Slashdot Mirror
New flaws in 802.11B
obobo writes "The New York Times (free reg yadda yadda) has a story about new flaws in the 802.11 standard, based on this paper. The upshot is that even with 128 bit encryption and MAC address control lists, it's still easy to hack."
Encryption is really important. It's an indispensable component of eliminating anonymnity on the Internet. With public key signing, there's no excuse for ANY traffic on the net to be anonymous. I envision a future in which all packets must be digitally signed or they get dropped by the routers.
Really, I'm looking forward to that day.
They still haven't figured out a way to close their no-registration backdoor.
Storing anything online makes it more easily accessible for good and for evil. Wireless is even less secure than online because a listen only tap point is untraceable.
Get an older scanner that will cover 868-894MHz (analog cellular). You'd be surprised how many people still read their credit card numbers, social security numbers, etc. over the air and in the clear.
The problem is not just encryption, its all that other stuff that goes around it. You need a good way to create and distribute keys and make sure that they are used well. Designing a secure system is not just slaping a 128 bit key encryption system onto what you already have, you need to plan it from the ground up very carefully.
Think of it this way if the bank has the world's best vault but transports the money in bob's old VW van. Then the bank has lousy security.
Erlang Developer and podcaster
Stupid, old news.
802.11 is insecure, but this is well known.
1984 should be about one or two wars away...
The current world climate isn't paranoid enough.
Perhaps privacy is as bad as it has always been, I've studied people through the "analog" trail everyone have.
It should be noted that I live in sweden where govement information are openly available.
What people don't know is that they are even less private that way.
You might worry about someone finding you creditcard number on the web. Take a look at some slips in your wallet.
Another thing that's a little frightening is to call some companys and claim to be someone else, most companys don't care because they want to be "customer friendly".
I think privacy is a thing you have earn through caution. Don't feed the papertrail!
// yendor
--
It could be coffe.... or it could just be some warm brown liquid containing lots of caffeen.
Would you post a white-paper saying that the 802.3 NIC you bought didn't encrypt your traffic?
Unlike Ehternet/802.3, IEEE 802.11b is advertised as being secure. It isen't.
Papers like this one are important as it shows how expected features aren't there. It is a paper that that techs can use to show their managers why 802.11b should not be used, or why it is going to cost more then a few hours and the cost of the nics.
The reason that there's normally not security in layer 2 is because it usually is a physical connection, and thus you use physical security. Logical connections require logical security. Since you don't have control of the "wires" in wireless LANs, you _do_ need security.
Engineering and the Ultimate
The difference is that with a regular wired LAN, you can have physical security - you can control the wires. With wireless you have a totally new can of worms, because the wires are no longer under your control.
Engineering and the Ultimate
Sort of like alot of the BS in this article?
As noted in several other replies, 802.11a "operates at the 5-GHz UNII (unlicensed National Information Infrastructure) band and can achieve data rates as high as 54 Mbits/s" as noted by eetimes here and here
Twelve-and-three-quarter inches. Unyielding. This wand belonged to Bellatrix Lestrange.
ETSI (Europe) has lower maximum power requirements but they allow the same number of hopping frequencies as in the USA. In Japan and Canada, though, FHSS radios are limited to the lower half of what is the ISM band in the United States. So they hop on frequencies twice as much as they do in the USA. Something interfering with a radio in Canada would cause twice as much performance degridation as the same radio in the USA, but the problem is even worse with DSS radios in these markets because with only half of the US's ISM band to use, there are no overlapping channelsthus without proper antenna placement and frequency seperation, you are very limited to the total amount of bandwitdh you can aggregate with either technology, and especially DSSS.
~GoRK
The hopping sequence of a BSS cannot be determined or recieved reliably by a single radio without knowing the ESS ID of whatever cell you are currently in; however, the ESS ID can be determined easily after determining the hopping sequence.
As far as speed and range, Breezecom equipment (that I know of) will break the 802.11a spec and communicate at 3mbps. If another manufacturer's 802.11a radio comes within range, it will communicate with that raido at 2mbps, but 50% performance above the 802.11a spec often gives these radios a performance advantage over even DSSS radios, since a DSSS radio will talk at 11Mbps, 5.5Mbps, then 2 and 1. Over long ranges it is extremely rare that you can make a full 11Mbps link, and more likely that your 5.5Mpbs link will have less than 50% throughput... meaning that if you get about 2.9Mbps out of your DSSS radio at some distance, you are doing well, and if you can get 2.4Mbps out of a breezecom radio at the same distance, then you are not losing a lot by going with FHSS... Add to that the fact that because of the nature of FHSS technology, you can place probably 10-30 radios in the same band and aggregate the bandwidth, you will leave 802.11b in the dust.
Just some more thoughts on the matter...
~GoRK
I did not say it was impossible. I said it was much harder than DSSS. To reliably intercept FHSS with or without WEP requires 72 radios. Without knowing the ESS ID, you will not be able to accurately determine the hopping sequence of your BSS. I suppose you could have a smaller number of radios guessing the sequence, but it would take much longer and be much more complicated. Once you have the hopping sequence worked out, then you can deduce the ESS ID and then after that you could configure one radio to that hopping sequence and then you'd be in the same boat with 802.11b as far as the security of WEP goes. So, the hopping sequence on 802.11a is cryptographically secure from the ESS ID - but I do admit it is very weak crypto. If someone is spending this much money to hork onto your wlan, they could probably physically infiltrate your facility and steal the information necessary to jump on it a lot easier than they could figure it out. If you are that paranoid about your data, then you should be running a more secure form of crypto on top of the base anyway, like I said in my initial post.
~GoRK
You know you would have thought that with all the 802.11b stories on here, somebody would have mentioned the much more secure counterpart to 802.11b -- which is 802.11a, a frequency hopping standard that defines a much much much harder to intercept, much much much more stable, reliable communication (we are talking orders of magnitude) above 802.11b (Oh yeah, and plenty of equipment is available also.)
How come when LAN's go wireless, geeks suddenly forget the basic fundamentals of RADIO which, for the specific technology we are discussing, is almost as well understood as power generation. Wait a minute, but didn't the folks who delegated the IP address space give RADIO OPERATORS a quite enormous chunk for EXPERIMENTATION? Where are all these guys. For instance, the story that ran a few days ago where someone at O'Really (sic) declared that a 802.11b product was good because his microwave oven did not interfere with its operation might have taken one second to read the frequency of his microwave off the little label inside the door and look up the frequency of whatever channel his DSSS radio's was on before realizing that the microwave was (99% likely) not even on the same frequencies.
It's about time for all of you to go out and read how these radios and standards really work before making wild comparisons, accusations, etc. or being suprised when someone points out that the standard is not fundamentally secure. Here's a hint: It was never designed to be any more secure than wireline communications. The amount of money someone would have to spend to tap into your wired LAN is equivalent to the amount of money they would have to spend to intercept your wireless. If you require secure communications over wireless, use IPSec or encrypted tunnels. Just like you would do on the wireline.
Get it together. I am losing faith in you guys.
~GoRK
OK, I didn't think it was that insightful, but thanks, I guess.
Your right to not believe: Americans United for Separation of Church and
That's a pretty 1337 title for a paper, why didn't they just call it:
But seriously, this points out that you can't just trust someone to tell you their product is secure. Lucent's "closed network" sounds great, except for the part where it broadcasts the shared secret in the clear!
[smacks head in disgust, and hopes to never commit such a colossal blunder in my own work]
Your right to not believe: Americans United for Separation of Church and
I don't know where you make this stuff up from. There are exactly three hop sequences defined for use in North America and most of Europe.
From "The IEEE 802.11 Handbook: A designers Companion":
Set 1:(0,3,6,9,12...75)
Set 2:(1,4,7,10,13...76)
Set 3:(2,5,8,11,14...77)
Unless I am misreading something, there are only three sets of hopping numbers. Not exactly a difficult thing to guess if you need to.
Your insistance that DSSS is somehow easier to eavsdrop on FHSS is just a bunch of crap. Neither technology was designed with any resistance to eavesdropping in mind at all. You can't specify your own hopping sequence for FHSS, and you can't specify your own Barker sequence for spreading DSSS. Had the 802.11 folks cared at all about making eavsdropping hard, they would have let you do these. Of course, they probably wouldn't have gotten FCC approval, but what the hell.
So, just drop it. What little security you have is based entirely on the WEP, and not at all on your choice of slow FHSS vs fast DSSS.
I found some references. It is not possible to set arbitrary sequences. According to Breezecom (cached version here):
---quote---
For FHSS systems IEEE 802.11 defines 79 different hops for the carrier frequency. Using these 79 frequencies, IEEE 802.11 defines 78 hopping sequences (each with 79 hops) grouped in three sets of 26 sequences each. Sequences from same set encounter minimum collisions and they may be allocated to collocated systems. Theoretically, 26 FHSS systems may be collocated. However, as synchronization among independent systems is forbidden (synchronization would eliminate collisions), the actual number of systems that can be collocated is around 15.
---end quote---
I assume the three sequences are the ones I originally listed. If I'm not mistaken, it's considered a different "sequence" if you start in a different place. So:
1-5-9 is different from 5-9-1 and 1-5-9. So, an evesdropper would not be trying to guess a random sequence, he would just camp on one frequency, listen, and if a signal showed up he would start hopping. In other words, the 26 seqences vary only in time, so an eavesdropper only has to listen for a few seconds on one frequency to "check" all 26 sequences based on that set. Is that a fair assumption?
I also found a reference to an algorithm for determining which country you are in by checking which frequencies the AP broadcasts beacons on. In order for this to work, it requires the hop sequences to be well known for a given country. It's here
So, given this little bit of research, I still believe the claim that FHSS 802.11 is somehow more secure than DSSS 802.11 is basically crap. I would love to be proven otherwise.
you dont even know what a MAC Address is ...
But who ever said one of the duties of layer 2 was to provide security?
That's not entirely an accurate statement, I relize.. but the concept is there.
Ethernet is very hackable.
You should rely on higher-layer protocols to prevent hackability.... not your lowest layers. 802.11b was not developed for super-secret communications; it's not for spies. It's for every-day-people...
That's rather obvious. but you see, from a data protection point of view, most places don't audit every single jack in every single wall. They don't run switches in ultra-secure mode and don't use static arp tables on all their servers, etc etc etc....
Yes, there is a point, in that others should not be able to connect to your network. That's important.. but not the same thing as network security. We still need higher layer secure protocols.. ALL protocols...
By Pass Free Reg Required:
F LAW.html
http://channel.nytimes.com/2001/04/03/business/03
No matter how strict you make your security, in the end it depends on the user.
If you take every attempt to provide good security, the customer will find your key management such a big hassle that they won't buy your products. Popular magazines will make fun of your complicated methods, and elaborate network setup, and will praise the Plug-and-Play method of your competitor. The only way to survive as a vendor is to make it easy on the user. Unfortunately, tight security and ease of use don't mix very well.
I'll bet that more 802.11 networks are broken into that are simply not using any security at all, than networks that have had their WEP security cracked. Just because the network manager couldn't be bothered to check the box that said 'use WEP security'. And even if people do enable WEP security, how many do you think will opt for a 128 bit hex string, as opposed to an easy to remember dictionary word ?
Wrong. You obviously missed this very important sentence at the end of section 5:
What's the significance of that? Well, we already knew that running an 802.11b network without WEP would be the act of a total moron. What the paper is saying is that *with* WEP you can attach to the network but you can't actually use it without the methods mentioned in the Borisov/Goldberg/Wagner paper. Those methods, in turn, are far from trivial. In fact, they're extremely difficult (but, admittedly, not impossible) to implement in the real world. In other words, nobody's network is actually likely to be compromised in this way. As another poster said, it's theoretically interesting, but of very little practical import.
Slashdot - News for Herds. Stuff that Splatters.
Frequency hopping 802.11a is dead easy to hack into - the standard ensures it. Basically, because all devices on the network need to know which frequency to hop to, this info is broadcast, along with timing details and other useful bits and pieces. So you don't need to guess. I have used a £100 802.11a card to hop on to a WLAN in under 2 minutes. It would have been faster, but I was using Winblows that day, and I had to reboot. 802.11a is cheap, low security and dead simple.
802.11b has its advantages - it is a lot harder to hack in a lot of situations, due to ambient rf noise and the chipping code can add a fair amount of front end security if you use a very long sequence, but it too can be monitored. Hence the term WEP - wired equivalent privacy.
I agree with the rest of the post, though:
You wouldn't have sensitive data on your wired network for all to see would you? No, you would encrypt it and use secure encrypted links. Do the same on your wireless LAN.
THAT'S THE WHOLE POINT
Here in the UK, the fact that we can only transmit at 100mW means an attacker does have to be fairly close, and some of my clients do add 'Tempest' type shielding where there is rf leakage, but again, their security comes from encrypted point to point links, and other means
Frog51
Well as many have mentioned the wireless 802.11 security leaves much to be desired. There was a story on slashdot that ran about a month or two ago on this same subject. In any case, I would think that if you simply ran an encrypted tunnel from end to end around the wireless segments that would be a much better solution than relying on the weak WEP 802.11 standard.
:)
If you are implementing this on a corporate level you should know this. This is your job. Obviously, the problem here is that we have people implementing networks (MIS graduates) that don't want to look at what fundamentally is going on with the technology. They simply hook up the cards, install the windows drivers and move on to their exchange servers. I guess its not their fault really. Companies know their background. Companies should have some hackers working on breaking into their system. Those white hat hackers could easily expose this stuff. I guess thats what security experts are for..
JOhn
Campaign for Liberty
Actually, there is a really easy way to make these networks secure. Put your wireless access point outside of your firewall, then use VPN software on the client to connect to your intranet. You can also filter at your router to prevent people from getting a "free ride" on the internet if you are concerned about that.
That way, you totally bypass the WEP and have a reasonablly well tested security model (VPN) guarding your data.
When I set up 802.11b in my house, that is what I am going to do...
One thing that you may also want to consider is that you may wish for your wireless clients to be behind a firewall for one reason or another. In the case of most home users they probably need their firewall to assign non routable IPs via DHCP for all wireless connections. Thus, for the home user a DMZ of sorts would be an ideal solution. Naturally, your trust model for this DMZ would be different than for a DMZ that consists of webservers and such and would be on a different segment than the webserver DMZ.
_____________
I don't want free as in beer. I just want free beer.
An analysis of the WEP algorithm can be found here. The document points out a lot of the flaws in the algorithm and what attacks it is vulnurable to.
the use of the term "attacker" instead of "hacker".
Folks, I know that security and related foo are a juicy topic that /. loves to tear into, however, step back a moment and apply some grey matter.
Would you post a white-paper saying that the 802.3 NIC you bought didn't encrypt your traffic? How about that 802.3 hub that lets anyone who has an ethernet card and a long enough (within 100m of course) cable see all your data, unencrypted?! Notice anything yet? That's right, 802.11, just like 802.3 is just a layer 2 application. The highest level 802.* understands is MAC address. I, for one, am thankful that the folks who developed it went the extra mile to put a few controls ON THE RF SIDE of things to make it difficult for an attacker to enter a wireless network. However, the person who doesn't understand that 802.11 devices are either a) NICs or b) Bridges, is delusional, and needs to (re)take that Introduction To Networking class.
<rant>
Oh, yeah, and it has become very bothersome, personally, when someone mis-configures, or doesn't configure a device, and then complains about the failures and shortcommings that ensue, blaming the protocol/device/technology/product.
We didn't give the Netcraft "benchmarks" any credence, why should we pay attention to this crap?
</rant>
--
Fine. I don't think the code should be released either. But they damn well ought to test it, see how long cracks take under various real world conditions, and publish the results. If it's under an hour, businesses should throw 802.11b out the window immediately. But if it takes a week of constant sniffing, personally I'd be more worried about black hats posing as janitors or some such.
burden of proof lies on the IEEE group to prove that WEP is secureSure, I agree that WEP is weak. But all security is relative. Any prime-number-based encryption can be broken with sufficient cycles. So tell me Mr Owl, how many licks does it take to get to the center of 802.11b?
So yet another academic has written up a mathematical proof of the flaws in 802.11. Hurrah. I see one small flaw in their reasoning -- not a single one of those papers includes a section where the author says "I personally sat down with my laptop outside a WEP-enabled office building and cracked the network in [foo] minutes/hours/days/whatever".
My BS is in Math, so I know for a fact that this old joke is often true: "Mathematicians don't need to be good at counting, we just care if it's countable". Until one of these professors (or more likely their grad students) actually writes the necessary decryption code and does it, we still don't know exactly how easy or difficult the crack is.
Honestly, I've gotten to the point where I don't trust wires of any kind, let alone wireless. It's hard enough to trust the endpoints and the encryption between in a secure exchange, never mind trusting your ethernet. Maybe if the government wasn't all gung-ho about preventing nefarious criminals from getting encryption (as if the government opposing it would stop them), then the citizens would already have lightweight encryption capable of securing even a communications medium like this. But, hey, "law-abiding citizens don't need encryption", right?
Lets spend just a minute thinking about how important this really is. When Bobby Java is sitting in Starbucks, using their wireless connection, what is he likely to be doing? Deleting the 12 e-mails he got last night offering him a low rate mortgage and greater sexual prowess? Browsing the New York Times? /.? Making a lunch date or dinner reservations? Reading Doonesberry? I'm sure there will be eight or 10 people cruising the streets of Seattle trying to pick that important information out of the air.
......
My US Mail is left every day in a box, on a pole, by the curb, next to the street. No lock. No encryption. I can't remember worrying about someone getting in and stealing my weekly discount shopper coupons or my bank statement or my VISA bill.
Come to think of it
Well don't forget that Ethernet broadcasts to everyone on the segment. Which is why it was so easy to sniff people's passwords, email, instant messages, whatever.
Email originally was viewable by everyone, completely open on the system.
> *sigh* How far away is 1984 again? :)
m$ passport anyone?
---------------
100% Australian
There is a possible solution: use software with encryption. There are point to point tunneling solutions with encryption and more... Hey, there's money to be made in encrypted wireless networks/intranets. Don't complain, start coding today.
Airwave uses unencrypted traffic, not WEP. As a previous poster noted, WEP requires a shared secret among users. There would not be much point to sharing a secret with your fellow coffee drinkers if your purpose is to keep them from reading your Business Plan.
As you point in in #1, it's not secure once it leaves the cafe anyway. If you are concened, use ssh or https or encryption in email for your business plan anyway.
And get a pair of those glasses with mirrors on the front so you can make sure nobody is looking at your laptop screen either!
And to bring everything but the CueCat into this, I got mail from Airwave saying that their DSL in the local cafe here used NorthPoint.
I could duct tape an IPSec security gateway (e.g. Nortel) to an AirPort and have a solution for secure, point-to-point wireless connectivity. The government couldn't stop me from selling that - and they won't stop router makers from adding 802.11 to secure vpn products. Haven't for years.
sulli
RTFJ.
We don't need to worry about security on these wireless devices! Most of the ones that are setup have full blown access to anyone passing by due to a lack of FULL configuration!
Tom says, "No! Stop! it's working... I'm on the net! And I can see the fileserver. Don't mess with it!"
LFS. Have you built your system today?
mod this up
Sure, they use some of the same algorithms. But they are nnnnot thhe saym.
Seeing how security over normal wires is very hard to implement, it's really no surprise that wireless devices are more vulnerable...
/. has a few articles that touch these subjects. Shielded PC casings. Some TEMPEST docs released. More docs revealed. Scan the EMF spectrum. This is the same docs as above I think.
I guess the only way to make something like that secure to a satisfactory degree (right now), would be to build a radio-dead building with radio-dead windows, so that only wireless devices within the building can connect... That'd bring security up to current level of wiredevices... Which means that you would have to have physical access to the LAN...
Building something like that has a few advantages for the paranoid, it would also block electronic emanations. I think buildings like that are referred to as TEMPEST buildings...
Any technology distinguishable from magic, is insufficiently advanced.
Dave Wagner at Berkeley published info about weaknesses in 802.11 several months earlier.
Unbreakable encryption is possible: the key must be the same size as the data. See http://www.bebits.com/app/1100... Source included.
Intel sponsored the study because a year ago Intel was full-blown behind Bluetooth. Bluetooth has since died a nasty death, and Intel has changed courses to embrace Wireless Ethernet.
Bluetooth died? I must have missed that one... Bluetooth never really lived so far, at least it did not live as a grown-up, just as a kid that is in the kindergarten-age. But Bluetooth currently grows up really fast (with the problems involved by fast growth...).
Intel never left the Bluetooth-path, but they turned over from HomeRF to IEEE802.11b. Maybe you mixed this up with bluetooth.
As for security concerns, most products on the market today conform to Wi-Fi which is a more highly secure (and compatibile) variant of the original 802.11b specification.
Sorry, but this is wrong. WiFi is a consortium that does some tests to ensure that the theoretical interoperability achieved with the IEEE 802.11b is true in real life with the tested equipment. It is no way a better or somehow changed version of the 802.11b standard, so the WiFi-Logo does in no way tell anything about better security!
cu, otakuThe best thing to do is put it out there with the appropriate caveats, and work to secure it as best you can as you go along. If you are waiting until it is bulletproof, you'll never release it.
If you can't beat them, embrace and extend them.
The basic protocol flaw is that a stream cipher is used with an insufficiently large initialization vector. If a block cipher had been specified the protocol would actually be reasonably secure. The reason a stream cipher is problematic is that the ciphertext consists of the plaintext xored with the cipher stream. This makes all sorts of integrity attacks possible and means that the security of the system depends on the initialization vectors never being re-used.
The more serious flaw is the belief that the difference between a wireless network and a wired one is that the network is no longer protected by physical security measures. Ethernet may be insecure, but in most cases access to an ethernet requires physical access to the building in question. With a wireless card a sacked employee can be surfing the intranet from the car park.
The most serious security risk of wireless then is the lack of authentication, in an ethernet network there is an implicit authentication that is obtained by having got through the front door. WEP makes no attempt to duplicate this, nor do the remediated versions of WEP. All the 802.11b users in a network share the same access key
There are plenty of ways to make this secure, unfortunately that is not on the agenda. Patching up the privacy so as to make the cards sellable is all that is likely to happen in the short run. Bodge 'em and flog 'em. The purpose of WEP is not to give users security it is to overcome the customer's legitimate security concerns so as to make a sale.
The obvious security solution is to bind a private key into each card, just as is happening with newer cable modems. The public key certificate fingerprint for the card is printed on the case. To enable a new card for access to the network the admin adds the fingerprint to the 'authorized users' list.
Sure there are some remaining risks - extracting the private key from the device for e.g. but it is unlikely to be possible to extract a private key without the authorized device holder knowing (particularly if we all read Paul Kocher's articles on timing and power analysis attacks).
In summary, the WEP protocol should be discontinued in its present form. Early deployers would be well advised to ignore the layer 2 security on the card and wrap VPN security arround it, such as IPSEC or PTPP etc. That gives security but the crypto processing is now being done on the processor and not on the 802.11b co-processor where it belongs.
The other piece missing from 802.11b deployments is that at the moment security is a binary switch. I would quite like visitors to the company to have Internet access from our conference rooms but not Intranet access. It should be possible to configure the base station to allow any PC to connect to the outside Internet without requiring an authentication key ahile requiring an authentication key for access to the local area network. Same goes in a large enterprise where employees from another division may be allowed access to the Internet (and their own LAN) but not the division they are visiting.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
1. Who ever told you the Internet was secure? Whoever it was, is, as we say, a lamer.
2. I ran into the Airwave guys in front of Fry's Palo Alto store a couple of weeks ago, and snarfed some of their lit. Their idea is cute, but they have a major chicken-and-egg problem: they need to either sell access to users before locale proprietors will sign up en masse, or they need to sell locale installations before the users will sign up en masse. And 90% of their 100 or so hits so far are coffee shops. Who spends more than ten minutes in a coffee shop, and are enough of those droids interested in wireless connectivity that you'll make any money at $1.99/use or $9.99/mo? And now their tech is compromised, so you can't even trust you're not giving away your Next Great Mobile SKU Database Platformation Business Model plan to the Latte Mafia when you're WEPping it to your bankroid. Tsk, tsk.
--Blair
"There's a joke here about ALL YOUR BW ARE BELONG TO US but I'm feeling too conservative to use it, today."
This is horribly misinformed. Bluetooth hasn't died; it hasn't really shipped. It will, almost certainly. Intel didn't drop Bluetooth; it dropped HomeRF, a competing high-speed networking standard. Bluetooth's purpose is wholly different - mostly for very low-power synchronization and info exchange, like synching a Palm with a laptop, loading phone numbers into a cell phone, etc.
We'll see if Bluetooth lives up to it. But Intel is pouring lots of cash into the hole, as are several other major chipset makers and many many hundreds of manufacturers. As with cell phones that browse the Web, the design will determine it's really useful and consumers (business and home) actually want it.
But it's coming. 802.11b and Bluetooth won't be competing; they'll be complementary, because 802.11b, for the foreseeable future, takes up too much power, and won't be cheap enough ($20 vs. $5 ultimately) per chipset to integrate into the simple devices that will use it.
Freelance tech journalist for the Economist, MIT Technology Review, Macworld, and others
ffs, read /. more ;)
there has been a few articles on WEP insecurities now. ieee has gotten alot of flack for their new release of this (802.11) standard.
just set up your wireless network in a dmz. What's the big deal?
How secure are cables really? In a lot of cases its fairly easy to get access to cables (I think of the DSL connection running through my outdoor telephone closet, for example).
In office buildings it's often even easier.
The real solution is to use encryption at a higher (lower?) level: IPSec or so. I don't know why this is not becoming a common practice yet, but I suspect the difficulty of software setup is one of them.
When I complained to some (fairly intelligent) friends about the security of wireless LAN, and how I didn't trust it because the MAC addresses are always plaintext, they replied that if there where security issues, surely big companies like Lucent would have fixed it by now, right?
Kind of shows the average attitude towards security. Most people just don't give a shit.
[Insert the usual disclaimer here]
BTW, YHBT HAND ;)
Bork bork bork!
From a high building with line of sight and a directional antenna it is not hard to connect to a LAN several miles away.
WEP shared key authentication has been known to be weak for a long time. Most products use open authenticaiton which is better. In this case they need the same WEP key and SSID to talk, but its not used in the initial negotiation. You can also turn the broadcast of the SSID off.
Products like Cisco's Aironet have implemented additional security enhancements, such as dynamic WEP keys using LEAP, which reduces the risk dramatically.
Wireless still isnt overly secure, but if used with all the available security measures can be a mitigatable risk. Then there is minimising RF leakage....