CNN Notices that WiFi is Insecure
josh3736 writes "From CNN comes an article that makes painstakingly obvious to the public what we already knew: 802.11 security is horrible. The article points out that nearly 40% of wireless network APs haven't even been changed from defaults and as many as 80% of home APs have encryption disabled. The article goes on to say that '[t]o make matters worse, users who don't secure their networks are often the very people who don't keep their computers up to date with the latest security patches and antivirus software.' It also accuses WiFi manufacturers of disabling security measures by default to make wireless easy to the lowest common denominator. My favorite quote? 'Experts say that while Wi-Fi hardware makers have made initial setup easy, the enabling of security is anything but. Meanwhile, average users are no longer tech savvy.' Which is to say that they at one point were?"
Not only do WiFi equipment manufacturers disable most of the security by default. Some blame any connectivity issues you are having on the encryption (see How stable is WEP).
Personally, I would love to see some more options when it comes to turning WEP on. Since my laptop connects in both a wired and wireless manner to my network, it would be great is some software generated a new WEP key to use each time I went wired. I see no reason that the end user would need to be involved, any weakess on the part of the pseudo-random generation of a new WEP key would be less insecure than having the same one for months on end.
paul reinheimer
users who don't secure their networks are often the very people who don't keep their computers up to date with the latest security patches and antivirus software
I wonder if this would be a new, easy way for people to start a new worm/virus infection. Wardrive down the street, map a few hundred potential victims, and come back later and put the bugger in the "Startup" menu on Windows PCs. Ack.
He said, "As long as I live in this city, I'll never pay for Internet again." We'll see if that remains true when consumers with wireless routers wise up and turn on some of the security features.
--Residential Interior Design
I have intentionally left WEP off on my AP at home. I use ssh or https for anything sensitive, but I want my visitors to be able to connect via my home
network without sophisticated configuration on their side (and of course, without telling them my WEP password).
My home network is connected via Linux firewall, so I can cut the access or install traffic shaping when the problem occurs.
-Yenya
--
While Linux is larger than Emacs, at least Linux has the excuse that it has to be. --Linus
The problem is not the product, but the consumers. Now, I might be wrong about this, but I am willing to bet that all access points, WNIC's and other accessories come with something called a "manual"! If you were to actually *read* one of those, by accident or intent, you might discover how to acutally use your newly accuired product! Only thing is that people don't bother anymore... They expect everything to be so userfriendly that it will install itself and automatically know how you want the settings to be!! Maybe they could put little warnings on the packs like with ciggaretts.. "warning, the DOJ says that not properly securing your accesspoint can be hazardous to your privacy bank account, and or bandwith".. Heh
Have you actually done it? I have been running Airsnort in my apartment with two encrypted nets visible and have had absolutely no results so far. Probably not enough traffic, but also thought THIS article interesting. Would be nice to hear if anybody has actually been successful or just repeating the 'myth'(?).
try { do() || do_not(); } catch (JediException err) { yoda(err); }
My in-laws just got high speed access through Comcast. Instead of a standard cable modem, they were given a Linksys wireless router (branded as Comcast). I placed the order so I know we didn't ask for this, since I went out a bought a wireless router for them already. So now I get there and they have a wireless router with WEP turned on but no key entered and no one bothered to leave the password so I could set it up properly. It took me an hour on tech support before they could get me the login and password. I can't imagine many of the non-tech savy people going through all of this.
Viv
Gmail invites for ip
Couple of years ago when 802.11b was kinda new, i did some testing of this sort of thing.
The fast crack using weak frames worked then. It doesn't work much now, if the boxes are using newer hardware.
The slow crack where you get enough packets to figure out the key worked then and now, but in order to actually do it back then I had to set up some continous traffic to get enough packets to make it work. We're talking millions of packets here, and it just takes forever to see enough to do it, with 112/128 bit WEP.
Can they get in? Sure.
Will they get in? They're going to have to really want in pretty badly or live nearby and be bored enough to capture for a long period of time. And if they just want free network access, they'll find the easier target like the unsecured one down the street. Or pay the 3 bucks at the nearest hotspot for the hours worth of access.
WEP is not secure, but in 99% of cases, it's secure *enough*.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
This is precisely why I standardized my whole network on Linksys products. Once I did, all of my compatability problems went away - and administration is a breeze.
I have a carboard box full of old NICs that I acquired cheaply, thinking at the time that I would be able to save a buck. What I saved in money, I lost in time trying to get all the disparate cards to work on various machine architectures and operating systems. I finally broke down and bought all Linksys - at the time a basic 10/100 ethernet NIC was only $10 (now they are $25...must have caught them on sale at the time...) I plugged them in my Linux and Windows machines - and they just worked, right out of the box.
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain
I run an open access point and my neighbor does as well. Anything (and I mean anything) more than computer games and unimportant chat sessions I tunnel through ssh/ssl or something similar.
/. aren't in favor of open access points. They seem to fit very well into the whole 'information should be free' value system that many geeks have.
Why do I leave my access point open then? Because on average I only use maybe 3% of my bandwidth and I don't see any reason that one of my neighbors shouldn't be allowed to use some of it when I don't need it. When I first moved in and didn't have my own broadband yet I was very happy one of my neighbors left his router unsecured.
I'm actually quite suprised that more people on