CNN Notices that WiFi is Insecure

josh3736 writes "From CNN comes an article that makes painstakingly obvious to the public what we already knew: 802.11 security is horrible. The article points out that nearly 40% of wireless network APs haven't even been changed from defaults and as many as 80% of home APs have encryption disabled. The article goes on to say that '[t]o make matters worse, users who don't secure their networks are often the very people who don't keep their computers up to date with the latest security patches and antivirus software.' It also accuses WiFi manufacturers of disabling security measures by default to make wireless easy to the lowest common denominator. My favorite quote? 'Experts say that while Wi-Fi hardware makers have made initial setup easy, the enabling of security is anything but. Meanwhile, average users are no longer tech savvy.' Which is to say that they at one point were?"

Just how do you setup WEP anyway?

[LostCluster]

One major flaw I see in telling people to enable WEP on their WiFi is the first question I'm sure to get back is "How do I do that?" and, well, the instructions for doing that are different for each and every item on their network.

What's more annoying is that people think the "passphrase" they type into their router a the WiFi key rather than what it usually really is, the random seed from which their router generates the actual keys. They type their passphrase into their other devices when they're supposed to type a key value, and then they wonder why it doesn't work anymore when it was working just fine before they tried this security stuff.

I've had friends who I thought were tech savvy get tripped up over this stuff. I blame the router-makers for not providing software that makes this a whole lot more of a user-friendly experience. We as the IT industry are badly failing at this... and having a lot of open WiFi points will just make our other headaches such as spam and viruses worse in the end. This really needs to be addressed for the good of the Internet.

Re:Just how do you setup WEP anyway?

[Oxy+the+moron]

I own a linksys 802.11b router and it came with an 802.11b PCMCIA card. I had no problems getting WEP to work on either the router or my laptop. Linksys did a great job making the process easy with the router's web-based config and the configuration tool software that is provided in the package for the card. I came up with a passphrase and I could easily apply it across the board.

However, when I bought a new laptop with 802.11g wireless built-in (not from Linksys) I started having all sorts of problems trying to get the new laptop connected. I have to use the default Windows XP configuration tool (which sucks, IMO) and even when I do get connected with WEP enabled, the speed is horrible. And I'm of much higher technical aptitude than those mentioned in the article.

My point? I think the ease of configuring wireless depends totally on the manufacturer, and whether or not you have all your products from the same manufacturer. And none of them do a very good job of telling the consumer how to protect themselves.

A follow up article...

[stratjakt]

... has the not surprising statistic that 90% of home users DONT GIVE A FLYING FUCK if the family PC (which they consider no more than an expensive Nintendo/source of free music) is hacked.