Slashdot Mirror
UN Advised on Wireless Insecurity
otisaardvark writes "There's an article on the BBC about how the UN is being briefed on the problems of wireless networks. Predictable conclusions - security is mainly compromised through human, not technological factors."
If this post is modded down! Then the moderator cant take the truth!
prost
Linux is now offically the most insecure OS! (not offtopic)
Insert Microsoft jokes here
What would be secure?
Although it is encrypted, it is most likely that within two years, it will be possible to crack this.
Cables are securer.
Assembling etherkillers for fun an profit
Back in the 80s you could buy a cellphone and then by using a scanner, could tune into the frequency used by the phone to intercept calls. If you were really clever, and had the right *cough* 'dodgy' software you could send control messages to the phone to activate the mouthpiece, so you can literally tap people.
Cellphones were new, and people just wanted them for the coolness/convenience factor and didn't realize the security ramifications.
In the corporate world there's a certain apathy to hackers. Many execs think.. 'No hacker would be interested in our data, it's just boring business stuff'. That may be so, but when the cops are sniffing your CEO downloading kiddy porn and some script kiddie has just deleted all of your mail, you will think again.
Wireless networks are similar to cellphones in this regard. Companies think they're cool and convenient, so they're hopping on the bandwagon.
So, we need to do what they did with cellphones. Digitally modulate the data over the wireless network and encrypt it within the hardware. Waiting for people to install their own security systems is futile. The manufacturers should make wireless devices encrypt on the fly, just like cellphones do.
This will benefit most companies, since they can dabble in inside trading, downloading warez, etc, and the Feds won't be able to track it, so it benefits everyone really.
mogorific carpentry experiments
Theres another intresting article about security here
Well, let's look at these conclusions...
:-)
Humans err,
But Computers don't.
Makes sense.. considering a computer only does what it is told to do. If a human messes up in the programming of the computer, the security is broken. If a human messes up with a social engineer, the security is broken...
The only way that a computers encryption and security could be beaten (assuming the programming , and hardware is good, and there is no human interference at all) is if someone breaks the encryption.
So... what's the solution here...
kill all humans, and we'll have a perfectly secure computer system that no one can break into!
wait... isn't that's what the Bush and the americans are doing anywaiz?
j/k (just a friendly poke at my southern neighbours).
~ kjrose
Whenever any product ships with pre-set default passwords or settings, there is always a segment of the population who will plug it in, see that it's working, and walk away. When a user plugs in a WiFi router, it should require the user to either turn on WEP, or make the user very aware that using the router in its default mode allows any other WiFi device that comes within range to connect, and that includes people who you might not want to let in.
Some people actually want to provide free bandwidth to the community, and I can't blame them for that. However, users need to know when they set themselves up with no security, that will be interpreted by the world as an open invitation for the public to come on in. If you want to block that, enable some sort of security.
Yeah, back in the late-'70s, I had a multi-band radio that could pick up cellular conversations. As a teenager back then, I had an absolute blast listening to calls. It was better than TV. And I promise you, covertly listening in to a hot call between a guy and his girl when you're 16 years old is pretty impressive stuff! :lol:
I never got into blue-box stuff, but pre-scrambled cellular was heaps of fun.
note: what follows may be off-topic, but relevant and important insights on what lies ahead for USA and the world.
from CNN.com
WASHINGTON (CNN) -- Sen. James Jeffords -- the Vermont independent who stripped control of the Senate from Republicans last year when he bolted the party -- slammed the administration's record on the environment and said President Bush was "undoing his father's legacy."
"This year the power industry is getting a nice Christmas gift: the biggest weakening of the Clean Air Act in history," Jeffords said Saturday in the Democrats' weekly radio address, becoming the first independent to deliver that speech.
"Last week, the Bush administration announced devastating new regulations that will gut clean air laws -- allowing power plants to avoid installing simple anti-pollution equipment when they modernize," said Jeffords, the chairman of the Senate Environment and Public Works Committee.
The Bush administration has said the changes will provide more flexibility to plants and, as a result, encourage reductions in emissions.
But Jeffords scoffed at that idea. The senator said he had been "proud to work with the first President Bush on the Clean Air Act amendments of 1990."
"Now this President Bush insists on moving us backward," he said, "undoing his father's legacy and weakening our nation's environmental laws."
Jeffords also criticized what he described as the White House's neglect of a rule to reduce sewage in lakes, rivers and streams, and said Superfund, the program charged with cleaning the nation's toxic waste sites, was woefully underfunded.
"Just this week, the administration announced new plans to allow new oil and gas drilling on national lands," the senator said. "And at the same time the administration is rolling back environmental protection laws, it is ensuring that the public knows little about what is happening in their own communities."
Jeffords cited a secrecy provision in the law creating a Homeland Security Department that he said would "make it more difficult for the public to get information about dangerous chemicals that may exist near their homes." Bush signed legislation creating that department Monday. (Full story)
"The administration has curtailed public access to that information which has been available to us for years," Jeffords said.
Jeffords caucuses with Democrats in the Senate. A spokesman for Senate Majority Leader Tom Daschle's office said Jeffords, a longtime advocate of environmental issues, was "the logical person to carry the message" on the environment.
Jeffords cost the GOP its majority in the Senate when he quit the party in May 2001. But the Republicans will again control both houses when the 108th Congress convenes in January.
Jeffords said he hoped "moderates in both parties can do what we've done before: Stand up to block these anti-environmental initiatives and instead pursue policies that protect and respect our environment."
When he was a Republican, Jeffords delivered one of the opposition's weekly counterpoints during former President Bill Clinton's administration, discussing health care December 25, 1999.
Last time I checked (and it's my job to) WEP and wireless security are still broken, as far as standards are concerned. 802.1x (PEAP, LEAP, whatever you want to call it) isn't appropriate in all (or even most, IMHO) situtations, and fixes to WEP like TKIP aren't widely deployed.
Wireless will continue to have security issues as long as the underlying security technology is broken and is hard to deploy in a secure, stable, and manageble fashion.
That's a technology factor in my book.
According to a new Aberdeen Group report, open-source solution Linux has surpassed Windows as the most vulnerable OS, contrary to the high-profile press Microsoft's security woes receive. Furthermore, the Aberdeen Group reports that more than 50 percent of all security advisories that CERT issued in the first 10 months of 2002 were for Linux and other open-source software solutions. The report muddles the argument that proprietary software such as Windows is inherently less secure than open solutions. And here's another blow to the status quo: Proprietary UNIX solutions were responsible for just as many security advisories as Linux in the same time period. Could Windows be the most secure mainstream OS available today?
Advertisement:
if ((!document.images && navigator.userAgent.indexOf('Mozilla/2.') >= 0) || navigator.userAgent.indexOf("WebTV")>= 0) {
document.write('');
document.write('')
}
"Open-source software, commonly used in many versions of Linux, UNIX, and network routing equipment, is now the major source of elevated security vulnerabilities for IT buyers," the report reads. "Security advisories for open-source and Linux software accounted for 16 out of the 29 security advisories--about one of every two advisories--published for the first 10 months of 2002. During this same time, vulnerabilities affecting Microsoft products numbered seven, or about one in four of all advisories."
The stunning report makes several claims that seem to fly in the face of widely accepted beliefs. First, the Aberdeen Group says that Windows-based Trojan horse attacks peaked in 2001, when CERT released six such advisories, then bottomed out this year, when CERT didn't issue any alerts. However, Trojan horse-based attacks on Linux, UNIX, and open-source projects jumped from one in 2001 to two in 2002. The Aberdeen Group says this information proves that Linux and UNIX are just as prone to Trojan horse attacks as any other OS, despite press reports to the contrary, and that Mac OS X, which is based on UNIX, is also vulnerable to such attacks. Even more troubling, perhaps, is the use of open-source software in routers, Web servers, firewalls, and other Internet-connected solutions. The Aberdeen Group says that this situation sets up these devices and software products to be "infectious carriers" that intruders can easily usurp.
According to the Aberdeen Group, the open-source community's claim that it can fix security vulnerabilities more quickly than proprietary developers can means little. The group says that the open-source software and hardware solutions need more rigorous security testing before they're released to customers. This statement is particularly problematic because many Linux distributions lack the sophisticated automatic-update technologies modern Windows versions contain.
We can rail against Microsoft and its security policies, but far more people and systems use Microsoft's software than the competition's software. I believe that we'll never know how secure Linux is, compared with Windows, until a comparable number of people and systems use Linux. But despite the fact that Linux isn't as prevalent as Windows, we're still seeing a dramatic increase in Linux security advisories today. I think the conclusion is obvious.
Predictable conclusions - security is mainly compromised through human, not technological factors.
Presumably this is referring to the human failing that was responsible for the flaws in 802.11b design? 802.11b simply *cannot* be made secure. Beacon frames are not encrypted, MAC addresses are not encrypted. Capture approx 1Gb of network traffic and you can decrypt the WEP key. Once you do that, you are in. There is little difference between the time needed to crack 40bit and 128bit WEP keys.
Do not deploy an 802.11b network in an environment where you would not fix cabled LAN ports to the outside of your building with flashing neon signs pointing to them with "PLUG IN HERE!" written on them.
Roll on a truly secure standard.
Slashdot is censoring this information! Please support free speech and show this article to the world!
Is that it is so darned easy to listen into the communications. If you can listen in, and interfere with little effort, instantly many attacks become available to you, especially man in the middle attacks.
But, not only can you break into the network, most of the time, you can actively listen in, and just record everything until you get the encryption code in the future (which is actually a pretty easy thing to do with some social engineering.)
If you want the data to be secure use fiberglass wiring, it is the most secure, but if you want convinience, then you'll have to trade off some of the security in enchange for a easier system to use. It's really as simple as that. It's not the human factor, is the human desire for convinience that commonly leads to the largest security breaches.
~ kjrose
For example, are the data links insecure--I dont think so as most are now 128bit encrypted, right?
could it be that access to the local net offering a way around the firewall? Dont some, or maybe all, wi-fi links have built in capabitlity for password protected connections. If so does this not make them as good as any firewall?
So is the whole problem just people not activating these feature? if so is this not just the same as any other unprotected wired network when people dont turn on their firewall?
Some drink at the fountain of knowledge. Others just gargle.
Hey, I have a lot of respect for all you guys who like to eat pussy because there are too few of you out there. And I'm not the only woman who says this. Furthermore, some of you guys who are giving it the old college try are not doing too well, so maybe this little lesson will help you out. When a woman finds a man who gives good head, she's found a treasure she's not going to let go of him too quickly. This is one rare customer and she knows it. She won't even tell her girlfriends about it or that guy will become the most popular man in town. So, remember, most guys can fuck, and those who can usually do it satisfactorily, but the guy who gives good head, he's got it made.
Most women are shy about their bodies. Even if you've got the world's most gorgeous woman in bed with you, she's going to worry about how you like her body. Tell her it's beautiful, tell her which parts you like best, tell her anything, but get her to trust you enough to let you down between her legs. Now stop and look at what you see.
Beautiful, isn't it?
There is nothing that makes a woman more unique than her pussy.
I know. I've seen plenty of them. They come in all different sizes, colors and shapes; some are tucked inside like a little girl's cunnie and some have thick luscious lips that come out to greet you. Some are nested in brushes of fur and others are covered with transparent fuzz. Appreciate your woman's unique qualities and tell her what makes her special. Women are a good deal more verbal than men, especially during love-making. They also respond more to verbal love, which means, the more you talk to her, the easier it will be to get her off. So all the time you're petting and stroking her beautiful pussy, talk to her about it.
Now look at it again.
Gently pull the lips apart and look at her inner lips, even lick them if you want to. Now spread the tops of her pussy up until you can find her clit. Women have clits in all different sizes, just like you guys have different sized cocks. It doesn't mean a thing as far as her capacity for orgasm. All it means is more of her is hidden underneath her foreskin.
Whenever you touch a woman's pussy, make sure your finger is wet. You can lick it or moisten it with juices from inside her. Be sure, by all means, to wet it before you touch her clit because it doesn't have any juices of its own and it's extremely sensitive. Your finger will stick to it if it's dry and that hurts. But you don't want to touch her clit anyway. You have to work up to that. Before she becomes aroused, her clit is too delicate to be handled.
Approach her pussy slowly. Women, even more so than men, love to be teased. The inner part of her thigh is her most tender spot. Lick it, kiss it, make designs on it with the tip of your tongue. Come dangerously close to her pussy, then float away. Make her anticipate it.
Now lick the crease where her leg joins her pussy. Nuzzle your face into her bush. Brush your lips over her slit without pressing down on it to further excite her. After you've done this to the point where your lady is bucking up from her seat and she's straining to get more of you closer to her, then put your lips right on top of her slit.
Kiss her, gently, then harder. Now use your tongue to separate her pussy lips and when she opens up, run your tongue up and down between the layers of pussy flesh. Gently spread her legs more with your hands. Everything you do with a woman you're about to eat must be done gently.
Tongue-fuck her. This feels divine. It also teases the hell out of her because by now she wants some attention given to her clit. Check it out. See if her clit has gotten hard enough to peek out of its covering. If so, lick it. If you can't see it, it might still be waiting for you underneath. So bring your tongue up to the top of her slit and feel for her clit. You may barely experience its presence. But even if you can't feel the tiny pearl, you can make it rise by licking the skin that covers it. Lick hard now and press into her skin.
Gently pull the pussy lips away and flick your tongue against the clit, hood covered or not. Do this quickly. This should cause her legs to shudder. When you sense she's getting up there toward orgasm, make your lips into an O and take the clit into your mouth. Start to suck gently and watch your lady's face for her reaction. If she can handle it, begin to suck harder. If she digs it, suck even harder. Go with her. If she lifts her pelvis into the air with the tension of her rising orgasm, move with her, don't fight her. Hang on, and keep your hot mouth on her clit. Don't let go. That's what she'll be saying too: 'Don't stop. Don't ever stop!'
There's a reason for that - most men stop too soon. Just like with cock sucking, this is something worth learning about and worth learning to do well. I know a man who's a lousy fuck, simply lousy, but he can eat pussy like nobody I know and he never has trouble getting a date. Girls are falling all over him.
But back to your pussy eating session...There's another thing you can do to intensify your woman's pleasure. You can finger-fuck her while she's enjoying your clit-licking talents. Before, during or after. She'll really like it. In addition to the erogenous zones surrounding her clit, a woman has another extremely sensitive area at the roof of her vagina. This is what you rub up against when you're fucking her. Well, since your cock is pretty far away from your mouth, your fingers will have to do the fucking.
Take two fingers. One is too skinny and three is too wide and therefore can't get deep enough. Make sure they're wet so you don't irritate her skin. Slide them inside, slowly at first, then a little faster. Fuck her with them rhythmically. Speed up only when she does. Listen to her breathing.
She'll let you know what to do. If you're sucking her clit and finger-fucking her at the same time, you're giving her far more stimulation than you would be giving her with your cock alone. So you can count on it that she's getting high on this. If there's any doubt, check her out for symptoms. Each woman is unique. You may have one whose nipples get hard when she's excited or only when she's having an orgasm. Your girl might flush red or begin to tremble. Get to know her symptoms and you'll be a more sensitive lover.
When she starts to have an orgasm, for heaven's sakes, don't let go of that clit. Hang in there for the duration. When she starts to come down from the first orgasm, press your tongue along the underside of the clit, leaving your lips covering the top. Move your tongue in and out of her cunt. If your fingers are inside, move them a little too, gently though, things are extremely sensitive just now.
If you play your cards right, you'll get some multiple orgasms this way. A woman stays excited for a full hour after she's had an orgasm. Do you realize the full impact of that information? The potential? One woman was clocked at 56 orgasms at one sitting. Do you know what effect you would have on a woman you gave 56 orgasms to? She'd be yours as long as you wanted her.
The last advice I have for you is this: After you've made her come, made her your slave by giving her the best head she's ever had, don't leave her alone just yet. Talk to her, stroke her body, caress her breasts. Keep making love to her quietly until she's come all the way down. A man can get off and go to sleep in the same breath and feel no remorse, no sense of loss. But a woman by nature requires some sensitivity from her lover in those first few moments after sex.
Oral sex can be the most exciting sexual experiences you can have. But it's what you make it. Take your time, practice often, pay attention to your lover's signals, and most of all, enjoy yourself.
The G-Spot
This does exist. And in over half of the women out there, it works better than anything else you can do to cause a strong, prolonged orgasm. The original name is the Grafenberg spot, after a doctor, Earnest Grafenberg, who documented the area (which may have been known by people here and there throughout history) in the fifties.
This "spot" is a small "mound" of tissue inside the vagina, between a penny and quarter in size, which responds to being pressed upon. It's almost certainly not the skenes glands, (which are located around the urethra, which is behind the G-spot area), as has been suggested by a few people. In fact, the G-Spot is the tissue in that raised area of the vagina, which has a higher concentration of sexual nerves, and produces hormones similar to those made by the male's prostate gland.
A sort of map to the area -- Imagine your lover lying on her back, legs spread. Your position is between her legs. You would slide a finger inside her vagina, palm up. With your finger straight back, middle finger is best, you would curve it toward yourself, gently, as if you were gesturing to someone to "come here". In doing so, the area you press on should be pretty near her "G-Spot" area. If you know enough to follow the urethra (the tube that leads from the bladder to where the pee comes out), along the inside of her vagina, you may feel a slight swelling (if she's excited) at the point where the g-spot is.
She must be excited, especially if either you or she is new to the g-spot, for the g-spot to have any real effect at all. It's not the ideal area for getting your lover aroused.
But when she is excited, this area (more often than not) is the best way to bring her to orgasm. You work your way back to it gradually, teasing her (typically, this works best) with your fingers, slowly and gently. It's easier to hit the right area with two fingers, but this may not be comfortable for her, depending on how "tight" she is at that moment. When you have your fingers around the right area, try gently pressing, not too quickly. The movement should be fairly rhythmic. It's typically best if you're licking her clitoris (or near it, depending on the woman) at the same time...don't make a big deal out of the "quest", this will often make her feel self-conscious, or distracted. The licking should seem to be the primary activity.
When you find the right area, she should respond by getting more excited. Most of the vagina's inside surface isn't really that sexually sensitive, believe it or not...most of the excitement of randomly inserting fingers is more psychological than from the actual stimulation.
While more complicated techniques work with some women, some of the time, the best basic technique, upon finding the g-spot, is to continue to slowly, rhythmically press on it, while licking her clitoris (for a few women, the labia (lips) are sensitive to licking, too).
This should cause her to build up to an orgasm.
A G-Spot orgasm is different (always, when it works at all) than any other kind women have. It is possible, with some women, to have different qualities and kinds of orgasms from vaginal, clitoral, anal, and even breast stimulation...but with other women, those kinds of orgasms are all pretty much the same. But the G-Spot orgasm not only feels different; it also causes her body to react in a different way.
First, it often causes a "push out" orgasm. The area around, or "above" (farther inside, that is) your fingers seems to swell up or to contract toward the opening of her vagina.
If you find the right combination of pushing back when this happens, and slacking off to let it push out, you can cause (in perhaps half of the women) her orgasm to continue happening, long after normal ones would have subsided. In some women you can even keep her at a "plateau" (raised level) of sexual excitement, like a prolonged orgasm (or a little less than one) afterward, building up to an even bigger climax.
That brings me to another important point; G-Spot orgasms sometimes causes a huge amount (relatively speaking) of lubrication (juices, wetness)...far more than even the most excited woman gets from "conventional" stimulation.
When that extra wetness combines with the push-out orgasm, you get actual ejaculation...like a guy, but much better tasting. The built up juices can shoot out in such volume that you, or she, may be afraid that she lost control of her bladder. That is (almost always) not what happened. The fear that she peed can be enhanced by the fact that the urethra is behind the g-spot, so that in rare cases the woman can sometimes get the feeling that she needs to pee, even though she does not.
In reality, in both men and women, enough sexual excitement prevents peeing, unless you try really hard. This is a built-in reflex, because urine is something of a spermicide. The "pee hard-on" that men get in the morning is partially his body taking advantage of this reflex, to keep him from accidentally wetting the bed with the urine that built up while he was sleeping.
Taste
Anyone who likes, say, coffee or beer should have no room to complain about the way most women taste. No, I don't mean it tastes like coffee or beer, genius...I mean that beer and coffee are, at best, acquired tastes...they are not naturally pleasant to a human being, no matter how much your addiction to one or both has convinced you otherwise. Most people, whether they remember it or not, had to learn to like the taste of beer/coffee, and had the desire to be Like the Adults to help them along. Well, I'd list taking pleasure in cunnilingus above drinking addictive beverages on the list of things that prove maturity. Aside from that, there's the fact that many people who give it an honest try genuinely enjoy the taste/smell.
The mods are CENSORING this information! Please mod this up and show this info to the world!
COuld someone elaborate here. Why is a WEP key more vulnerable than say an SSH key? Why is it insecure to have unencrypted Beacon frames and MAC addressses. What info is being given up by these or how can these be exploited in a way particular to wireless?
and given encrypted transmissions why is WiFi more suceptible to man-in-the-middle attacks than any SSH connection?
Some drink at the fountain of knowledge. Others just gargle.
Ok... that's it now, I'm gonna sit on my roof watchin for those black helicopters, the UN world government ain't gonna get any wireless network of mine, that's if I had one, anyway, nobody is taking my dirt farm off me!
Hrm... where's that foil hat, I hope I don't find another of those inside out cows.
Over and out.
But surely if you want to provide wireless capabilities on your corporate network you put the access point in a DMZ and have users come in via a VPN, just as if they were working from home and connecting over the "public" Internet.
Very important information.
I'm using an 802.11b network with 128-bit encryption, meaningless passwords (not "admin" or "router"), and the WAP will recognize only the MAC of the portable (yes, that can be spoofed, but it keeps out random strangers). Finally, the access point is in the basement, so its reception zone is mostly up, not horizontal.
There could be specific weaknesses in my brands of hardware, but that's another problem.
Am I mistaken that this provides reasonably good security? I don't expect to screen out the NSA, but do most snoops. If not, can someone type up a checklist for the well-meaning but slight clueless 802.11 administrator?
Human error certainly includes misconfiguration, but if configuration is too hard for most people to understand I think it is the technology that is faulty -- human factors design and all that.
I'm glad they're making these weaknesses more public. Doonesbury did a good job in the Sunday strip a while ago.
First thing in a Google search for WEP:f aq.htm l
http://www.isaac.cs.berkeley.edu/isaac/wep-
The difference is that openssl is implemented more rigourously than WEP. IANAC (I am not a cryptographer), but it sound like the WEP folks put it into place without sufficient review and now we are stuck with a less-than-robustly-designed standard.
Sometimes, combining two encryption methods can result in something weaker than either of the two original methods, in that they kind of partially decrypt each other.
There are two kinds of sysadmins: paranoids and losers. I'm both kinds.
Although it is encrypted, it is most likely that within two years, it will be possible to crack this.
Cables are securer.
With a wire cutter I can crack a cable today. Cables are not more secure. They are just slightly less accessible.
"I have opinions of my own, strong opinions, but I don't always agree with them." -- George H. W. Bush
No way.
Chances are I could walk into you company, put a box on a desk, plug it into the wall and come back next week to collect it without anyone noticing.
Your cables are just as naked as your wireless is.
You want real security? Think biometrics. Think Faraday Cage.
"There's an article on the BBC about how the UN is being briefed on the problems of wireless networks. Predictable conclusions - security is mainly compromised through human, not technological factors."
So... what does the UN not want the general public to know? Heck, should the UN even be making calls like that?
I haven`t trusted WEP since it was introduced because I didn`t know how it worked. When the flaws were discovered it really came as no suprise to me to be honest.
I think it makes sense to treat your WLAN like a direct Internet connection, ie. all packets could be snooped/intercepted/changed etc. If you want security use ssh or https.
You can make wireless (802.1x) as secure as wired by putting all your wireless users on a VPN. Unsecured wireless users are just like having open access to the insides of your network and completely bypassing peripheral security measures like firewalls. The real question is how to make *all* your computing and networking resources more secure. Wirelessness per se won't be the problem.
CERIAS is part of Purdue University, not Indiana University. I'm sure heads will roll when Coach Keady finds out about this. 8)
--
Ed
The paper by Fluhrer, Mantin & Shamir talks about several weaknesses in the key scheduling algorithm of RC4. The paper by Borisov, Goldberg and Wagner "Intercepting Mobile Communications" talks about keystream reuse. I am quite puzzled between the two. I believe the earlier is a direct weakness to RC4 but Borisov's paper does not reference this at all. Can somebody please fill me in?
- Very insecure (no passwords, all users can do everything).
- Have a bad GUI (noone knows how the users will use it yet).
- Filled with bugs.
And since noone ever has time for a complete refactoring of the code (not a rewrite from scratch)... then that stuff usually never gets fixed in future versions.Sex - Find It
My favourite quote from the whole article:
"Wireless technology is going to be deployed across the globe either securely or insecurely" --David Black, Accenture
Now that doesn't seem obvious does it?
The Welkin: Online Music Reviews
To the responders, thank you. I'd like to draw folks' attention to the "good enough" portion of my query. After all, encryption is just a game of staying a step ahead of the decrypters.
:)
Because any practical encryption can be cracked -- I assume SSL and whatever underlies ssh and, with difficulty, PGP -- what is "adequate" under what is currently readily available? ANything? I get the sense that breaking into a secured (not "secure") 802.11 link at least requires more than just getting a scanner to tap analog cellphones. (Remember Newt Gingrich's indiscretion?
Last, it should be reiterated that human weakness such as social engineering and administrator goofs is the most likely and traditionnal sources of security breaches. Thus a need for regular independent audits by trusted (gasp) humans.
One more time, in regular English? I understoon everything up to "nope." :)
VPN does raise the security bar, but isn't a direct answer to wireless security. I'd prefer all of my wireless communications to be private.
I also posted a follow-up to the original post which may clarify my intent.
I dont' get what the fuss with relying on WEP for wireless security is. Regular ethernet is not encrypted. You could just plug a laptop into a hub and run tcpdump to sniff if you really wanted to. If we use the same security measures over wireless that we do over wired ethernet (VPN, SSL/SSH, Kerberos), who cares about WEP?
How many heists of credit card numbers are done online? Compare this to how many heists of credit card numbers are done meatside.
Meatside wins. You know why? It's a hell of a lot easier to make Joe Blow think you're someone you're not, than it is to neutralize computerized security.
Remember kids, Mitnick "hacked" the minds of people more than he did computers. So did the other famous 'ev1l l33t h4x0rZ!'.
"Code Red!" you shout. "Nimda!" you cry. These incidents and others aren't even related to the above. These were the result of script kiddies and the weakness of human security. Any dolt who got nailed by Code Red, for example, deserved it - Microsoft had a patch out long before the shit hit the fan.
Wireless is a nightmare waiting to happen. It isn't secure out of the box. It isn't 'as secure' as hard wire, even if it is encrypted. One can just pull data out of the air with wireless; one needs to actually defeat rent a cops with water pistols to jack into a hard-wired system with a laptop.
What happens when the clueless do a wireless install at the office, fail to utilize encryption, and pretty much leave things wide open? Won't happen? It's happening now, and if the infamous Microsoft worms weren't enough of a display that it *will* happen..
Security. Ahh, blessed security. Fire your damnable MCSE's, take the donuts out of the rent-a-cop office and give out higher salaries all around.
Oh, and remember, make sure the 'computer-knowledgable' secretaries know NOT TO GIVE OUT THEIR FRIGGIN PASSWORDS TO ANYONE.
K thx bye.
Thank God, the UN has finally been briefed. I guess we can look forward to some sort of wireless security "task force", perhaps a number of UN Conferences on Wireless Security, and then some resolutions blaming wireless insecurity on the US and Israel.
At least with cleartext, people who care about security, but might not know how secure something is, will turn on encryption via SSL or SSH.
With WEP, people may think that since it isn't sent in the clear, they don't have to go and encrypt their IP traffic which is going over it.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
Seems to me that if everything was encrypted there would be more money being spent by [insert favourite government agency here] to crack the encryption. This would suck, because we'd continually need to come up with new encryption methods, generate larger keys, etc. in order to keep out prying eyes.
So I say, let most of the traffic be unencrypted so that the [insert same favourite government agency here] doesn't have a hard time finding illegal activity so that their "need" to crack encryption (at least from [government agency]'s point of view) is small.
That said, most of the really bad evils already use encryption, so maybe it's a moot point. Maybe.
[insert witty comment here]
And an undeserved -1 at that.
Your western pal
It is an important and popular fact that things are not always what
...
they seem. For instance, on the planet Earth, man had always assumed
that he was more intelligent than dolphins because he had achieved so
much -- the wheel, New York, wars and so on -- whilst all the dolphins
had ever done was muck about in the water having a good time. But
conversely, the dolphins had always believed that they were far more
intelligent than man -- for precisely the same reasons.
Curiously enough, the dolphins had long known of the impending
destruction of the of the planet Earth and had made many attempts to
alert mankind to the danger; but most of their communications were
misinterpreted
-- Douglas Admas "The Hitchhikers' Guide To The Galaxy"
- this post brought to you by the Automated Last Post Generator...