Slashdot Mirror

← Back to Stories (view on slashdot.org)

Government Use of WiFi Not Secure

Posted by samzenpus on from the be-more-secure dept.

Terremoto writes "A Congressional report indicates that the use of WiFi by government agencies is being done with little regard for security. The article says, "Government Accountability Office investigators were able to pick up Wi-Fi signals from outside all of the six agencies they tested, and they were able to find examples of unauthorized activity at all six as well.""

2 of 220 comments (clear)

  1. Re:Open WIFI == Good by Osty · · Score: 5, Insightful

    That sounds great, right up to the point where some pervert uses your open wi-fi to download child porn which is then traced back to your IP, or some l33t hax0r d00d tries to crack into military servers. And of course all of this is ignoring the fact that most ISPs specifically deny you the right to share your access this way. There are a few like Speakeasy that don't care or even encourage it, but Speakeasy's service sucks (I know, I had DSL with them for two years), and none of them legally protect you if someone using your connection doesn't something illegal or at least against their AUP.

    You could go hardcore setting up a walled garden, authentication system, and the whole nine yards, but you really don't have to. Even doing something as simple as enabling WEP on your AP is enough for the casual browser. It's certainly not 100% secure, and anybody with malicious intent could easily crack your key in minutes, but that's not the point. It's a deterrent and a source of plausible deniability. A thief could easily pick the lock on your door, but the simple act of locking your door will keep most people out (the end goal). As well, the fact that you took some measure means that you can't be held responsible when the thief who picked your lock and stole your shotgun later goes on to shoot up a school or convenience store.

  2. This is the fault of consumers and the WiFI makers by Anonymous Coward · · Score: 5, Insightful

    There is a wonderful solution to all of the wireless security issues:

    802.11i

    802.11i not only plus all of the holes in WEP, it also uses AES encryption to get around all of the potential problems with RC4.

    Right now, as I speak, err write, I can not buy an 802.11i complient router with AES encryption. I've looked at Netgear's site. I've looked at Linksys's site. I've looked everywhere. There was a bunch of discussion about how 802.11i was going to be the next great thing in mid-2003, then a deafening silence.

    If I want 802.11i right now, I can't get it.

    I think the fact of the matter is the your average user is not willing to pay for than $50 for a wireless router. It is, of course, possible to make AES work fine with a router of that costs, but it is going to take good deal of economics of scale in action to make a 1,000,000-transistor chip for implementing AES affordable at that price point.

    802.11i is just not a buzzword in the buzz machine that all the tech magazines use. Until it becomes a buzzword, wireless networks will continue to be insecure.

    (There is also a lot to be said for 802.11i being deployed on a wide enough scale that AES becomes ubiquitous. I would like to see special AES-specific op codes on x86 chips and have $5 co-processors available that can do AES at 100Mbps)