Slashdot Mirror
Feds Hack Wireless Network in 3 Minutes
xs3 writes At a recent ISSA (Information Systems Security Association) meeting in Los Angeles, a team of FBI agents demonstrated current WEP-cracking techniques and broke a 128 bit WEP key in about three minutes. Special Agent Geoff Bickers ran the Powerpoint presentation and explained the attack, while the other agents (who did not want to be named or photographed) did the dirty work of sniffing wireless traffic and breaking the WEP keys. This article will be a general overview of the procedures used by the FBI team.."
When I first read the closing line of the article, I chuckled.
Then I felt dismayed.
It really is a shame when the prevailing "geek" attitude towards agencies like the FBI is mistrust and fear, not confidence and respect.
Obliteracy: Words with explosions
I am surprised that wireless A/P dont block a MAC address after X number of attempts
WEP is like gun laws in the US. They only keep the honest people from having guns. What a great society we live in.
Only 'flamers' flame!
Does slashdot hate my posts?
Just need an actual "pasword". My 63 character WAP password does me quite nicely, and I don't have to change it once in my lifetime since it would take near a googlplex years to crack with brute force anyways. If there's a problem in the firmware, well that's another story.
7 t6o0r9y5y6o1u
For those interested, my WAP passphrase is t2h4e1r0e4a1r0e5XXXXXXXXXXi7d1e6s1t1o9e0v5e9r1y5s
(Those 10 X's are just for my protection, can't give it all away now or I might have to think about changing it!)
And yes, I DO have that memorized.
Dollar Highway Financial News
Interesting post, too bad I used up my mod points earlier today.
Question: what is a suitable length for a random passkey? I always use random strings for stuff like this, but wonder how long they should be.
If God had meant for man to see the sunrise, He would have scheduled it later in the day.
Personally, I use "random.org" to generate 152 bit keys. These should be reasonably secure from brute force attacks.
This is reasonably secure for most of my clients, but I'm still a bit worried about those mind-control-rays penetrating my tinfoil hat. How do I know the numbers weren't intercepted. Granted, I'm not advertising the customers they're going to, but you can never be too careful.
Anybody have experience with building and integrating a hardware random number generator?
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Or you could use someone's handy-dandy Random Password Generator and come up with something you'll actually remember.
</shameless plug>
You have two hands and one brain, so always code twice as much as you think!
This is a demonstration of why anything that is not isolated should be treated as inherently insecure.
Put the AP on the outside of the firewall and your network security is no more compromised than it is by simple fact of being connected to the internet in the first place. Your internet connection is FAR more dangerous. Secure yourself against that and treat any wireless connection no differently.
I use WEP _purely_ to limit leeching, nothing more. Beyond that, I don't see the point in bothering worrying about it, since if your primary network connection is LESS secure than your WiFi connection, you have MUCH bigger problems. Bandying around about encrypted APs just seems pennywise in that context. I mean, would you feel terribly secure if your wired network connection was absolutely secure for 500ft from your building and totally wide open at either end? Seems rather pointless to me and that is EXACTLY what you have with WiFi. Who the fsck cares and if so why?
Establishing plausible deniability for an upcoming information leak scandal.
So, since nobody has mentioned it, I'll actually break my normal ./ silence and point this out.
The attacks they're using were developed by KoreK and released last summer. Then Christophe Devine re-implemented the attacks in Aircrack.
The FBI had nothing to do with development of this, they're just advertising that they're script kiddies. On top of that, the methods they used to for packet generation so they had something to capture were freaking LAME. Anybody with any form of wireless IDS would see this a mile away (oh yeah, they couldn't even write their own deauth tool...they had to be skript kiddies again and use void11...).
I wasn't AT the talk, any maybe the Tom's Networking guy didn't properly convey the message, but I feel that credit should go to the folks who deserve it, not script kiddies who got some face time at a conference.
-d
Seriously, when each packet is encrypted with a different key, it seems like this would become a lot more difficult.
A lot of APs and hubs are coming with it now.
128 bits. Roll one 8-sided die 51 times (discarding the least-significant bit of the last roll).
.50c. I'm fairly certain you could find cheaper prices. I estimate the total cost of this hardware randomizer at $20 if done on the cheap.
To speed up the process, get one of those
clear boxes they use to make sure people take the right number of pills per day. Get one with more than 22 boxes. (4 times a day for a week = 28, fairly common)
Put dice in boxes. Put a sheet of something solid on the door side. Shake. Invert. voila, random byte strings. w/ 28 boxes you have 84 random bits. Repeat twice for your 152 bit key, dropping the last 16 bits.
chessex.com has a variety of dice - you can can order single d8s for
Someone will probably complain about the non-cryptographic quality randomness of this process. But you only need cryptographic quality randomness when you're going to use it very repeatedly and someone can attack the similarity between them. Since the nonrandomness isn't known to anyone outside and you probably aren't generating a massive number of keys you're fairly safe. To increase security, buy dice from multiple manufacturers and occasionally switch around the lots.
(every 4 d8 values converts to 3 hex values. If you're converting by hand, you could alternately use a pair of dice for a hex value, generating only 56 bits per shake but only needing a table of 16 values to convert by hand to hex. You could also use 4 sided dice for this equally well, since you're only using 4 bits per pair.)
Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
If the "$5 lamp timer" idea to shut down the router during off-hours doesn't work for you (eg. you need wired connections to stay up), a script to enable/disable the wl_net_mode setting on the http://192.168.1.xxx/Wireless_Basic.asp page of a Linksys WRT54GS would seem pretty doable. Put an enable/disable entry into a cron schedule and you've closed the window for hackers somewhat.
Cooking a script up like this (with POST and HTTP Basic Authentication for login) wouldn't be very hard, but does anyone know of Linksys scripts that might already be usable?
Here at work (an R&D facility for a major electronics company) we have opened up our WLAN for anyone to use and dropped WEP completely. Instead we use VPN's. This enables the following:
1. Any customer/vendor can get easy net access
2. Anyone in our local area can get free Internet access and feel good about our company. The range isn't that far, but for geeks in a pinch, it's there for them.
We don't advertise this feature but it is definitely done for these reasons.
I strongly recommend other companies to just dump WEP or any other authentication system and open up their access points.
You asked my to mod you down? I did. Honestly, I think the whole "mod me down" thing is a stupid way to get attention. And yes, I logged out and changed my IP to post this. Now to mod myself up as insightful. Bastard.
Pretty much. It does have some historical meaning, although most people are probably unaware of it. See DEADBEEF in the Jargon File.