Slashdot Mirror

← Back to Stories (view on slashdot.org)

NASA Overcomes 802.11b Wireless Security Flaws

Posted by timothy on from the one-way-to-do-things dept.

4mn0t1337 writes: "Looks like the people at NASA came up with a "solution" to the weak secrutity in 802.11: Bypass it. From the article: "The team also assumed that all information on the network would be subject to eavesdropping, and that no identification information built into 802.11b could be trusted." So they chose to disable it, and set up an 'off-the-shelf PC running the OpenBSD operating system, an Apache web server, the Internet Software Consortium DHCP server, the IPF firewall software' and just depend on the security in protocols the services use. Moral of the story: Ignore the 802.11 security and just tunnel into our access points ..."

5 of 111 comments (clear)

  1. NASA bypasses 902.11b flaws by FreeMars · · Score: 3, Insightful

    Hmmm. Not so much a bug fix as a work around

    --
    Email: slashdot3@FreeMars.org (Address will be abandoned when it gets spam.)
  2. That's a pretty sad response by mesocyclone · · Score: 5, Insightful
    Tunneling works for security, but it is far less flexible than plain old IP connectivity, which is what 802.11b delivers.

    The solution is to *fix* 802.11b's security, which shouldn't be that hard. I believe that simply running the crypto algorithm through a few start cycles, before transmitting, is sufficient to stop the published attacks.

    Whether the fix requires buying new hardware, or flashing old hardware, or just changing drivers, is another question.

    --

    The only good weather is bad weather.

  3. Why did it take this long for people to get it? by Anonymous Coward · · Score: 4, Insightful

    It's really no different then plugging into a hostile, unswitched network. Trust no one! Sure, it's easier to "plug" into a wireless network, but you should never trust any traffic medium. Encryption all the way!

  4. How secure is TCP/IP over wire? Not much. by Anonymous Coward · · Score: 3, Insightful

    WEP should be viewed as a means of thwarting casual snooping, just as having separate 10BaseT cables for each computer hampers casual snooping. But unencrypted network traffic is ALWAYS vulnerable to snooping, so claiming 802.11b is fatally insecure is foolish. Unencrypted traffic should always be viewed as insecure.

  5. Major league insecure by Anonymous Coward · · Score: 3, Insightful

    this "solution" is wide open to man-in-the-middle attacks. Tomorrow, I'll drive up there and setup my own DHCP server on their intentionally-WEP-disabled network. I'll hand out MY server's IP as the DNS server, and tell them to HTTP/HTTPS to MY server. I'll collect their usernames/passwords, send them a "site down for maintenance, try again later" message, and cruise through the real front door myself. Sheesh.