Security Vulnerability in Apple's AirPort Base Station

inditek writes "At Stake has issued a security warning today about a vulnerability in Apple's AirPort Base Station: 'Apple's AirPort device is a wireless access point, providing 802.11 services to network clients. Authentication credentials are obfuscated, and then sent over the network. If an AirPort is administered over the Ethernet interface or via an insecure (non WEP) wireless connection, an attacker that can sniff the network can obtain administrative access to the AirPort.'"

duh

[trouser]

I think what they're saying is that the Airport base station, which is an 802.11 base station, has exactly the same security vulnerability as an 802.11 base station.

This is very old news.

Re:Er.. since when has WEP been "secure"?

[Stigmata669]

There is a common misconception that WEP is "quickly and easily broken" because there are several open source projects that work on a weakness in the RC-4 key scheduling.

What many people don't realize is that these programs require the harvest of between 2000 and 10000 'weak' packets which can take as little as 20 hours and as long as a week of constant monitoring to collect. If you don't believe me, go read the FAQ of any WEP cracking program. These programs are only proof of concept models, and lack a practical implementation. I tried KisMAC against my own ap and failed to produce any results.

WEP is perfectly secure for a standard network, and anyone who is willing to spend 100 hours standing in my driveway just for access to a network on which everything else is passworded is simply insane.

Anyone who acts like WEP is worthless is simply misinformed.