Slashdot Mirror

← Back to Stories (view on slashdot.org)

Replacing WEP for Wireless Security

Posted by michael on from the ha-ha,-he-said-wireless-security dept.

i.r.id10t writes "Over at infoworld.com they have an article about the organization that certifies wireless LAN products under the Wi-Fi name revealed new specifications Thursday for how vendors should make their products more secure. The guidelines call for new mechanisms to replace the current security system, based on WEP, which has come under fire for being too easy to circumvent. The certification body, Wi-Fi Alliance, plans to lay the mechanisms out as optional features beginning in February and require them for Wi-Fi compliance about six months later, said Dennis Eaton, chairman of the Wi-Fi Alliance."

5 of 79 comments (clear)

  1. WEP? by mgibbs · · Score: 5, Insightful
    From the article:
    The guidelines call for new mechanisms to replacement the current security system, based on WEP (Wireless Encryption Protocol), which has come under fire for being too easy to circumvent.

    The last I checked, WEP stood for Wired Equivalent Privacy. Has to make you wonder how technically accurate the rest of the article is...

  2. Yeah, but most people don't even use WEP by Anonymous Coward · · Score: 0, Insightful

    A condom doesn't work if you don't put it on.

  3. why don't they realize by Allaria · · Score: 5, Insightful

    That trying to base wireless security on wired security will not work. There will always be a workaround if WEP is used/based on. The only way you're going to be able to secure wireless networks is through authorization and encryption. Tons of companies have already done this, and it seems to be transparent to them.

    --
    If a and b in c, and a can create b, and a can create a, and b can create b, and b cannot create a, then a created c.
  4. Re:Secure by default by Build6 · · Score: 5, Insightful

    Actually, I don't think that's quite right. Having WEP on is "better" than not having it on, but the problem with WEP is that even with it on, with airsnort and enough traffic, the thing can be broken quite speedily. That's the whole point of the various papers published (e.g. by the CMU people) - WEP isn't "private" at all, provided someone out there WANTS to listen. Granted once you turn it on, assuming there's any other networks in range, anyone trying to "break in" will probably go for the low-hanging fruit.

    But what I want to say is, the other way of looking at what you say is this - if the manufacturers all ship with WEP on by default, the people using it would be lulled into a -false sense of security.

    (And if the manufacturers ship with WEP by default, then there'd be quite a few people leaving them on with the default keys... yet another problem).

  5. Hmph by drhairston · · Score: 3, Insightful

    One has to wonder how much faith we should have in a body which named their original effort 'Wired Equivalent Protocol'. Anyone who believed that signals blared across the electromagnetic spectrum were equivalent to those inside of copper wires needs to take a deep breath and then leave the field of Engineering.

    I for one have no faith in this body whatsoever. I use cables, and so does anyone who values their privacy.

    --
    Dr. Joseph Hairston
    Superintendent, CCBC