What I'm talking about is giving the vendors a reasonable timeframe in which to fix problems before letting every black hat in the world have the info. Let's face it, for every white hat on this site there are probably a hundred black hats, and I doubt that there's a single person involved in this discussion in a position to do good rather than harm with this information. How do you think it benefits anyone but the script kiddies to publicize this problem in this fashion? It doesn't help the problems get fixed any faster, it just maximizes the damage that gets done before the problem is fixed. Screw your "information wants to be free" dogma, and think about social implications for once.

    In case you missed it the first time, and the second time, let me repeat a third time: I agree that there's cause for concern in this. Nobody's disputing that. What pisses me off is that people are trying to enhance their own images by panicmongering. The actual security threat here has not been shown to be effectively distinguishable from zero, and yet these people are acting like any semi-literate cracker might already have everyone's credit card numbers. Believe me, we're all threatened much more by existing security problems in the wired network than by any implications of these findings. If there's one thing that's obvious from all this, it's that the biggest security problem is people not even using the security facilities available to them.

  • Back when I went to MPA, we didn't have fancy things like laptops. We had insecure windows 95 machines with censorware in the library and we liked it. Some of the more wealthy students like to play golf on their personal laptops during study hall, but I rarely saw them used otherwise.

    I remember very little else except that certain US students had to battle to keep the Mac lab open after school. That's quite a cooked agreement you have to sign to use their laptops, though. If you're ever downtown St. Paul and need wireless access, my network's available. Keep up the good fight.
  • Have you read this paper? It's whole thrust is that your point #2 is false. Moreover, it only mentions DNS once in passing as an example of a type of packet an attacker might want to modify. At no point does it state or imply that WEP in any way involves DNS.
  • by Yoshi Have Big Tail ( 312184 ) on Monday February 05, 2001 @04:40AM (#456469)
    Promiscuous devices sending matter flying through the air?

    Are you sure this is suitable for a family website?

  • You can solve that problem by physically and configuration-wise securing your switches (you do use switches, right? :-) so that each switch port will only talk to the ethernet address that's assigned to that machine. Of course, the hacker can add a hub and just passively listen, but at least they only get traffic from/to that one machine... better hope it's not your router :-)

    On the other hand, it's been said too many times to count that if you don't have physical security, you don't have any!

    Robert
  • It's less than 20 ft to the ceiling in most cafes, and I bet that more laptops have IR than 802.11. Mind you, then I'd have to sit wiht the laptop perched at an awkward angle so that the ceiling-mounted sensor could see it... but still, that strikes me as a nice Q-n-D solution.

    I've been meaning to get our local CCS dept to wire up the local cafe, as a promotional stunt to attract good students, but of course, I haven't bothered actually telling anyone about my plans -- I'm still at the thinking loudly stage.
  • The solution is to use all switched ports and lock down the ports to specific MAC addresses. That should solve most of your problems in this area. You could also just walk the switches looking for new addresses everyday.
  • by Anonymous Coward
    My company did an extensive study of WLAN products, and Nokia was the only one that passed our security tests. They created a product in conjunction with the WLAN called the Public Access Zone Controller (AZC). The AZC prevents unauthorized access, not based on MAC, but by username/password (or SecurID), and incorporates VPN for encryption on top of WEP.

    What was really interesting, was the fact that Nokia put a smart card slot on the WLAN card. As far as I know, no other vendor has done so.

    ^Air^Head^
  • guess you can't spoof a MAC address, can you?

    Yes, you can. Trivially. Often you don't even need special tools, it's right there in the driver config.

    Other people have suggested approaches for preventing this problem, most of a preventive nature. If you want more of a "honeypot" kind of solution that lets you catch a spy, here's an idea. Leave the device in place. Filter out all actual IP traffic going through it, and set up alarms to go off when someone makes a link-level connection. With the right equipment you can pinpoint their exact location when the alarm goes off, but even if you don't do that at least you get a chance to look around for people who seem to be in places they shouldn't.

    It's not totally foolproof. In particular, it's possible to do truly passive listening that wouldn't get detected, but if you're dealing with someone that sophisticated I doubt you're looking for tips on Slashdot. ;-) Most off-the-shelf access points won't send out any signal at all when they have zero link-level connections, so that's the dead giveaway.

  • what bar is this...?
  • by peccary ( 161168 ) on Monday February 05, 2001 @04:44AM (#456477)
    with implementations available for linux, bsd, and win2k, is the answer. More information can be found with a google search. [google.com]
  • by arivanov ( 12034 ) on Monday February 05, 2001 @07:03AM (#456478) Homepage

    No it is not. The dynamic key infrastructure and the stack itself are not 100% stable yet. The reason is that due to various vendor intrigues the highly efficient mechanism for dynamic key management initially implemented in early 2.x OpenBSDs (firefly) was replaced by the current one. The PKI for the current one is horrible and noone besides OpenBSD and a handfull of commercial products implements the entire thing. For example linux does not.

    Of course, for a house network you can use static keys. But if you are down to static keys something more simple like cipe or windows PPTP services will do the job anyway. Also in the former (cipe) case you can use blowfish which means much lower overhead.

  • If you don't mind a bit smaller screen and using WinCE, the Intermec 6651 [intermec.com] is a great terminal. It has a fully rotatable touch screen, as well as a bonus of having an integrated digital camera in the hinge area. The quality of the camera is not the greatest in the world, but for an integrated camera in a light-weight mobile device, I'm happy with it. You can find more information on www.mobileplanet.com by doing a seach for 6651.

    It will faithfully do 802.11b wireless and works great around the house, also works great for taking with me to class for taking notes. And with the touch screen and included software, you can even do diagrams!

    If you want more info about it, take off the fuzzy rabit slippers and e-mail me.


    --Josh

    In the words of Homer Simpson... "Mmmmm... beer."
  • i imagine that it'd actually be harder to copy a signal in the air than one over a network.
  • by kerrbear ( 163235 ) on Monday February 05, 2001 @05:08AM (#456481)
    One day someone figured out that packet sniffers can be used on the network to see other people's POPmail passwords and AIM conversations, as well as whatever websites they are at. It is genuinely disturbing. However, I am terrified of telling our administration about this because of a kill-the-messenger syndrome.

    Why not just send the message anonymously via the administrations' own mail accounts? That would get their attention.

  • 802.11 already uses spread-spectrum technology. I believe that for 2Mbps 802.11 it's "frequency hopping" SS, and for 11Mbps 802.11b it's "direct sequence" SS. No, I don't really know the difference. What's important is that these attacks are apparently possible despite the use of spread-spectrum technology.

  • wow, you have really got to be a dedicated gek to take your laptop with you when you are taking a leek. Kinda brings to mind an image of someone at a urinal trying to prop thier laptop up with one hand while aiming with the other.
  • Now, I'm as all for Privacy (please note the A.A. Miline-style caps), but the fact of the matter is that anyone who sniffs my packets, and most other people's, is going to get a big fat lot of nothing interesting. The level of security I need differs depending on what I'm doing. If I'm talking to my mom about how her dog had to have hip surgery, I'll use my cordless phone. If I'm plotting assassinations, I use a landline with scramblers on both ends.
    Sometimes, for convenience, I'm willing to sacrifice a little bit of privacy (letting everyone see my /. posts and searches for 'porn' on MSNBC). All things being equal, I'd take security over not, but hey, life is full of little disapointments.
    As an aside, I assume that stuff like SSL will still work on this wireless network, so if the packet is sniffed they'll get garbage... Anyone know different?

    Brant
    Brant
  • by the_tsi ( 19767 ) on Monday February 05, 2001 @05:14AM (#456485)
    Visit the isp-wireless mailing list and associated archives at http://isp-lists.isp-planet.com/isp-wireless/
    .

    These guys eat and breathe this stuff 24/7... they have to. And they love to share knowledge.

    -Chris
    ...More Powerful than Otto Preminger...
  • The threat is more than you think. I worked for a big networking company (they should know better) whose internal network was completely firewalled from the Internet (they did a very good job in this area) However, they were falling over themselves to get wireless installed and guess where it went first? That's right - the executive suites tied right into the internal LAN. The execs HAD to have their laptops connected. We used high gain antennas to ensure the R&D building was completely covered. Anyone who parked near the building and intercepted an SSID or had the knowledge to hack in could have walked away with their email, passwords, you name it. I honestly don't think WEP was enabled because it was still 'in development' and we were waiting for firmware releases. But they wouldn't let us wait. I hear that the 2nd generation deployment is a little more secure, but you are kidding yourself if you think this was an isolated incident. The potential for commercial spying is huge since wireless (like all the other gizmos) hit the executives first. And those of you talking about limited range - not quite. I use 802.11 to share my pipe with the inlaws next door. Next door is about 500 feet away through the woods. But the signal strength is great and I'm just using the std antennas, not a high gain patch. So it goes farther than you think outside, even when it seems like its really weak inside at short distances.

    Don't get me wrong - I love 802.11b and use it all the time. But I use WEP and my access points are on an isolated LAN tied to an IPSec box which allows me to get to my internal firewalled LAN. Sure, throughput is an issue, but in those cases, I get my ass off the couch and sit at my desktop! :)

  • I was only replying to the parent post. He described putting up a packet sniffer and the way he described it, it didn't sound like he was using the methods described in the paper to crack WEP. It sounded more like they were sniffing packets that had already come back to transmission over wire.
  • well that is the way it is in dreese labs. i know the OSU open source club was working on the beowulf cluster and someone plugged in an ethernet card and an alarm went off or something.
  • Having to wear a spacesuit for kernel hacking on an iBook while sitting on the pot will bring you to total geekness!

    How do you s*** through the suit while you're on the pot? Oh, I guess that explains the total geekness....

  • Canada, Eh?

    I betcha you never watched Southpark. Otherwise you wouldn't have considered Canada. They make perfectly good trashcans there!

  • I first heard about the Stockholm situation (which I'm certain is no different from that of NYC, London, Paris (if you read French :-), &c.) from this copy [counterpane.com] of Bruce Schneier's Crypto-gram newsletter [counterpane.com]. It's near the bottom---search for ``anecdote''.

    Makes me wish I had a WaveLAN...

  • Well... this study has blown apart RC4 encryption used in 802.11b devices, and it just so happends the 128bit devices use RC4, it doesn't matter how secure the encryption is... if the devices do not exchange keys securely.
  • by Anonymous Coward on Monday February 05, 2001 @07:21AM (#456500)
    Last weekend I was in Boston and it was hard to find a place where I didn't have access to someone's wireless network. Just drove around the back bay and at stop lights would check out my laptop. Most of the time I had a usable signal (typically 20% strength, 90% quality according to the software that came with my card). And I never had to do anything- no trying to find the SSID, no hacking WEP keys, it just worked.

    The coolest part is, each time I was on someone's LAN, on the fun side of their firewall. Joy.
  • Starbucks are also going to roll it out in the UK as well, just a bit delayed.

    802.11 is more popular (by numbers anyway) in the UK at the moment, as it has some nice peculiarities which allow very dense Access Point packing and higher range - great for use in stores and warehouses like Tesco, Sainsbury etc, but 802.11b has more potential bandwidth-wise.

    Once we get onto the 25Ghz band and transmitting at 50Mbit/s the price of the lower spec kit will be easily within reach of the home user (it almost is now - I have a wireless network in my house:) but we'll always be behind the US as we are limited to 100mW so we need more AP's for the same area. Of course we won't get our brains fried as fast!


    Frog51
  • "I'd be curious to see what people think about the possibility of securing a network that sends data through the air."

    For one, you could try a lead-coated bunker so that even Superman and the MPAA won't be able to tap into your precious air waves.

    After that, if you're scared about air contamination (all that data has to run through it, no?) you can try accomplishing a complete vacuum ; the NASA has some big pumps for lease.

    Having to wear a spacesuit for kernel hacking on an iBook while sitting on the pot will bring you to total geekness!

    /max
  • by nosilA ( 8112 ) on Monday February 05, 2001 @05:20AM (#456507)
    There are 3 major problems with WEP (which stands for "Wired Equivalanet Privacy," BTW. I will list them in order of increasing severity.

    1) Key distribution. If you aren't the only person on the network, getting the key out to other people is a non-trivial task and can be the weakest link.

    2) 40-bit - the standard WEP keysize is completely insufficient and can be cracked in relatively no time. 128bit versions of the hardware are available, however, so this is an improvement.

    3) This is the biggie - the WEP authentication protocol relies on DNS and is therefore prone to massive man-in-the-middle attacks. There is a paper by Jesse Walker called "Wireless LANs Unsafe at Any Key Size; and analysis of the WEP encapsulation" that I encourage everyone to read.

    WEP is especially dangerous because it establishes a false sense of security that cause people to be more willing to send sensitive data over the network. You still need to use some other encryption method on to of WEP - even at best it gives the privacy of a standard ethernet LAN.

    Other technologies are under development to improve the state of wireless security, such as the IEEE 802.11 Task Group E, which is trying to develop an authentication scheme suitable for 802.11 wireless networks, or the IEEE 802.1x protocol which will do similar things at a more generic level.

    There is no existing good solution to the wireless problem (PPPoE hacks aside).

    -Alison
  • This [yahoo.com] Flawhoo story points to www.isaac.cs.berkeley.edu [berkeley.edu]. Where they have appearanlty contrived a way/used the 802.11 standards to sniff on a 802.11 network. Pretty neat schtuff for all you NetworkAdmins who have put that into place already. no we can 0Wn3 j00.
  • Could you give references for any papers offering cryptanalysis of any version of the WEP protocol?

    I'd also be curious to know more about your participation in the cryptographic community that you refer to - maybe we've met and I don't know it?
    --
  • I'd also be curious to know more about your participation in the cryptographic community that you refer to

    I never claimed to be involved personally in the cryptographic community, nor do any of my comments depend on such a claim. Please take ad hominem attacks elsewhere.

  • However, I am terrified of telling our administration about this because of a kill-the-messenger syndrome.

    I found the staff e-mail index at your school's web site and sent them a link to the article. I explained that it wasn't really you that was afraid to let them know about this, but really it was someone who had stolen your password and wanted to make you look bad.

    Dave

  • Computers don't hide in the wall as easy due to size, ventillation issues, noise, vulnerability to dust, etc.

    I can build a PC to do the job that's the size of a rubik's cube; Or I can use an off-the-shelf libretto. One would need an additional filter to solve the dust problem, assuming the machine has active cooling, which is not a safe bet at all.

    Real taps leave evidence behind, fingerprints, DNS, etc. And of course, someone has to "plug in" from time to time to collect their spoils. Wireless just makes all the more harder to detect.

    1. Ever heard of latex gloves?
    2. The machine is on the network anyway. You can always have it send any interesting-looking data to you though a form submission.
    There are strict regulations of the production, sale, and use of "spy devices". These cover telephone taps, hidden cameras, etc. Should computer networks not also be included in this?

    A telephone tap is depressingly easy to make in your home. A "hidden camera" is regulated, but a CCD camera which is about 3cm long and is on a PC board approximately 3cm square is not controlled, and can be hidden in all sorts of interesting devices, like smoke detectors. So, no. This is a networking device. People who don't set up their network for security are bound to be in trouble. If you have a switch (If you're too small to have a switched network, no one cares about your data) with any intelligence at all, you can limit the mac addresses which can live on it; Or in some cases, the IP addresses. True, macs can be changed, but this allows some reasonable security.

    And making crypto work invisibly across Windows, Macs, Linux, etc. is just impossible. There needs to be some controllable space that is considered "secure".

    Most companies will only have to care about crypto between windows and windows. Some will have to care about windows to unix. More than that will probably be more concerned about unix to unix. Very few will be worried about encryption to their macs, since most shops use macs to feed their artists. WindowsWindows and UnixUnix encryption isn't so tough. WindowsUnix is fairly doable. Anything else is just icing.


    --

  • At Ohio State University, if you plug a computer into an ethernet port and they havent autorized that port to be used, an alarm goes off, you get no network connectivity, and you get located fast. They did this for the exact reason you are talking about, so nobody could bug the network by plugging in to an ethernet port in some back closet where nobody would notice.

    Pretty good system if you ask me, although I couldn't explain exactly how it works.
  • From your earlier response
    You just don't know anything about peer review, do you? How many of these sorts of activities have you participated in?
    Ian Goldberg is just one of the best crypto-hackers out there: I can't think of anyone else who combines his level of original contribution to cryptographic theory with such prodigious creation of useful free software for crypto purposes. I suspect that if he's complaining of insufficient access to the standards process for cryptanalytic purposes, he does so with good reason.
    --
  • That won't help. FHSS does prevent those who don't know the next frequency from listening. However every device on your network knows the next frequency and the time to change to it. So you shift to an appearently random different frequency, but at the same moment so does the guy listening. The army uses FHSS with an algorithm that we don't know, thus we can't know the next frequency to shift to or when to shift. We could figgure out what frequ7encies they are using and record all, if the data is worth it we might be able to put it togather, but that is a hard task. (Potentially NP)

    The difference between FHSS and DSSS is DS hops at a known time to the next frequency in order, while FH hops to the next frequency in what appears to be random order. 802.11 defines that either can be used. FH is cheaper to impliment, but it turns out that more companies worked in DS (which is accually inferior except the FCC allows it to transmit data faster) and compititon drove the price down.

  • What's with the GIGANTIC Oracle ad? I honestly couldn't read the frigging article, the ad flashed so much. Banner ads are okay, but not animated GIF's in the MIDDLE of the article...
  • by frog51 ( 51816 ) on Monday February 05, 2001 @05:41AM (#456535) Homepage Journal
    Frequency hopping is basically like an ordinary radio transmitter which is tuned to a different frequency every 100ms or whatever your rate is. The signal strength on each frequency is max, and if you know the hop sequence, you can follow the signal.

    Direct Sequence does not hop!! It takes the input signal and combines it with a long chipping sequence in such a way that what was a peak at one frequency becomes a very low broad signal. The military like this because you can get the whole signal to lie at a lower level than rf noise - making it an absolute bugger to find, let alone read. The radio for these is much more expensive but the price is coming down.

    Most of the major manufacturers sell both kinds - Symbol and Cisco being the two top brands. Symbol's kit is rebadged by people like 3Com, and Cisco bought Aironet or Telxon, before Symbol bought Telxon. Lucent do quite a good 11Mbit/s Point to Point link as well.


    Frog51
  • Bluetooth has been hyped for over 2 years now. There are *101* products listed there. The bulk of them are chipsets and "development" stuff, and many of the products listed there are variations of the same product or chipset from the same company. Even if you expand the search you still get a ratio of ~80% "develop tools/chipsets/IP stacks", ~10% real stuff (ooooh, a Bluetooth cellphone headset) and ~10% vapor products, or manufacturers like Sony listing 28 variations of the same laptop that (supposedly) has Bluetooth. Great, you can use the Bluetooth headset to talk to your overpriced Vaio laptop. There are very few real true things that you're going to find on the shelves of BestBuy/CompUSA/Frys, etc.
  • for a access point an IV is likely to get reused

    Hm. Looked fine in preview, but something seems to've been lost. What I meant to say was "for a totally saturated access point".

  • The next big thing in firewalling is going to be insulating your entire building with aluminum foil so no radio signals get outside :)

    Next thing you know cisco will be buying Reynolds (makers of reynolds wrap aluminum foil) to encorporate the new high tech, high security technology the food storage company has been developing. Buy stock.
  • Ian Goldberg is just one of the best crypto-hackers out there...if he's complaining of insufficient access to the standards process for cryptanalytic purposes, he does so with good reason.

    CDNF. The man may be technically brilliant, and I'll gladly take your word for that, but brilliance does not imply that he lacks baser motivations such as publicity-seeking or hope for profit as the new CTO of a security-related company. His comments on this particular matter were and are irresponsible, regardless of anything else he has ever done.

  • troll? Would someone point out exactly why that would be considered a troll? The examples given are factual (if dumbed down) representations of both protocols... moderators who have no knowledge of the subject matter should refrain from moderating examples of protocol down.

    ---
  • "IV" is "initialization vector" and is the same as what is elsewhere called a "salt". The IV is 24 bits; in a previous paragraph the authors had calculated that for a access point an IV is likely to get reused after about five hours. From this we're apparently supposed to conclude that it's a trivial matter to store every packet until an IV collision occurs, and then use the contents of both packets to recover plaintext. They even seem to be aware that two packets often won't be enough, but fail to mention that you need to save and search another five hours' worth of peak-bandwidth traffic to get anywhere in that case.

    Well, assuming the numbers they do (i.e. 1500 byte packets), it takes only 11 Mbps * 18000 seconds = 198 Gb = 24.75 GB of storage space to get a collision in a worst case scenario. But more important, there's no reason to save everything as you go along.

    Instead, you just do something like the following. Assume it takes 10 IV collisions to be reasonably assured of computing plaintexts by statistical analysis (this may be generous, considering the redundancies in most of the packets--TCP headers, easily guessed content, etc.). Then you can just build a table for the IV space one portion at a time: say one-eighth at a time. In other words, first you just store all the packets with IVs in the range 0-1x2^22 until you can statistically analyse them and build an IV->cipherstream table for all those IVs. Assuming 10 messages for each IV, this takes about 31 GB. When you're done with that, throw out all those old packets and start on IV range 1-2x2^22, and so on. As they pointed out in their summary [berkeley.edu], it only takes 15 GB to store the entire IV->cipherstream table. Thus we have total expected storage requirements of ~45 GB, and a total running time of 400 hours to decrypt all future traffic on the network. Moreover, we can start decrypting all the packets with IVs we've already "solved" as soon as we solve them.

    This is entirely feasible, but it isn't even the half of it. As they suggest, a much better solution to this problem is to use an active, chosen plaintext attack. That is, the attacker can send a known packet from the outside to a machine on the wireless network; the network will encrypt the packet and send it to that machine, along with its IV in plaintext. The attacker merely needs to intercept that packet (a problem, of course, is knowing which packet it is, although this is solvable with unusual choice of destination machine, etc.) and suddenly he has solved that IV, with no statistical analysis necessary. With this method, we only need 15 GB of storage space (for the table) and enough time to send messages which will be encrypting with every different IV. The latter requirement is going to take a real long time, of course, but as a way to attack, say, 95% of the IVs this is very efficient.

    we have been able to successfully intercept WEP-encrypted transmissions by changing the configuration of the drivers. We were able to confuse the firmware enough that the ciphertext (encrypted form) of unrecognized packets was returned to us

    I would say that this is likely to be well beyond the capabilities of most script kiddies, and is probably pretty easy for 802.11b equipment vendors to address.

    Do you understand the term "script kiddie" at all?? The point of a script kiddie is that he doesn't have to know how to write modified drivers, only how to download them and install them. Hence "script"; they're running someone else's program. And in any case, modifying drivers and even modifying hardware ought not to be beyond the skills or resources of lots of corporate espionage outfits.

    Your hope that equipment manufacturers address this problem is probably misgiven; doing so would seem to require them to replace software drivers with hardcoded ones, or at least insert another layer of encryption both inside the hardware and in their drivrs. I submit that both possibilities are very unlikely, and that in any case anyone with deep pockets can build their own 2.4 GHz reciever without too much trouble.

    Yeah, like there have never been any problems discovered in crypto products from the self-appointed experts. Uh huh.

    Of course there have been, though rarely such softball errors as these. The recently reported vulnerability with the extra decryption keys in PGP, while quite significant, was an implementation error, not an error in the spec itself. And the vulnerabilities found in crypto protocols by the real experts tend to be rather esoteric and impractical ones, and then mainly on entirely new ciphers, not on a spec for piecing together old ones.

    In any case, the point is that they are (ideally) found *before* any products using the protocol are put into place. It's called "peer review", perhaps you've heard of it.

    ."During the design process, the crypto community wasn't invited to participate," says Goldberg, now chief scientist at Zero Knowledge Systems Inc., a privacy-software firm in Montreal.

    That's a pretty inflammatory statement, and apparently not far from being an outright lie. It was irresponsible (or possibly venal) of Ian Goldberg to make such a statement, and doubly so for WSJ's Jared Sandberg. As I said before, there is a matter for serious concern here, but the scaremongering from these people is not helping.

    I don't know the history here, so I can't comment. However, I do know that if this protocol was indeed opened up to peer review as you seem to suggest (without any evidence), then something went horribly wrong; for some reason, either everyone missed these rather obvious flaws, or, more likely, no one showed up to review it. The point is, offering something for "peer review" and then assuming it's secure after no one shows up to review it is obviously not good practice. Frankly, I can't believe that any serious peer review wouldn't flag the problems inherent in using RC4 with a linear checksum algorithm, or with layering an encryption scheme on such a tiny (24 bit!) IV space.

    The right thing to do would have been to alert the equipment manufacturers, discreetly, and let them decide how they want to alert their customers.

    This is so beyond ludicrous I'm not even going to touch it. The rest of your post seems to indicate that you're not a troll, but this makes one wonder.
  • The article says WEP can be cracked.
  • by photozz ( 168291 ) <photozz&gmail,com> on Monday February 05, 2001 @05:29AM (#456560) Homepage
    "What about promiscuous mode devices within range of transmitters, or satellite communications?"

    Sounds like my last experiance at a bar........

  • Simple, I have an Airport connected to a linksys in my house. I simply enable a closed network, so you can't pick up the airport without knowing the exact IP address.

    Plus, Apple runs 40-bit encryption for their Airport. Not only that, I setup the base station so it blocks out clients that aren't on my MAC address "allow"list.

    Pretty much, I feel safe, both at home and over then net, becuause I run Appletalk, which doesn't go beyond the router to the cable modem.

  • by Salamander ( 33735 ) <jeff.pl@atyp@us> on Monday February 05, 2001 @05:30AM (#456563) Homepage Journal

    I took another look at the link to the paper [berkeley.edu] provided in cid #13 (thanks!) and here are some observations.

    The first attack follows directly from the above observation. A passive eavesdropper can intercept all wireless traffic, until an IV collision occurs.

    "IV" is "initialization vector" and is the same as what is elsewhere called a "salt". The IV is 24 bits; in a previous paragraph the authors had calculated that for a access point an IV is likely to get reused after about five hours. From this we're apparently supposed to conclude that it's a trivial matter to store every packet until an IV collision occurs, and then use the contents of both packets to recover plaintext. They even seem to be aware that two packets often won't be enough, but fail to mention that you need to save and search another five hours' worth of peak-bandwidth traffic to get anywhere in that case.

    To be fair, they do point out a pretty serious flaw in a particular implementation of 802.11b, specifically Lucent's, which sets the IV to zero when the card is initialized and merely increments it for each packet. That does indeed make life way too easy for crackers.

    we have been able to successfully intercept WEP-encrypted transmissions by changing the configuration of the drivers. We were able to confuse the firmware enough that the ciphertext (encrypted form) of unrecognized packets was returned to us

    I would say that this is likely to be well beyond the capabilities of most script kiddies, and is probably pretty easy for 802.11b equipment vendors to address.

    Many 802.11 products come with programmable firmware, which can be reverse-engineered and modified to provide the ability to inject traffic to attackers. Granted, such reverse-engineering is a significant time investment (we have not done this ourselves)

    Damn right they haven't. Writing drivers is enough of a pain when the hardware engineer is sitting right next to you. It's harder when you have no access to hardware docs, and harder still when the hardware vendor might actively be attempting to thwart your efforts.

    The real problem is not in the paper itself, though, but in the way it was reported. Consider this conclusion, from the paper:

    The protocol's problems is a result of misunderstanding of some cryptographic primitives and therefore combining them in insecure ways. These attacks point to the improtance of inviting public review from people with expertise in cryptographic protocol design; had this been done, the problems stated here would have surely been avoided.

    Yeah, like there have never been any problems discovered in crypto products from the self-appointed experts. Uh huh. But I'll let that slide. Now, for contrast, here's an excerpt from the ZDnet article:

    ."During the design process, the crypto community wasn't invited to participate," says Goldberg, now chief scientist at Zero Knowledge Systems Inc., a privacy-software firm in Montreal.

    That's a pretty inflammatory statement, and apparently not far from being an outright lie. It was irresponsible (or possibly venal) of Ian Goldberg to make such a statement, and doubly so for WSJ's Jared Sandberg. As I said before, there is a matter for serious concern here, but the scaremongering from these people is not helping. The right thing to do would have been to alert the equipment manufacturers, discreetly, and let them decide how they want to alert their customers.

  • Okay, the only place I could find a soft copy of this is a zip of a word document - sorry, but here's the link [ieee.org]
    -Alison
  • by 11thangel ( 103409 ) on Monday February 05, 2001 @04:46AM (#456573) Homepage
    A wireless lan can be tapped by anyone with a radio and some electronics skills. The only way to secure it is with encryption. But of course, as we saw with ssh, even encrypted protocols arent totally secure. Wireless lans would probably be useful, but for a security minded user, they are completely useless. Of course, that won't stop high sales from people who just don't care about people downloading whatever they happen to be saying on IRC, but i'll be sticking with ugly wires for now =)
  • by ckd ( 72611 ) on Monday February 05, 2001 @04:46AM (#456574) Homepage

    Some information about their analysis [berkeley.edu] is available.

    Personally, I wasn't counting on WEP anyway, which is why I didn't bother buying the Lucent Gold cards. I just wish IPsec were more common, so that I wouldn't have to tunnel quite so much through ssh.

    Of course, then there are unencrypted wireless networks like the ones at USENIX. Dug Song's presentation on dsniff [monkey.org] was a big hit; look for the "Passwords Found on a Wireless Network" paper. (PostScript only, sorry.)

  • by enrico_suave ( 179651 ) on Monday February 05, 2001 @04:49AM (#456578) Homepage
    Hepa filters for wireless network traffic...

    *Shrug*

    E.
    www.randomdrivel.com [randomdrivel.com] -- All that is NOT fit to link to
  • USB was held up because it was too OS dependant, and Microsoft didn't release good drivers until Windows '98. Back in '95/96 there were already USB devices ready and waiting for drivers.

    IEEE1394 is and was in use in commercial A/V equipment before it came down to the end-user level, so it had a chance to build an installed base, but most people just weren't aware of this.

    USB and '1394 also solved different problems, they were ways to move lots of data over a copper wire, cheaply and effectively. There *was* no other easy solution before they came along.

    Bluetooth isn't solving any problems that aren't already solved by 802.11b. Bluetooth isn't cheaper, it isn't faster, it isn't more secure, it doesn't have a better featureset. Bluetooth is just using short-range RF in a different way. 802.11b cards could easily do what bluetooth claims to do, and they could do it today. With a bit o' engineering the 802.11b cards also have a very low power subchannel, so that they would only talk to devices very close to themselves. By using 802.11b to replace Bluetooth, current RF-to-Ethernet bridges could also enable your cellphone to surf the 'net (or make IP calls) for free inside of a building, by gatewaying to the LAN, etc, etc, etc.

    We really only need 1 multipurpose RF network, and my bet says that it ain't gonna be Bluetooth.

  • These sort of things are best not fought openly. Instead, dual boot. Should there be a suprise inspection, accidentally turn off your laptop and reboot into your clean setup.

    Someone once pointed out that while insubbordination and incompetence are about equally effective, one is much harder to prove than the other.
  • by Joel Rowbottom ( 89350 ) on Monday February 05, 2001 @04:50AM (#456582) Homepage
    You'd be surprised the fun which goes on at conferences such as RIPE and IETF when WaveLAN virgins get onto the network and realise it isn't secure.

    You might have heard of a guy called Randy Bush, whose favourite party trick at such events is to sniff the WaveLAN, and email out to captured POP3 usernames their own password with the message 'Be careful with radio!'. It's not even a switched network as a default install.

    Setting up some sort of VPN using PoPToP isn't a bad idea in such cases, although WaveLAN does have some security built into it. Personally I use the Buffalo Technology kit which seems to work for 'doze, BSD and Linux.

    I've heard rumours that if you wander through Stockholm's business district or through the Square Mile in London, if you're in promiscuous mode you can pick up all sorts of transmissions and a large number of DHCP servers offering IPs to anyone who gets the ESS ID right.

    Hope this helps someone. Just be careful out there ;)

  • I was going to suggest that somebody do somehting with that IR port that every laptop seems to have. They do 2Mbs, right? should be enough for casual web surfing.

  • by Anonymous Coward on Monday February 05, 2001 @05:34AM (#456590)
    One day, while tracing a network cable, I came across a D-Link 802.11 base station hidden inside the ceiling just above the network wiring closet. No one knews who put it there nor how long it had been there. The mfg date on the device was 1998, so it couldn't have been longer than that, but still...

    This is scary shit.

    It takes 10 seconds to plug one of these into your network and a power outlet and you're instantaneously wide open, without knowing it. And if you've got network outlets all over your building, it's just that much easier for you to be "bugged", especially since network outlets often appear in rooms not considered to need securing, like lobbys and waiting rooms and such.

    If you're a sysadmin in a really large building, can you really know that every RJ45 jack is being used legitimately? If the spy device is listen -> xmit only, and ignores arp requests, it is invisible other than one extra link light among hundreds on the rack or on some distant hub/switch.

  • wow, you have really got to be a dedicated gek to take your laptop with you when you are taking a leek.

    Well, yeah. I am. ;-)

    I guess I could claim that I was testing the transmitter's range or something, but it really was just a "because I can" sort of thing. I don't expect I'll be making a habit of it, though it might be handy next time I get a bad burrito or something and expect an extended bathroom stay.

  • Apple's AirPort traffic is encrypted. So if you're sniffing, you're doing it over copper, not from the airwaves. Granted Apple only uses a 40 bit cipher, but I imagine that its enough to keep even the most brilliant high school geek busy for months. On a side note... Packet sniffers sure are cool aren't they?
  • Why not just send the message anonymously via the administrations' own mail accounts? That would get their attention.

    I'm not sure how much good anonymous email would do. In any case, I would not hack into somebody's email to demonstrate lack of security. That only intensifies the "kill the messenger" problem. I speak from personal experience.

    __________________

  • I have installed many WaveLan radios, and run most of them with encryption. To sniff an encrypted WaveLan network, you'd have to know:

    The frequency

    The "network number"

    The encryption secret

    I haven't heard of ways to arbitrarily break into one of these without some serious and expensive equipment.

    -Omar

  • the wildly popular 802.11b wireless networking technologies

    Is this a true description of WiFi ?

    I'm in the UK, in a real geek environment, and we've only just gone partially wireless. By UK standards, I think we're still ahead of the pack.

    What's it like in the USA ? Are AirPorts really popping up in every Starbucks ?

  • by HongPong ( 226840 ) <hongpong@@@hongpong...com> on Monday February 05, 2001 @04:54AM (#456603) Homepage
    My high school [k12.mn.us] is one of the first in the country to use Apple's AirPort wireless technology in the classroom. We all have Apple iBooks. Everyone uses AOL Instant Messenger in class all day long. :-)

    One day someone figured out that packet sniffers can be used on the network to see other people's POPmail passwords and AIM conversations, as well as whatever websites they are at. It is genuinely disturbing. However, I am terrified of telling our administration about this because of a kill-the-messenger syndrome.

    Let me just say that this is one of the most ridiculously insecure technologies in the world, just waiting for the packets to be pulled down out of the air with a packet sniffer program like EtherPeek. People have been doing this for months around here.

    This is just a school. It's terrifying to think that the world's important financial institutions rely on this technology's security.

    --

  • What's it like in the USA ? Are AirPorts really popping up in every Starbucks ?

    Actually, Starbucks is unrolling some sort of plan just like that. It's not available yet, and when it is it'll probably have a bunch of restrictions on it. But that's about the shape of it.

  • by Technician ( 215283 ) on Monday February 05, 2001 @06:13AM (#456610)
    I agree on the impact of using high gain antennas for sniffing. A wireless port has a short 1/4 or 5/8th wave antenna which usualy has a gain of less than 6 DB because of it's non directional signal.

    Every 3 DB gain doubles the power recieved. Every 6 DB increase in antenna gain doubles the distance. (line of sight not over the horizon) A narrow beam dish antenna (old c-band TV dish) can have a gain over 36 DB.

    If your 6 DB laptop has a range of 500 feet, the guy with the dish has 30 DB more receiving power and will get the same signal you get but from 16,000 feet. He doesn't have to be in your parking lot to sniff you. He just needs a reasonably clear line of sight. Do not be fooled thinking the range a low non directional antenna provides is all the further your signal travels. It isn't. It gets 6 DB weaker every doubling the distance it travels.

    It may become too weak for you, but not for a high gain directional antenna. This gain is why a dish antanna can pick out one of many satelites spaced every 6 degrees in the sky over the equator that is transmitting with 50 watts per transponder 22,000 miles away.

  • by fm6 ( 162816 ) on Monday February 05, 2001 @06:16AM (#456614) Homepage Journal
    WEP is especially dangerous because it establishes a false sense of security that cause people to be more willing to send sensitive data over the network.

    Don't single out WEP for this problem. You run this risk with any security measure. To quote Bruce Schneier, security is a process, not a product. Not that I disagree with your general argument.

    __________________

  • You are missing the whole point here. 802.11b uses spread spectrum technologies, and I suspect that if you started from scratch trying to put together hardware to eavesdrop on 802.11b it would be a tough project. But, you are not starting from scratch. You are starting with a working receiver. You would have a hard time listening in on the military using consumer hardware, but if you were starting with a working military receiver it would be much much easier.
  • My solution is to land the AirPort segment on a DMZ interface that can talk to only one device- a VPN endpoint 'switch' from Cisco or Nortel.

    VPN solves the issue of using 'untrusted' internet connections to connect to the local trusted network, so it's an obvious solution to using untrusted wireless transmissions which have similar security risks to using the Internet... sniffing, MITM, etc.

  • by pgpckt ( 312866 ) on Monday February 05, 2001 @04:56AM (#456618) Homepage Journal
    I see minimal additional threat being generated from wireless networks. Wireless networks tend to be short range. Several college campuses and business have them, but wireless can only do so much and only transmit so far. Vulnerability is localized, not global like over wireless' wired cousin.

    You still need a wired network regardless. And the hacking opportunities are better on a wired network. Several factors prevent hacking from being a viable activity over a wireless network. Low bandwidth is the most obvious. There are some implications for a denial-of-service attack, but these will affect end users, not servers, and with triangulation, it shouldn't be too hard to figure out who is jamming the signal.

    The biggest thing is you need a good parity algorithm to account for data loss and encryption to prevent people from picking up sensitive data. However, I dismiss the claim that there is more exposure on a wireless network then a wired one, and hopefully you are using encryption when you give your credit card over the net anyway.
    ----------------------
    Kurt A. Mueller
    kurtm3@bigfoot.com
    PGP key id:0x75D2DCCD
  • I should also point out to those unfamiliar with WaveLan that I mean encryption beyond the "WEP" ("Without Extant Protection" ;) ) that's available on the standard bronze cards. There are two encryption "levels," silver and gold, which use more daunting encryption methods. Unfortunately, they also cost more money--a separate and unfortunate issue that I will not address here. :)

    -Omar

  • by Salamander ( 33735 ) <jeff.pl@atyp@us> on Monday February 05, 2001 @04:59AM (#456622) Homepage Journal

    I think a lot of people just don't realize how wireless networking can change the way you feel about computing. Until you've actually surfed from the couch, continued reading on a laptop while you get a drink out of the fridge - or even take a leak - all unencumbered and uninterrupted, I don't think you can fully appreciate the difference. It's amazing to think how accustomed we had all become to the limitations of wired connectivity.

    Now this comes along. Right or wrong technically, real or imaginary, this will slow adoption of wireless networking technology. The risk-averse business types who make decisions about deployment will hesitate, so there will be fewer access points both within organizations and in public spaces (hotels, airport lounges, and so on). Companies will forbid their employees to use wireless networking when on the road, or simply not provide the equipment necessary for them to do so. I expect email from our own IT department any moment telling me that wireless is off limits until "investigation of this matter is complete" (which will take months).

    All this loss of convenience occurs because a bunch of people who felt left out of a public IEEE standardization process have said the sky is falling. If you read the article, you'll notice that there's practically no real information that would allow anyone to judge how serious the risk really is, and there's a lot of scaremongering about how easy it will be for "script kiddies" to get the right software. How about the hardware? Yes, folks, you need extra hardware to do this, and you also need to be physically proximate to the target. I'm not at all convinced that the script kiddies will be able to take advantage of this hole - whatever it really is.

    Yes, it sucks that there's any hole of any size in WEP, and even if the script kiddies can't exploit it the professional crooks might, but the sensationalistic way this is being reported is simply not responsible.

To be awake is to be alive. -- Henry David Thoreau, in "Walden"

Working...