Slashdot Mirror
The Year 2003 in Wireless Network Security
OenMarK writes "I ran into an article that is basically an overview of events, software releases, and happenings related to wireless security. There's also a Q&A with some wireless security experts, one of which is from IBM.
What's your take on wireless security? Are we there yet?" This is the same site that also hosts the look back at Linux security we posted earlier. They complement each other well.
Yes that's right, THINK ABOUT YOUR BREATHING. Why you might ask? Well it's simple!
Your brain usually takes care of breathing FOR you, but whenever you remember this, YOU MUST MANUALLY BREATH! If you don't you will DIE.
There are also MANY variations of this. For example, think about:
In conclusion, the THINK ABOUT YOUR BREATHING troll is simply unbeatable. These 4 words can be thrown randomly into article text trolls, into sigs, into anything, and once seen, WILL FORCE THE VICTIM TO TAKE CARE OF HIS BREATHING MANUALLY! This goes far beyond the simple annoying or insulting trolls of yesteryear.
In fact, by EVEN RESPONDING to this troll, you are proving that IT HAS CLAIMED ANOTHER VICTIM -- YOU!
The THINK ABOUT YOUR BREATHING (TAYB) Troll is a PROUD SUPPORTER of the GNAA , and encourages TROLLKORE to THINK ABOUT THEIR BREATHING
SHIT ON ME! It's official - Slashdot has fucking confirmed: Trollkore is dying
Yet another cunting bombshell hit the community of Trollkore asswipes when Slashdot recently confirmed that Trollkore accounts for less than a fraction of one single puny fucking percent of all trolls. Coming hot on the heels of the latest Slashdot survey which plainly states that Trollkore has lost more fucking fp's to the GNAA, this news serves to reinforce what we've known all along. Trollkore is ingesting itself backwards, disappearing up its very own shitter, as fittingly exemplified by beeing fucking owned in this recent Slashdot story.
You don't need to be a cock-sucking Kreskin to predict Trollkore's future. The hand writing is on the wall: Trollkore faces a bleak future. In fact there won't be any fucking future at all for Trollkore because that sorded, shit-filled, mutated testicle of a troll group is dying. Things are looking very bad for Trollkore. As many of us are already aware, Trollkore continues to lose first posts. Red ink splashes across the accounting documents like a series of exploding bloodfarts. Trollkore munches the most ass of them all, having lost 93% of its core trollers. The sudden and unpleasant departures of long time Trollkore cuntwipes Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: Trollkore is dying and its rotting corpse smells worse than a maggot, vomit, shit and piss cocktail.
Due to the troubles of those arseholes at Slashdot, abysmal trolls and so on, Trollkore showed themselves to be a bunch of retarded tossers, went out of business and were taken over by GNAA who troll another type of trolls. Now Trollkore is also a miserable failure, its corpse turned over to yet another charnel house... pathetic.
All major surveys show that Trollkore has steadily fucking declined in first posts. Trollkore is where it belongs, at death's door and its long term survival prospects are almost non-fucking-existant. If Trollkore is to survive at all it will be among moronic, dilettante shitheads. Trollkore continues to Chew Satan's Dick And Fuck The Baby Jesus Up The Pooper. Nothing short of a miracle could save it at this point in time. For all practical purposes, Trollkore is dead.
Fact: Trollkore WILL FUCKING LOOSE THE UPCOMING FP-BATTLE!!.
...gives the Microsoft security staff something to look down on.
yOUR hANDLE iS mISSING tHE lAST pART oF yOUR sUPPOSED hANDLE! lEARN tHE fACT tHAT tHERE iS a 20 cHARACTER mAXIMUM tO sHITDOT hANDLES! yOU aRE sUCH a fUCKING iDIOT! gO sUCK a cOCK!
You see i had a few choices, i considered going with with TAYBTroll, but i figured some people would be too stupid to know that TAYB = Think about your breathing, so i just went with 'ThinkAboutYourBreath', it still makes you take care of breathing when you read it.
:(
And it seems that you have fallen victim to the troll seeing as how angry you are
A study of honeypot projects that showed most wi-fi abuse was "bandwidth stealing" doesn't exactly fill me with a sense of dread. More useful would have been a list of attempts hackers sitting outside of unsecured businesses trying to get at the corporate data.
Or are they trying to lull potential customers into a false sense of security?
John
FUCK YOU!
What's this? Wireless and security in the same sentence?
Wireless and security seem to be two words that are mutually exclusive these days, it would seem: between cocky administrators not securing their wireless networks, that few networks seem to be using WEP and huge bugs in phone's implementations of bluetooth...
Know anyone who trusts WiFi? I don't. Even my university doesn't (and it isn't well known for good security practise). Useful, but slightly untrustworthy.
Global symbol "$deity" requires explicit package name at line 2. - If only $scripture started "use strict;"
meditate on my nuts in ur mouth faggit
HUH?
BALLS! OF! SHIT!
Just have your wireless devices set to a DMZ that opens to one page, a VPN portal. Then you have a wireless connection, with VPN providing your security. Voila...a little bit more cumbersome, but isn't your network integrity worth it?
HOW GAY!
RASPBERRY CHOCOLATE-CHIP PANCAKES
Can be prepared in 45 minutes or less.
1/2 stick (1/4 cup) unsalted butter
3/4 cup plus 3 tablespoons milk
1 large egg
1 cup all-purpose flour
2 teaspoons baking powder
1/4 teaspoon salt
1 cup picked-over raspberries
1/2 cup semisweet chocolate chips
Accompaniment: pure maple syrup, heated
In a small saucepan melt 2 tablespoons butter over moderately low heat, stirring. Stir in milk and heat until just warm. Remove pan from heat. In a bowl whisk together milk mixture and egg. Into another bowl sift together flour, baking powder, and salt and stir in egg mixture until just combined. Gently stir in raspberries and chocolate chips.
Preheat oven to 200 F.
Heat a griddle over moderate heat until hot enough to make a drop of water scatter over surface. Add 1 teaspoon butter and with a metal spatula spread over griddle. Working in batches, drop 1/4-cup measures of batter onto griddle to form pancakes about 4 inches in diameter and cook until bubbles appear on surface and undersides are golden brown, about 2 minutes. Flip pancakes with spatula and cook until undersides are golden brown and pancakes are cooked through. Transfer pancakes as cooked to an ovenproof platter and keep warm, uncovered, in oven. Make more pancakes with remaining butter and batter in same manner.
Serve pancakes with syrup.
Makes 10 pancakes
Despite the advances made in 802.11i - WAP/TKIP (TLS/TTLS/EAP/PEAP) - the best solution is "on-the-wire". 3DES IPSEC and now SSL Tunneling are two examples we are using to avoid new exploits as hacks become available for the wireless standards. The above are tried and true methods of encrypting data. If the end user simply runs a client (3DES IPSEC) or uses the well known SSL standard (no client needed) between themselves and your NOC/Colo/Facilities - you can gaurantee a measure of security for their data.
Hello master.
sid=90680
formkey=fotEiXYHOA
This is a joint venture that will be mutually advantageous to both parties involved.
Wireless has no such limits. This is even skript kiddie level stuff.
This is my report on it.
On Linksys' site they have 7 things people should do to keep their wireless network safe:
1. Change the default SSID.
2. Disable SSID Broadcasts.
3. Change the default password for the Administrator account.
4. Enable MAC Address Filtering.
5. Change the SSID periodically.
6. Enable WEP 128-bit Encryption. Please note that this will reduce your network performance.
7. Change the WEP encryption keys periodically.
Now your telling me average joe (or administrator) is going to preform all these tasks, and remember to regularly change the WEP encryption keys. This is a problem, and until security setup and mantainance is automated and/or easy enough for the everyday folk, there is going to be a continual growth of attacks on these type of networks.
------------
Are we there yet? Lets see..
1) 802.11i is still not yet approved as a standard
2) WPA (the impetuously released TKIP variant) is not widely available and like 802.11i relies on 802.1X.
3) 802.1X has been withdrawn by the IEEE pending a re-write. Its broken for wireless. Don't expect to see the revision any time soon.
4) No semblance of a seamless, inter operator, inter hotspot, non web-pagey user authentication scheme for mobile devices is widely deployed for 802.11.
5) Other wireless networks that are deployed are insecure (E.G. GSM)
I think maybe there's a way to go yet.
Evil people are out to get you.
Fuckin' cannibal-faggit motherfucker.
Up here in central Canada, early 2003 showed a nice, gradual uptake in wireless equipment by the business sector, and a few tech-heads putting it in their houses. Now that xmas is over, and stores were selling APs for as little as $15 (cdn) after rebates, I'm seeing almost a 10-fold increase in the number of hotspots compared to June of this year.
:)
I see a couple of trends on the horizon:
1. Just as you can no longer buy a 10mbit hub, because a 10/100 switch costs pennies more to make, soon all home cable/DSL routers will come with 802.11b at the very least. The "premium" models will include g for $5-10 more, to keep some price differentiation happening.
2. Back when it was us geeks and businesses, the WEP/non-WEP ratio seemed to hover around 50-75%, depending on area. Driving around last night, it's below 10%. This could be an indication of new xmas presents that the owner hasn't had time to configure, but really: how many people actually change from the default settings? (On that note, thank you SMC for having a blank default password and an SSID of "SMC"
Just the changes in the past 12 months have convinced me that 2004 will be the year wireless really takes off everywhere up here, and as long as it's still being shipped unsecured to the consumer, we're soon going to have a LOT more opportunity for this sort of thing.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
Fuck the GNAA
Hail the Anti-GNAA
GNAA = Fucking Retarted Bastards
You forgot about the token stored on a smart card, your biometric information via finger print reader, along with a plain old username and password (which only corresponds to that particular set of biometrics) that are needed to log in to the VPN. A tad bit more cumbersome, yes, but voila! Complete wireless security.
No more worries about wireless security alerts, finicky configurations, key management, weird drivers, setting up VPNs within my own house, strange network freezeups or having to read articles to keep on top of it all.
To me, keeping my mind uncluttered and free from all that minutia is worth the ugliness of a few network cables.
Do you install heaters in them or how do they survive the freezing temperatures and snow?
Hail the Anti-GNAA GNAA = Fucking Retarded Bastards Support the Anti-GNAA get rid of Fucking Retards
My company (Newbury Networks, Inc.) makes a product that provides physical perimeter security on 802.11. It uses our location-tracking technology to identify the location of all 802.11 traffic and can then both report and classify traffic as well as deny access to devices outside your physical perimeter. While some security problems remain, this largely mitigates the "attacker in the parking lot" scenarios.
Most people assume that wireless security cannot be coupled to physical security. If you can keep people outside your building off your network, it's a whold different ball game. This essentially eliminates spoofing problems because it doesn't matter if you're spoofing if you're outside. Obivously, internal threats are still an issue and any security system should be multi-factor. Location is simply a key element that it's hard to provide for wireless.
(I hope this isn't taken as inappropriate product pushing, but I believe it is a useful and relevant solution to many wireless security problems)
My WiFi access point sits by its lonely self on the high speed modem, with its own IP address, next to my firewall. I use plain text when surfing the internet and ssh to my own servers.
If a neighbour wants to use the network at 1Mbps or whatever lousy data rate he would get from over yonder - be my guest - won't bother me...
How secure are wifi lans at starbucks etc??? Are all email passwords etc at risk? sci-fi/horror fanfiction
stereoscopic multimedia pioneer view3d.tv
WEP works just fine for certain things. For example, keeping people from abusing my internet connection, downloading child pornography, etc. In order to crack a 128-bit WEP key, last I checked, you need something like 5-10 GIGABYTES of traffic to analyze. I don't use that much bandwidth in a year over wireless - it's just to be able to surf from the living room, etc.
:)
I've checked out the range on my AP using some nice high-gain antennas, and seeing as it's in the basement, someone would have to be within 3 or 4 houses of me. That's a pretty limited range, so I can narrow it down to say 100 of my neighbours. And one of them would have to sit and passively sniff my traffic for an ENTIRE YEAR. Answer: change my WEP key every few months, and unless I'm not up to date with the latest security issues, I'm virtually immune. Sure, they can sniff my SSID. Big whoop if they can't get on it.
Disclaimer: I haven't played with Kismet in over 6 months, so if there's some new "grab 10 packets and crack the WEP key" setting that I haven't heard about, please correct me
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
probably the most important news is that China will disallow standard 802.11 WEP security and mandate its own standard - WAPI for all Wi-Fi in the country. This could have wide ranging implications, from splitting the market to leading to a possibly improved system (on first glance, WAPI beats WEP hands down, except for privacy implications - big surprise) for the world.
In any case, it is a dramatic development.
The only good weather is bad weather.
Working at a .edu we don't particularly trust our wired networks either, so pretty much all of our services (HTTP, IMAP, LDAP, etc.) require encryption (SSL or SSH). So the only thing special about wireless is that someone doesn't have to walk into the building to get on the network.
The most common solution to this for now seems to be to do some magic with DHCP, iptables, etc. to force the user to a web page where they authenticate themselves before giving them normal network access. I'd prefer we could negotiate an IPSec tunnel, but all the attempts I've seen so far were a bit of a hack. Most Linux distros don't even come with FreeS/WAN, and configuring the Windows IPSec client to talk to a non-Windows IPSec server is a nightmore.
Personally I like the way my garage door open works. The only way to add a remote to the system is to open the box and push a few buttons to tell the system get ready for a new remote. Then you push the button on the remote and verify that the new remote was added.
Networking devices should create and change their own WEP keys automatically. I know my mother certainly isn't going to change it frequently if at all, and if so it will be her kids names or something.
The device would have MAC Address filtering on by default and would only be able to add devices by pushing a certain button on the device and putting it into "Add Network Device" mode. Then your new WiFi card would work on the system.
I think adding some physical requirement to the mix is the only way to have real security that's relatively easy to use.
As with most software or hardware, making it secure by default raises the bar required to use it. The company ends up fielding thousands of support calls from people who don't RTFM. Security out of the box is expensive to handle for general users. So everyone else ends up paying for it instead of the creators.
That's why windows has viruses, wifi is insecure and linux is "hard to use".
http://www.colubris.net/en/products/enterprise/CN1 050/
i've been looking at these guys for a project. it's an integrated vpn/wap. has anyone had any experience with this vendor they could share?
FYI:the slashdot gayness filter has added the customary erroneous space into the url.
Are we even at the "wireless" step yet? I've had nothing but trouble with wireless networks...even ones where everything I bought was from the same vendor. Eventually one of my cards broke - I'm not trying wireless again until it becomes more reliable, less expensive, and there is more support for cards in Linux.
I belong to the ______ generation.
So yes I have WEP and MAC filters turned on my Home Wireless but the Access Point (infrastructure mode) is on its own DMZ LAN and plugged into a Linux box. This Linux box has 3 Ethernets - the ADSL router and trusted LAN connections plus the Wireless LAN. The firewalling is all done via iptables configured using FWBuilder on a different Linux machine-I really recommend FWBuilder once you get into it.
The firewalling ONLY allows PPTP tunnels to be setup from WiFI clients. The Linux PPTP server is PoPToP on Linux side and standard PPTP client with WinXP on Laptop side. The laptop thus gets allocated a new IP address for the tunnel from within my trusted address space (so as to thus get through iptable filters OK) on the PPTP link and the laptop also uses this as its default gateway. BTW: Counterpane found flaws in how MS implemented PPTP not PPTP itself so I'm happy with PPTP for the moment and I use a separate (non-easy) password for the PPTP tunnel.
Wokflow is thus...powerup Laptop. Double-click Connect To Homelan (password is cached in dialog box on WinXP). Wait for handshacking and authentication and tunnel setup. Surf.
My next move has to be IPSec with FreeS/WAN but ideally certificate based. So for me WiFi security is just not relevant anymore because it'll always be more flexible to place the crypto burden inside software as opposed to using hardware devices.
Needs More Testicles