Slashback: Efficiency,Observation,WEP

← Back to Stories (view on slashdot.org)

Slashback: Efficiency,Observation,WEP

Posted by ryuzaki0 on Tuesday August 14, 2001 @11:59AM from the live-from-the-killen'-fields dept.

Slashback brings you updates and additional notes on recent Slashdot stories. Tonight that means more on computers playing chess, on judges who don't like being monitored in the workplace (too bad!), and on the (less totally spectactular, still bad) cracking of 802-Errr, something.

Sargon Deep Fritz playing a person may be more cutting edge (and take a lot more processor power), but it seems like an awful lot of resources to spend on playing chess. Alex Bischoff writes: "From the February 1983 issue of "Your Computer", it's chess in 1 KB (for your brand-new ZX-81)."

But sir, even the judges are objecting! saulgood writes "the NY Times is carrying a further article here, about the revolt amongst some judges over their ability to look at Britney Spears and download Metalica mp3's at work... that's right - Power to the People Baby!!! No justice, No peace..."

Take that -- no, please, take that. Bob Lee writes:

"I authored the open source program Code Red Vigilante. This is an open effort to inform the public about the dangers of the Code Red worms and to specifically notify the owners of infected machines ... Vigilante is featured on Incidents.org, OnJava.com, TheServerSide.com, and it will be on the ScreenSavers on TechTV on next Monday.

Not to put too fine a point on it ... Jeffrey Fanelli of Sniffer Technologies writes: "Just to clarify on your story, that intern didn't crack 802.11x, but WEP in a 802.11b environment. 802.11x is a recently developed standard extension to Radius and 802.11 to allow for dynamic keys to be generated per user session. 802.11x uses the same WEP RC4 encryption, but makes it far more difficult to crack given the fact that all nodes associated with a particular Access Point will have a unique session based KEY (a key which, I might add, the user of the Mobile Unit in question cannot themselves identify).

5 of 99 comments (clear)

Min score:

Reason:

Sort:

code red vigilante by perdida · 2001-08-14 12:15 · Score: 5, Informative

See the Kuro5hin.org story on this issue..here

Basically you are penetrating an already 0wned computer, but this still exposes you to liabilities. It's a precipitation of the libertarian or wild wild west version of the Internet. The thing to do is to get a respected authority, such as the FBI or the police, to notify the 0wned, hence saving yourself from accusations of propagating Code Red or being a cracker yourself.

--
Goat sex free since 2001
1. Re:code red vigilante by FooManChuYouMoo · 2001-08-14 12:25 · Score: 2, Informative
  
  I think this is the correct link: http://www.kuro5hin.org/story/2001/8/8/53543/46803
2. Re:code red vigilante by jeffy124 · 2001-08-14 13:03 · Score: 3, Informative
  
  it took me a moment to figure it out too, so dont feel bad ....
  what the program does is set up a listener on port 80 of your machine. When GET requests come in matching that of Code Red trying to spread, the program drops those requests, then connects back to that machine via it's IP address and exploits the same hole Code Red does, but this time it causes a simple dialog box to suddenly appear on the infected deskop, telling the person who's currently sitting in front of the machine of the problem and what to do. He has screenshots of that dialog at the bottom of the page.
  the author of the program says hes already gotten an email from someone saying that he asked his ISP about Code Red, they told him he shouldn't be concerned because code red doesnt infect "home machines." go figure :/
  
  --
  The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
Re:Clarification by rgmoore · 2001-08-14 12:49 · Score: 5, Informative

I don't think that this is an issue of bad research as much as it is one of bad writing. It seems pretty clear from some of the other comments that the author does understand that it's necessary to monitor everything in order to see if the people in question are surfing for pr0n, etc. Take for instance the quote:
"My biggest concern is that signing off on these proposals opens the field to allow monitoring of every keystroke and basically makes an individual's computer an open book," Judge Kozinski said. "I don't think its appropriate for us to be forcing employees to give up rights wholesale without showing any need. If we did this with telephones, people would be outraged."

The problem is one of bad writing. The author doesn't make it explicit that they judges are worried that everything they do is being monitored.
One issue that's potentially pretty scary about this is that judges need confidentiality. The are sometime required to seal documents, rule on the admissability of trade secrets, and generally deal with things that are supposed to be given strictly limited circulation. Putting monitors on their computers so that people back in Washington can see what they're doing has the potential to undermine the confidentiality of their work, and the implications of that are very serious indeed.

--
There's no point in questioning authority if you aren't going to listen to the answers.
802.1x, not 802.11x by Adam+J.+Richter · 2001-08-14 13:45 · Score: 3, Informative

The security standard in question is 802.1x, not 802.11x, because it is theoretically not specific to wireless, although the distribution of per-session WEP keys is. You could, for example, use 802.1x to authenticate conference attendees to use ethernet ports in conference rooms.