Researchers Crack WPA Wi-Fi Encryption

← Back to Stories (view on slashdot.org)

Researchers Crack WPA Wi-Fi Encryption

Posted by CmdrTaco on Thursday November 6, 2008 @03:50AM from the now-they'll-know-my-secrets dept.

narramissic writes "Researchers Erik Tews and Martin Beck 'have just opened the box on a whole new hacker playground, says Dragos Ruiu, organizer of the PacSec conference. At the conference, Tews will show how he was able to partially crack WPA encryption in order to read data being sent from a router to a laptop. To do this, Tews and Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes. They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack. 'Its just the starting point,' said Ruiu."

311 comments

Min score:

Reason:

Sort:

Meh by Anonymous Coward · 2008-11-06 03:53 · Score: 5, Interesting

Cat5
1. Re:Meh by Anonymous Coward · 2008-11-06 04:26 · Score: 1, Insightful
  
  You can listen in on both fiber and cat5 if you have physical access.
  Captain Obvious strikes again!
2. Re:Meh by Anonymous Coward · 2008-11-06 04:37 · Score: 3, Insightful
  
  What you say is true, but you make it sound like obtaining physical access is trivial. In many cases it's not. On the other hand, obtaining unauthorized access to wireless networks is easy, cheap, and relatively safe (as in risk-free).
  BTW, CAPTCHA -- "burglars".
3. Re:Meh by von_rick · 2008-11-06 04:45 · Score: 2, Funny
  
  Of course you can.
  If you want to take it to its logical conclusion, you can make that person hand you all his passwords and personal information if you storm into his house swinging a baseball bat or a samurai sword. I have seen some hollywood movies where the the president hands over the codes to national treasury to criminal masterminds who threaten to detonate nuclear bombs in metropolitan areas during some ceremonial parade -- that is until the retarded hero (usually Bruce Willis) shows up.
  
  --
  Face your daemons!
4. Re:Meh by Anonymous Coward · 2008-11-06 04:57 · Score: 0
  
  Albuquerque ... see I can do it too ...snorkel
5. Re:Meh by v1 · 2008-11-06 05:15 · Score: 1
  
  physical access usually = owned.
  
  --
  I work for the Department of Redundancy Department.
6. Re:Meh by monkeySauce · 2008-11-06 05:32 · Score: 4, Funny
  
  Bah... cat5 is already broken, and cat5e is next.
  Got to think cat6 at least, if not cat7. They're much thicker; harder to break.
7. Re:Meh by Anonymous Coward · 2008-11-06 05:57 · Score: 0
  
  It's "yes, you can". Didn't you get the memo?
8. Re:Meh by Otto · 2008-11-06 06:05 · Score: 3, Funny
  
  You can even do it without physical access on cheap routers and/or modems, by pointing a good digital camera and a telescope at the blinkenlights on the front of them. :D
  
  --
  - Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
9. Re:Meh by Anonymous Coward · 2008-11-06 06:09 · Score: 0
  
  Cat6!
10. Re:Meh by Endo13 · 2008-11-06 06:19 · Score: 4, Funny
  
  Apparently you just haven't watched enough movies. Obtaining physical access IS trivial. All you need is a hot chick to go swipe the security guard's badge that he conveniently left lying on his desk, and you're guaranteed access anywhere in the building.
  
  --
  There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
11. Re:Meh by TurboNed · 2008-11-06 06:22 · Score: 1
  
  Getting hot chicks to do one's bidding is trivial? Of course, I'm merging movies and real life here...
12. Re:Meh by Endo13 · 2008-11-06 06:24 · Score: 4, Funny
  
  Well duh, of course it's trivial. They're always swooning over you. (Well, except when they're pretending to fight with you, but even then they always come around just in time.) Haven't you learned anything from Hollywood??
  
  --
  There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
13. Re:Meh by TurboNed · 2008-11-06 06:29 · Score: 1
  
  Of course, sorry. I don't know what I was thinking. (Well, obviously I wasn't.) Where's the hot chick with the time machine so I can go back and make sure I don't post that comment making an idiot out of myself?
14. Re:Meh by Endo13 · 2008-11-06 06:31 · Score: 1
  
  Think man, think!! You don't need a chick for that! All you need is a Delorean! Man, you have got to start watching more movies.
  
  --
  There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
15. Re:Meh by fataugie · 2008-11-06 06:43 · Score: 5, Funny
  
  Yeah, except smarts and hotness are inversly proportianal in most cases.
  What good is getting access when the bubblehead can't figure out what a wiring closet looks like.
  
  --
  
  WTF? Over?
16. Re:Meh by bytethese · 2008-11-06 06:48 · Score: 1
  
  That's where the map is. Like he said, 55 in iron pen. Iron pen is a prison...
17. Re:Meh by RiotingPacifist · 2008-11-06 07:06 · Score: 3, Funny
  
  hey its "yes, you can08" to meet the new stricter password requirements
  
  --
  IranAir Flight 655 never forget!
18. Re:Meh by RiotingPacifist · 2008-11-06 07:08 · Score: 2, Informative
  
  But wireless devices are susceptible to anything cat5 is and then some!
  
  --
  IranAir Flight 655 never forget!
19. Re:Meh by mrchaotica · 2008-11-06 07:14 · Score: 1
  
  All you need is a Delorean!
  Also plutonium (or used pinball machine parts to barter for it).
  
  --
  "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
20. Re:Meh by TurboNed · 2008-11-06 07:35 · Score: 1
  
  Or I could just whip out my Mr. Fusion.
21. Re:Meh by Killer+Orca · 2008-11-06 07:38 · Score: 2, Funny
  
  Or I could just whip out my Mr. Fusion.
  Is that what the kids are calling it nowadays?
22. Re:Meh by Anonymous Coward · 2008-11-06 07:41 · Score: 0
  
  Haven't you learned anything from McCain/Palin??
  
  how's that for reality?
23. Re:Meh by MightyYar · 2008-11-06 07:58 · Score: 1
  
  Remember that guy that left USB sticks around the corporate campus and people just plugged them into their PCs after finding them?
  That's the way I'd go :)
  
  --
  W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
24. Re:Meh by Anonymous Coward · 2008-11-06 09:00 · Score: 0
  
  Apparently you just haven't watched enough movies. Obtaining physical access IS trivial. All you need is a hot chick to go swipe the security guard's badge that he conveniently left lying on his desk, and you're guaranteed access anywhere in the building.
  Been watching Prison Break have we? Its lame and u should be ashamed. Ive seen and thats why i post as AC!
25. Re:Meh by Logic+and+Reason · 2008-11-06 10:31 · Score: 4, Funny
  
  smarts and hotness are inversly proportianal
  Wow, you must be really hot...
26. Re:Meh by Klaus_1250 · 2008-11-06 11:00 · Score: 1
  
  Cat7, as it is shielded by default. Or Cat6a S/STP if you're a cheapskate.
  
  --
  It only takes one man to change the Wisdom of the Crowd to Tyranny of the Masses.
27. Re:Meh by Neanderthal+Ninny · 2008-11-06 11:19 · Score: 1
  
  You will look like that commercial ATT:
  http://www.youtube.com/watch?v=oYWOI4xrLq8
28. Re:Meh by cjb658 · 2008-11-06 16:35 · Score: 1
  
  Cat5
  Pwned
29. Re:Meh by Anonymous Coward · 2008-11-06 18:57 · Score: 0
  
  i am waiting for cat101
30. Re:Meh by Von+Helmet · 2008-11-06 20:25 · Score: 1
  
  My cat goes to 11.
Ha ha ha ha by Anonymous Coward · 2008-11-06 03:54 · Score: 3, Funny

All your AP are belong to us.
You have no chance to survive make your time.
1. Re:Ha ha ha ha by Anonymous Coward · 2008-11-06 19:20 · Score: 0
  
  What you say !!
'Story' tag by Anonymous Coward · 2008-11-06 03:55 · Score: 2, Interesting

What's up with the 'story' tag? Perhaps we should also tag this 'words'?
1. Re:'Story' tag by Hurricane78 · 2008-11-06 04:21 · Score: 5, Informative
  
  Valid question.
  Well, if a story comes from the firehose, it gets tagged "story", because it became a story. And If it didn't, it gets tagged "!story".
  
  --
  Any sufficiently advanced intelligence is indistinguishable from stupidity.
2. Re:'Story' tag by spud603 · 2008-11-06 04:30 · Score: 1, Informative
  
  I know this is meta discussion, but i wish i had mod points. +1 informative
3. Re:'Story' tag by Anonymous Coward · 2008-11-06 04:34 · Score: 0
  
  Follow up question: Why do we need to see this?
4. Re:'Story' tag by Hurricane78 · 2008-11-06 05:01 · Score: 1
  
  Hmm... because it's a tag?
  And special handling for one specific tag would be stupid extra code.
  The point is, I think, that you can search for stories that made the front page (or didn't).
  
  --
  Any sufficiently advanced intelligence is indistinguishable from stupidity.
5. Re:'Story' tag by Smauler · 2008-11-06 05:03 · Score: 1
  
  What's up with the 'words' tag? Perhaps we should also tag this 'letters'?
6. Re:'Story' tag by AmberBlackCat · 2008-11-06 06:02 · Score: 1
  
  Maybe they should tag the stories 'firehose' and '!firehose'.
7. Re:'Story' tag by athakur999 · 2008-11-06 06:06 · Score: 4, Funny
  
  They should tagged it "tagged" if it is tagged and "!tagged" if it's not tagged.
  
  --
  "People that quote themselves in their signatures bother me" - athakur999
8. Re:'Story' tag by FredFredrickson · 2008-11-06 06:33 · Score: 1
  
  But what if I go back in time and kill my own parents? Then the tagged tag won't de-!tag itself, thus creating a whole in the space-time continum and we'd all turn into !slashdotusers...
  
  --
  Belief? Hope? Preference?The Existential Vortex
9. Re:'Story' tag by RiotingPacifist · 2008-11-06 07:13 · Score: 1
  
  because if you want to just use firehouse, you can filter by story for stuff that made the frontpage or !story to remove anything you've seen on frontpage
  
  --
  IranAir Flight 655 never forget!
10. Re:'Story' tag by arelas · 2008-11-06 07:57 · Score: 2, Funny
  
  A hole even!
Who uses TKIP instead of AES? by LibertineR · 2008-11-06 03:56 · Score: 5, Interesting

Is AES not the more secure of the two? From everything I have read, AES is the preffered option over TKIP.
1. Re:Who uses TKIP instead of AES? by kannibal_klown · 2008-11-06 03:59 · Score: 5, Informative
  
  Is AES not the more secure of the two? From everything I have read, AES is the preffered option over TKIP.
  I recall seeing some AP setups where TKIP was the default scheme.
  In the wide spectrum of Luddite to Novice to Hobbyist to Professional there are probably a bunch of users that might know enough to use WPA (perhaps from prodding from friends) and use the default settings with a key (either random or a passphrase).
2. Re:Who uses TKIP instead of AES? by prayag · 2008-11-06 04:03 · Score: 2, Interesting
  
  I have a lot of problem connecting my XP box with AES encryption. If I use 3rd party, may be I could've but I changed my encryption to TKIP and it worked fine.
  So... There you go !!!
3. Re:Who uses TKIP instead of AES? by chrisgeleven · 2008-11-06 04:04 · Score: 1
  
  AES is more secure, so use it whenever possible.
  I don't know if WPA with AES has been cracked yet.
  Personally, I use WPA2 with AES.
4. Re:Who uses TKIP instead of AES? by Anonymous Coward · 2008-11-06 04:12 · Score: 4, Informative
  
  For the longest time, XP didn't come with AES/WPA support. You'd have to add this patch: http://www.microsoft.com/downloads/details.aspx?familyid=662BB74D-E7C1-48D6-95EE-1459234F4483&displaylang=en
  I'm not sure if this was rolled into a newer SP. Many people couldn't access a WPA2 AP so manufacturers chose to just enable WPA as there was less chance of incompatibility.
  In my apartment complex, I'm one of two people who have WPA2 enabled. I'm the only one who has only WPA2 enabled.
  Heh, the captcha word is "paranoia".
5. Re:Who uses TKIP instead of AES? by rpmayhem · 2008-11-06 04:25 · Score: 5, Informative
  
  In short, yes, AES is more secure than TKIP.
  
  WPA and TKIP was really just a stepping stone to get people off WEP and heading toward WPA2 and AES. Wireless hardware built to run WEP didn't have the processing power to run AES (I think it needed a separate crypto processor just for AES). So they made the WPA standard run TKIP so current WEP hardware was able to use a better security setup. It was all intended to move everyone to WPA2 with AES after everyone had bought newer wireless cards and routers.
  
  Interestingly, this means if you have hardware that only supports WEP, and the vendor doesn't offer WPA support, it's because they are too lazy to implement it (or want you to buy the new stuff). The hardware can handle it, they just need to add it to the firmware. My work had some handheld units like this. We had to buy all new units.
6. Re:Who uses TKIP instead of AES? by AndrewNeo · 2008-11-06 04:30 · Score: 3, Informative
  
  Service Pack 3 does indeed enable WPA2 and AES support.
7. Re:Who uses TKIP instead of AES? by Vancorps · 2008-11-06 04:37 · Score: 1
  
  How often do you run into users that can't connect? I've been stuck with WEP for a long time just because of the number of devices that don't support WPA.
  802.1x with PEAP against WEP isn't terrible although certainly not great. Only recently I've got 802.1x with PEAP using WPA and TKIP. AES support is still rather lacking although getting better. In another year I think I can jump to WPA2 with AES. Currently it's frustrating given that I support WIFI phones on a separate network that I'm forced to use WEP with. It's doesn't provide Internet access, only access to the phone server so the risk is minimal but still not what I'd like.
8. Re:Who uses TKIP instead of AES? by sempernoctis · 2008-11-06 04:41 · Score: 5, Informative
  
  TKIP is not a cipher; it is a keying protocol. When you use TKIP, the actual cipher you are using is called RC4, which is older and has more known vulnerabilities than AES. It is also the cipher typically used by WEP, though the keying protocol WEP uses contains additional vulnerabilities. TKIP basically takes RC4, which was designed to encrypt a single stream of data, and creates a protocol around it for sending arbitrary packets, which may not be reliably delivered. WPA2 provides a more secure way to similarly wrap the AES cipher, but retains support for TKIP/RC4 for legacy devices.
9. Re:Who uses TKIP instead of AES? by nobodylocalhost · 2008-11-06 04:44 · Score: 1
  
  Rijindael is still not good enough... they need to offer 256 bit twofish and serpent for WPA.
  
  --
  Where is the "Ignorant" mod tag?
10. Re:Who uses TKIP instead of AES? by dohnut · 2008-11-06 04:44 · Score: 5, Informative
  
  AES and TKIP are not apples to apples. AES is an encryption algorithm. TKIP basically handles the keys that the encryption algorithm uses.
  A better apples to apples comparison would be between the encryption algorithms (RC4 and AES) or the key managers (TKIP and CCMP).
  Generally, WPA uses TKIP/RC4 and WPA2 (802.11i) uses CCMP/AES.
  WPA (TKIP/RC4) was supposed to be a bridge between WEP and WPA2. WPA used RC4 (just like WEP) but enhanced (TKIP) in order improve security while using existing (WEP/RC4) hardware.
  WPA2 has always been considered more secure than WPA on paper though until this there has never been a documented exploit for either of them.
  
  --
  Stupider like a fox! - H.S.
11. Re:Who uses TKIP instead of AES? by JackHoffman · 2008-11-06 04:44 · Score: 5, Informative
  
  AES is a cypher. TKIP is a protocol, the Temporal Key Integrity Protocol, to be precise. The cypher used by WEP and WPA/TKIP is RC4. TKIP is what keeps changing the RC4 key to avoid the attacks on WEP, for which the attacker needs to collect many packets which have been encrypted with the same key. TKIP was invented to salvage older hardware, which only implemented the RC4 cypher.
  It is important to know that WEP's weakness is not simply a vulnerable cypher, but a vulnerability of the crypto system. The announcement states that the attack on WPA/TKIP does not actually crack the key, so this too looks like a vulnerability of the crypto system. That highlights the importance of crypto system design. You can't just take a "secure" cypher and be done with it. The protocol surrounding that cypher is just as important.
12. Re:Who uses TKIP instead of AES? by blincoln · 2008-11-06 04:49 · Score: 2
  
  The Xbox 360 wireless adapter still doesn't support WPA2 (even though the manual says it does), which is why I have my wireless router set to WPA instead. Thanks MS!
  
  --
  "...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
13. Re:Who uses TKIP instead of AES? by Anonymous Coward · 2008-11-06 04:53 · Score: 1, Funny
  
  I herd you liek TKIPs
14. Re:Who uses TKIP instead of AES? by fuego451 · 2008-11-06 04:57 · Score: 1
  
  Isn't that choice limited by hardware and driver? With my asus adapter and the rt73 driver, I don't recall having any other option than TKIP. Also, similar attacks were started on AES shortly after it arrived on the scene.
15. Re:Who uses TKIP instead of AES? by Firethorn · 2008-11-06 05:11 · Score: 2, Insightful
  
  What's also funny is that my router gives me better throughput with WPA/AES than WEP.
  I've just figured that the router probably has a seperate chip to offload AES while WEP is done in the CPU, slowing stuff down.
  
  --
  I don't read AC A human right
16. Re:Who uses TKIP instead of AES? by Anonymous Coward · 2008-11-06 05:19 · Score: 5, Informative
  
  At least it's not like the Nintendo DS that only supports WEP.
17. Re:Who uses TKIP instead of AES? by rpmayhem · 2008-11-06 05:21 · Score: 1
  
  Most likely that's exactly what's happening. The crypto processors can be quite efficient with AES. With the load split between the 2 (each doing what it's best at), it's very possible to see a speed difference.
18. Re:Who uses TKIP instead of AES? by Anonymous Coward · 2008-11-06 05:32 · Score: 0
  
  TKIPs? I luuuuuuuuuuuuve TKIPs!
19. Re:Who uses TKIP instead of AES? by psydeshow · 2008-11-06 06:27 · Score: 2, Funny
  
  Look, obviously TKIP is more secure, becuase it has more letters.
  You geek types are always saying I should use a longer password, right? This is the same thing.
  And anyway, they wouldn't make it an option if it wasn't secure.
20. Re:Who uses TKIP instead of AES? by bendodge · 2008-11-06 06:37 · Score: 2, Informative
  
  I use WPA2 AES with a 128-bit key, but even the 'advanced' DD-WRT v24sp2 router firmware I'm using had TKIP as the default. I think it's for XP compatibility, but SP3 includes WPA2 and PNRP now.
  
  --
  The government can't save you.
21. Re:Who uses TKIP instead of AES? by fataugie · 2008-11-06 06:47 · Score: 4, Funny
  
  What's also funny is that my router gives me better throughput with WPA/AES than WEP
  That's because your router is laughing at you using WEP in between encrypting/decrypting the packets....that's why it takes longer.
  
  --
  
  WTF? Over?
22. Re:Who uses TKIP instead of AES? by Anonymous Coward · 2008-11-06 06:54 · Score: 0
  
  When I read this article I immediately connected in to my access point and changed a setting to get rid of TKIP. Although I use WPA2, I still wanted to avoid using TKIP because from what I understand that is the weak link in the chain. My question is this.. in my Linksys router (WRT54G) there is an option for using AES, or AES/TKIP. Does anyone suggest which one to use over the other? I had it set to AES/TKIP before, but just changed it to AES this morning. Is AES/TKIP any less secure than AES, because I'm assuming AES is just a layer on top of TKIP. So if someone did crack the TKIP, they still would have to go through the layer of AES? My misunderstanding of encryption algorithms and protocols might do with my lack of knowledge in that area so maybe someone can clarify.
23. Re:Who uses TKIP instead of AES? by Anonymous Coward · 2008-11-06 06:55 · Score: 0
  
  WPA-TKIP is also RC4 based like WEP. Therefore WPA functionality can be added to a device with a HW RC4 chip using a software patch.
24. Re:Who uses TKIP instead of AES? by Ideally+Nowhere · 2008-11-06 06:57 · Score: 1
  
  Who? Basically, anyone who's too cheap to upgrade their wireless router. WPA/TKIP was a temporary hack which works over the hardware portions of WEP, using nothing more than a firmware upgrade.
25. Re:Who uses TKIP instead of AES? by MikeBabcock · 2008-11-06 07:27 · Score: 0, Redundant
  
  The DS doesn't support anything above WEP ...
  
  --
  - Michael T. Babcock (Yes, I blog)
26. Re:Who uses TKIP instead of AES? by dougisfunny · 2008-11-06 07:50 · Score: 1
  
  It would seem logical, that the TKIP/AES uses the TKIP key manager with the AES Cipher, rather than CCMP/AES.
  
  --
  This is not the funny you're looking for.
27. Re:Who uses TKIP instead of AES? by bobbozzo · 2008-11-06 08:47 · Score: 1
  
  The AES 'contest' specified that entrants should be more secure and FASTER than existing protocols.
  
  --
  Nothing to see here; Move along.
28. Re:Who uses TKIP instead of AES? by Anonymous Coward · 2008-11-06 08:48 · Score: 0
  
  Yes, AES is more secure. But WPA uses TKIP-MIC for encryption. To benefit from AES-CCMP you need to switch to WPA2.
29. Re:Who uses TKIP instead of AES? by Anonymous Coward · 2008-11-06 09:48 · Score: 0
  
  At least the DSi includes WPA, but it locks out flash carts for now...
30. Re:Who uses TKIP instead of AES? by dohnut · 2008-11-06 09:59 · Score: 3, Informative
  
  I'm am not aware of any hybrid wireless security scheme using both TKIP as a key manager and AES the cipher. Though I suppose it would be possible.
  When you see TKIP/AES or more commonly TKIP+AES. They are saying both TKIP/RC4 and CCMP/AES specifications are supported. So, for instance, you could set up a client to use "TKIP+AES". This basically means the client will try to connect to the AP using CCMP/AES first. If that fails it will try TKIP/RC4. It doesn't mean you're using both TKIP and AES simultaneously.
  WPA2 (full 802.11i) has always been and currently is only CCMP/AES.
  
  --
  Stupider like a fox! - H.S.
31. Re:Who uses TKIP instead of AES? by thegrassyknowl · 2008-11-06 10:04 · Score: 1
  
  AES is also not supported everywhere yet. Windows XP won't do AES when it's running on my Macbook (I tried a proof of concept).
  If you have machines which won't do AES or WPA2 then you're S.O.L when it comes to WPA; you're stuck with TKIP.
  
  --
  I drink to make other people interesting!
32. Re:Who uses TKIP instead of AES? by xda · 2008-11-06 10:12 · Score: 1
  
  I'm 98% sure AES is the stronger and better performing cipher. And I'm also 98% sure that is what the U.S. Government uses to encrypt classified data.
33. Re:Who uses TKIP instead of AES? by g-san · 2008-11-06 11:03 · Score: 2, Funny
  
  LOL! Is there a patch for that? He probably just needs to pull the UDP plug out the bottom and let all the dropped packets drain out. Where do you think they go when they are "dropped?" Dropped packet buildup has killed more routers than I can count.
34. Re:Who uses TKIP instead of AES? by chrisgeleven · 2008-11-06 12:05 · Score: 1
  
  All my devices support WPA2, so I am not worried about incompatibility.
35. Re:Who uses TKIP instead of AES? by dougisfunny · 2008-11-06 15:24 · Score: 1
  
  My router has an option for WPA2 TKIP, AES and TKIP/AES. *shrugs*
  
  --
  This is not the funny you're looking for.
36. Re:Who uses TKIP instead of AES? by cjb658 · 2008-11-06 16:41 · Score: 1
  
  My D-Link wireless bridge does not support AES.
37. Re:Who uses TKIP instead of AES? by StrategicIrony · 2008-11-06 17:31 · Score: 1
  
  Briefly, when WPA was new, there was some hardware that only had a chip to support WEP encryption.
  With TKIP, those devices could (in theory) just get new firmware and continue to function using WEP+TKIP for the interim WPA standard.
  The AES functionality was always the "preferred" method, but many devices still run "default" mode using WEP+TKIP because it is more compatible.
  History lesson. :-)
38. Re:Who uses TKIP instead of AES? by Tubal-Cain · 2008-11-06 18:25 · Score: 1
  
  Speaking of DD-WRT, how up-to-date is that list of supported hardware? I have to routers on hand whose model numbers are supported but not their version numbers. (and the list does not seem to have changed in the past several months)
39. Re:Who uses TKIP instead of AES? by Errtu76 · 2008-11-06 23:14 · Score: 1
  
  What's also funny is that my router gives me better throughput with WPA/AES than WEP.
  Yeah, speaking of that, could you please stick to WEP? It takes me ages to complete the download if you constantly switch.
40. Re:Who uses TKIP instead of AES? by jabithew · 2008-11-06 23:35 · Score: 1
  
  I recall seeing some AP setups where TKIP was the default scheme.
  Here in the UK everyone's broadband comes with a wireless router/modem now. The default encryption is WEP *still*. It's the first thing I do when I go round to a friend who has just had broadband installed. The only common device still restricted to WEP is the Nintendo DS.
  
  --
  All intents and purposes. Not intensive purposes.
41. Re:Who uses TKIP instead of AES? by Firethorn · 2008-11-07 00:25 · Score: 1
  
  No. WPA2/AES is faster, so that's what I'm using. With 802.11N, in the 5GHz range.
  
  --
  I don't read AC A human right
42. Re:Who uses TKIP instead of AES? by Kerckhoffs+Principle · 2008-11-07 00:59 · Score: 1
  
  Rijndael can also be used in 256 bit mode (and 192 bit). In fact, that is the mode that the DoD recommends for encrypting all Top Secret information. Rijndael is as safe as Twofish or Serpent.
43. Re:Who uses TKIP instead of AES? by owlstead · 2008-11-07 06:24 · Score: 1
  
  Well, it certainly won't outperform most stream ciphers (such as RC4), at least not without hardware support. With hardware support, it won't matter too much: most of the time other factors will be the limiting factor (bus, cache size, bad software etc. etc.).
44. Re:Who uses TKIP instead of AES? by nobodylocalhost · 2008-11-10 03:54 · Score: 1
  
  You sir, are grossly misinformed, serpent is about twice as secure as rijindael with the same bit rate.
  please read this:
  http://csrc.nist.gov/archive/aes/round2/comments/20000515-bschneier.pdf
  
  --
  Where is the "Ignorant" mod tag?
45. Re:Who uses TKIP instead of AES? by Anonymous Coward · 2008-11-11 02:08 · Score: 0
  
  So you are saying that the team that developed Twofish says that Twofish is the better choice for AES than any of the other candidates ?
  Besides, an algorithm that is twice as secure as another one only corresponds to an increase in key-size by 1 bit ... Forgive me for not letting my sleep over having "only" 255 bits instead of 256.
46. Re:Who uses TKIP instead of AES? by nobodylocalhost · 2008-11-11 03:06 · Score: 1
  
  No, please read, instead of skimming. I am saying developers of twofish saying in term of security serpent is better choice for AES, in term of hardware performance serpent is better as well. Only when in case of software only cipher does other algorithms become better. Further more, the difference is with the same number of rounds of cipher. of course with 24 rounds rijindael, it is going to be as secure as two fish and a little shy of serpent. but that is 24 rounds, the standard test was conducted with 6 rounds of cipher, 4 times of the processing power was needed for the 256bit block cipher. further more, smaller key size for rijindael will result in less rounds being processed basically a 128bit block cipher will have half as many rounds of encryption (3 in this case) and 4 times easier to crack. It's proportional in the magnitude of n^2! Since wifi is hardware anyways, serpent is the perfect candidate for it. one bit makes big difference when it is used 6 times over on the entire block.
  
  --
  Where is the "Ignorant" mod tag?
Hahaha! by u38cg · 2008-11-06 03:59 · Score: 5, Funny

I use WEP!

--
[FUCK BETA]
1. Re:Hahaha! by PotatoFarmer · 2008-11-06 04:08 · Score: 5, Funny
  
  We know. By the way, do you think you could talk your ISP into increasing your download bandwidth?
2. Re:Hahaha! by blhack · 2008-11-06 04:25 · Score: 2, Funny
  
  Yeah, and I run an open access point with the SSID hidden called "secret_awesome".
  I feel like its the least I can do to help any new geeks in the area :).
  
  --
  NewslilySocial News. No lolcats allowed.
3. Re:Hahaha! by Lisandro · 2008-11-06 04:38 · Score: 2, Funny
  
  So you are the one slowing down my torrents...
4. Re:Hahaha! by russotto · 2008-11-06 04:38 · Score: 4, Funny
  
  Yeah, and I run an open access point with the SSID hidden called "secret_awesome".
  I run one called "man_in_the_middle". Best pay attention to those certificate warnings when you're using it.
5. Re:Hahaha! by Anonymous Coward · 2008-11-06 05:03 · Score: 0
  
  Fuck you. What about my FTP? You already have four times the bandwidth I do.
6. Re:Hahaha! by Anonymous Coward · 2008-11-06 05:27 · Score: 0
  
  FTP? Fuck you! Blame the file server. You get exactly the same bandwidth as everyone else, whatever you pay for.
7. Re:Hahaha! by element-o.p. · 2008-11-06 05:39 · Score: 1
  
  I think PotatoFarmer has implied that he is getting more bandwidth than he paid for...
  
  --
  MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
8. Re:Hahaha! by tkdtaylor · 2008-11-06 06:57 · Score: 2, Funny
  
  I call mine "HoneyPot"
9. Re:Hahaha! by Anonymous Coward · 2008-11-06 08:17 · Score: 0
  
  "I use WEEP!"
  There, fixed that for ya!
10. Re:Hahaha! by hesaigo999ca · 2008-11-06 08:20 · Score: 1
  
  LMAO
11. Re:Hahaha! by layer3switch · 2008-11-06 12:26 · Score: 2, Funny
  
  No, that would be me, Comcast.
  
  --
  "Don't let fools fool you. They are the clever ones."
12. Re:Hahaha! by Anonymous Coward · 2008-11-07 05:30 · Score: 0
  
  Mine is called 'ProbeMyPussy'
It's a ploy! by dmomo · 2008-11-06 03:59 · Score: 3, Interesting

OMG! We need routers w/ better encryption. Buy router company and encryption company stocks! Everyone run out to Best Buy and get a new router.
Or, it just might be a real problem. /crumples tinfoil hat and pouts.
1. Re:It's a ploy! by MikeBabcock · 2008-11-06 07:28 · Score: 2, Informative
  
  You mean like point-to-point IPSec? That already exists, and is quite usable on modern computers.
  
  --
  - Michael T. Babcock (Yes, I blog)
WPA2 is NOT broken by fractalus · 2008-11-06 04:00 · Score: 4, Informative

Just WPA. WEP was already hideously broken but now WPA should also be considered broken. WPA2 is still safe.
Although, if you really have data you're concerned about keeping safe, you should (a) use a wired network, (b) use IPSEC, or (c) both.

--
People are never as simple as their stereotypes. This applies equally to Christians, Muslims, and Emacs-lovers.
1. Re:WPA2 is NOT broken by Anonymous Coward · 2008-11-06 04:03 · Score: 0
  
  This is just another example of why people should not try to invent their own encryption schemes (eg. TKIP).
  WPA2 should be secure because it uses a good proven (so far) encryption scheme (AES). The only way to break WPA2 would be if there is some protocol weakness other than the encryption.
2. Re:WPA2 is NOT broken by Quantos · 2008-11-06 04:04 · Score: 2, Insightful
  
  It never ceases to amaze me that people want to trust wireless devices for secure purposes, anything that is sent through the air can be captured and worked on. But are wired solutions really anymore secure? I mean can't packets that go out still be captured and worked on?
  
  --
  Some people are only alive because it's against the law for me to hunt them down and kill them.
3. Re:WPA2 is NOT broken by Thelasko · 2008-11-06 04:09 · Score: 2, Insightful
  
  Great, now any new hardware I buy will be incompatible with my old hardware, again!
  
  --
  One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
4. Re:WPA2 is NOT broken by bryanp · 2008-11-06 04:09 · Score: 3, Insightful
  
  Although, if you really have data you're concerned about keeping safe, you should (a) use a wired network, (b) use IPSEC, or (c) both.
  Yep. I'm getting some remodeling done on my house right now. Some of my friends think I'm weird because I'm pulling cat5e around the house when everything I use is already working find with WPA2. (Tivo, PS3, etc..). It's only a matter of time before someone breaks WPA2, but by then I plan to have turned wireless off.
  
  --
  "An unarmed man can only flee from evil, and evil is not overcome by fleeing from it." Col. Jeff Cooper
5. Re:WPA2 is NOT broken by Anonymous Coward · 2008-11-06 04:13 · Score: 4, Insightful
  
  It never ceases to amaze me that people want to trust wireless devices for secure purposes, anything that is sent through the air can be captured and worked on. But are wired solutions really anymore secure? I mean can't packets that go out still be captured and worked on?
  Using a wired connection over a wireless connection MINIMIZES the number of people who can look at the packets.
  After all sending data wirelessly gives anyone in the wireless device's area a chance to catch the packets as well as anyone that would normally have a shot on it via wired connection.
  You're still going to hit a router somewhere and be wired back in eventually, anyway.
  Wireless is foremost a technology of convenience rather than security.
6. Re:WPA2 is NOT broken by Applekid · 2008-11-06 04:17 · Score: 1
  
  I'm in the same boat of wanting to transition away from wireless after tasting it's sweet sweet succulence... except I'm not remodelling a house. Sure I currently use wireless just for gaming and Tivo but I would hate that leisure network to get compromised and then provide access to my computers where the real neat stuff lives.
  I know /. has to know of good resources to retrofit an existing prebuilt house with wire without me having to rip out all my walls, leave tripping obstacles all around the mouse, or drop wires from the ceiling airducts like some kind of SWAT team rapelling operation. Anyone?
  
  --
  More Twoson than Cupertino
7. Re:WPA2 is NOT broken by Anonymous Coward · 2008-11-06 04:20 · Score: 0
  
  Wired packets can be captured, but they require physical access to the cabling.
  In a large wired network, it's not difficult to install a packet sniffer without being noticed, because there are often many legitimate reasons for a person to be accessing the physical cabling at various points. It's still slightly more secure than wireless, but not very much.
  However, you don't let just anyone waltz into your house and start connecting devices to your home network. So wired is far more secure than wireless in the home, simply because the access to physical cabling is highly controlled. Go figure.
8. Re:WPA2 is NOT broken by Anonymous Coward · 2008-11-06 04:22 · Score: 0
  
  HomePlug: Ethernet over electricity wires.
  Depending on the wiring in your house, you can get quite good bandwidths.
9. Re:WPA2 is NOT broken by Joe+U · 2008-11-06 04:29 · Score: 1
  
  This is slashdot, does this play well with x10?
10. Re:WPA2 is NOT broken by Just+Some+Guy · 2008-11-06 04:29 · Score: 1
  
  Yep. I'm getting some remodeling done on my house right now. Some of my friends think I'm weird because I'm pulling cat5e around the house when everything I use is already working find with WPA2. (Tivo, PS3, etc..).
  The only reason you need: "they don't sell gigabit wireless equipment at Newegg yet."
  
  It's only a matter of time before someone breaks WPA2, but by then I plan to have turned wireless off.
  Why? I've taken the approach of assuming my WLAN is compromised and throwing it wide open. Wanna connect? Hop on! You can't really do anything but surf the web and try to connect to my mailserver (via enforced TLS and with a username/password), but I won't stop you.
  
  --
  Dewey, what part of this looks like authorities should be involved?
11. Re:WPA2 is NOT broken by odourpreventer · 2008-11-06 04:29 · Score: 1
  
  Are we talking about different levels of WPA here? A friend of mine cracked WPA almost a year ago, using a linux box with freely available cracking software. I don't remember the details now, but I think he needed to be listening while someone logged in and then was online for at least half an hour.
  
  --
  Adventure, Romance, MAD SCIENCE!
12. Re:WPA2 is NOT broken by Ralish · 2008-11-06 04:32 · Score: 5, Insightful
  
  I have a hard time seeing the point of this, and the rationale behind other similar moves. Here's why:
  Firstly, advances in computing power and security research are always going to result in security schemes being broken, but these broken security mechanisms will always be replaced and improved. Provided you keep up to date with current security practices, and as a Slashdot reader, I assume you can and will, you're really not in any danger at all.
  Further, there's numerous other security options you can enable both at the wireless level and the network level to further protect your network, alongside good security practices with existing WPA2 (e.g. maximum length WPA key consisting of random characters and numbers). For example, MAC Address whitelisting, a strong password on the AP, and enabling AP configuration changes to occur only through wired connections. A half decent wireless AP should expose all of these options.
  This is more than enough to deter all but the most dedicated hacker. I'm not going to pull random statistics out of my behind, but I would wager that only a ridiculously tiny amount of wireless intrusions are done by experienced hackers, and experienced hackers tend to have an agenda beyond "leeching your tubes". The above security options, if all enabled and correctly configured (as in my home network) goes above and beyond what is required to stop the casual or even experienced war driver in their tracks.
  But let's say that somehow, they do manage to break your wireless security. Well, if your network is properly set up, they now have another round of security to get through that should be even tougher. Here, digital signing and encryption of all network communications between Windows machines on the domain is required by policy, no exceptions. This is one example of many.
  If someone out there is really willing to go to all that effort to break into your HOME network and access your personal data, you have VERY serious problems. From a corporate network perspective, of course, things might be entirely different.
  Bottom line: I have a hard time seeing the point of abandoning wireless due to security concerns in home networks, as a properly secured wireless network and home network will easily defeat all but the most determined and skilled hackers.
  And finally, why did you buy into wireless at all in the first place if you were so concerned about security? Everyone knew that WEP was rubbish before it was even cracked (which didn't take long). WPA was a vast improvement over WEP, but even it had its flaws, and this was also well known among those concerned. I find it strange that you're getting out of wireless now, when a look at the whole picture shows that wireless security has improved immensely since the initial takeup of wireless. The real problem is people not moving to these new security setups, and staying with WEP or worse.
13. Re:WPA2 is NOT broken by D+Ninja · 2008-11-06 04:37 · Score: 1
  
  Although, if you really have data you're concerned about keeping safe, you should not use the Internet at all.
  There, fixed that for you.
14. Re:WPA2 is NOT broken by Abcd1234 · 2008-11-06 04:41 · Score: 4, Insightful
  
  Some of my friends think I'm weird because I'm pulling cat5e around the house when everything I use is already working find with WPA2.
  You are weird if you're doing that because of security concerns. Here's a hint: no one cares about your wireless network. No, really, they don't.
  That said, given how flakey wireless can be, running cable is only sensible, particularly given it makes it easy to run additional telephones, etc, as well.
15. Re:WPA2 is NOT broken by Anonymous Coward · 2008-11-06 04:41 · Score: 1, Insightful
  
  What, is your town out of cat6?
16. Re:WPA2 is NOT broken by maxume · 2008-11-06 04:41 · Score: 1
  
  What are you protecting?
  Are you slowly moving away from glass windows to steel shutters? The first is generally more convenient and has features the second lacks, all while being less secure.
  
  --
  Nerd rage is the funniest rage.
17. Re:WPA2 is NOT broken by bryanp · 2008-11-06 04:42 · Score: 1
  
  I'm not ripping the walls out, nothing that ambitious. It's more a case of "We're ripping up carpet to put down laminate. Well, while the room is empty let's paint it. If I'm going to do that I might as well pull some speaker wire through the attic for some surrounds in the living room." While I'm at it I'm pulling cat5e through the attic and fishing it through the walls in a couple of key locations. If you're not comfortable doing that, then hire a local handyman type of person. In the current economy they need little jobs too.
  
  --
  "An unarmed man can only flee from evil, and evil is not overcome by fleeing from it." Col. Jeff Cooper
18. Re:WPA2 is NOT broken by Anonymous Coward · 2008-11-06 04:42 · Score: 1, Informative
  
  That will have been via brute forcing the handshake, though any passphrase based authentication method is going to be vurnrible from a method such as this.
19. Re:WPA2 is NOT broken by dnoyeb · 2008-11-06 04:45 · Score: 1
  
  It stands to reason that ethernet will always be much much faster than wireless.
  My wireless is not wide open, but I consider it insecure. Its firewalled off so the only thing accessible is the internet. I do allow ssh into my local network, and I also have a music server accessible over wireless. Just until I run the CAT5 to my stereo.
20. Re:WPA2 is NOT broken by Unending · 2008-11-06 04:46 · Score: 1
  
  until someone plugs into one of the plugs on the outside of your house and hijacks your network...
21. Re:WPA2 is NOT broken by Hatta · 2008-11-06 04:47 · Score: 4, Informative
  
  Don't install cat5, install conduit. Then you can pull whatever you want, wherever you want, at any point in the future with ease.
  
  --
  Give me Classic Slashdot or give me death!
22. Re:WPA2 is NOT broken by ColdWetDog · 2008-11-06 04:50 · Score: 1
  
  Excellent points. But you forgot the part about attempting to subvert one or more of the standing governments and / or economies from the average slashdotter's basement.
  
  That's dangerous work, friend. Can't be too careful.
  
  Oh, and you can't let your mom find out about your porn. She and her friends could be snooping around at this very moment!
  
  --
  Faster! Faster! Faster would be better!
23. Re:WPA2 is NOT broken by Hatta · 2008-11-06 04:51 · Score: 2, Insightful
  
  You are weird if you're doing that because of security concerns. Here's a hint: no one cares about your wireless network. No, really, they don't.
  Joe the Pedo cares a lot about getting free untraceable internet access. I care a lot about not getting my house raided because someone abused my network.
  
  --
  Give me Classic Slashdot or give me death!
24. Re:WPA2 is NOT broken by lostfayth · 2008-11-06 04:52 · Score: 3, Informative
  
  Fairly easy, if you have a basement or attic (crawlspace) where you can drop wire. Cut a hole for an "old work" electrical box, and drill a hole in attic or basement to run the wire through. Run a fish wire through the hole in the attic/basement, and to the larger hole in the wall to pull some cat5 through, then run the wire to where you need it. Terminate and enjoy.
  Gets a little more tricky in multi-story houses or those without attic/basement, but that's the basic idea.
25. Re:WPA2 is NOT broken by sexconker · 2008-11-06 04:56 · Score: 4, Funny
  
  Nerds like to sit.
  You can sniff packets while sitting just about anywhere. In your kitchen. In your car. On the crapper.
  To tap a line, you usually have to get up, and you often have to use some archaic toolset like Screw.Driver or Flash.Light that you haven't supported since 3 forks ago.
26. Re:WPA2 is NOT broken by Hatta · 2008-11-06 04:58 · Score: 5, Informative
  
  Go to the attic, you'll have access to the insides of the walls from above. Drop a chain with a weight down an interior wall (so there's no insulation in the way). Cut a hole in the drywall for your ethernet jack. Guide the weight to the hole, a strong magnet(perhaps from a hard drive) can help here. Then just attach your cat5 to the end of the chain, go back to the attic and pull it up. You can run the cat5 across the entire house in the attic and not worry about people tripping on it or anything. It's kind of shitty work, but it's doable if you're just a little bit handy.
  
  --
  Give me Classic Slashdot or give me death!
27. Re:WPA2 is NOT broken by DerWulf · 2008-11-06 05:01 · Score: 1
  
  I don't think it's weird at all. Wireless sucks a donkey's ball, even apart from the security problems. Even if it works now and you happen to be one among a million who don't get regular disconnects / latency spikes / speed issues it doesn't take much to cause enough interference to screw it up. One rogue device or the wrong material in the walls can be enough. If at all possible I'd always go for a wired solution ...
  
  --
  
  ___
  No power in the 'verse can stop me
28. Re:WPA2 is NOT broken by sexconker · 2008-11-06 05:03 · Score: 1
  
  Just when the DS (DSi) got WPA!
  Oh, it has WPA2 as well, all is well.
  Oh, WPA and WPA2 only work with the DSi games, not the old DS games. Shit.
  So wait, that means if you want to play your new DSi game in WPA2 you can, but to play an older game, you have to change your WiFi settings on the DS to WEP, AND change your entire network to WEP? And if you want to play your new DSi games, you'll have to do the same to go back to WPA2 (and you want to, since you can BUY stuff through the DSi).
  This is why I have 2 routers.
  WPA AES (I think) + fun filters for everything but the DS.
  |
  | - Cat 5
  |
  WEP + fun filters for the DS.
  The WEP router is unpowered (physically unplugged) til I need to fiddle with my DS online. When the DS is online, it can only access the outside net, and a few ports on 2 machines on my network (which are closed on the machines until I manually open them).
  I know you use DDWRT to set up two virtual APs (with two different encryption schemes) to achieve the same thing (but with hideous performance consequences?), but this was simpler (Tomato), and I rarely take the DS online.
29. Re:WPA2 is NOT broken by sexconker · 2008-11-06 05:05 · Score: 1
  
  Since you're currently in the process:
  Leave yourself a spare pull-wire!
30. Re:WPA2 is NOT broken by Kjella · 2008-11-06 05:09 · Score: 1
  
  Whether it's smart or not, it's certainly the right time as the cost of cables when you're remodeling the house anyway is minimal. Anyone that does construction/remodeling for both homes and businesses will pull network cables for you if you want, for a fee of course but it's not special custom triple price. And you get:
  a) Free spectrum for anything wireless you do want
  b) Consistancy - My wireless speed goes up and down a bit. GigE is always the same, no fiddling.
  c) Reliability - wireless has in my experience always been a 99% and not a 99,999% reliable connection.
  d) Latency - definately lower as the wireless transmit/recieve takes a bit of time.
  e) Radiation if you're paranoid - but the 100mW is 1/10000th of what's in your 2.45GHz microwave.
  I don't think I'd ever bother to install it specificly unless I was doing major other work. But I see no reason not to if you're still doing the whole bit with pulling water pipes, electricity, TV cables and whatever. I'd still get a central router with wireless though. just to keep my options open.
  
  --
  Live today, because you never know what tomorrow brings
31. Re:WPA2 is NOT broken by sexconker · 2008-11-06 05:10 · Score: 1
  
  Cracking wireless encryption has 2 consequences.
  People can get on your network and steal your bandwidth, try to attack your hosts, download child porn and post bomb threats.
  People can sniff your traffic and see what you're up to. Sure, important stuff is behind SSL, but there's still a lot of shit that's not encrypted (after ripping away the wireless encryption).
32. Re:WPA2 is NOT broken by orielbean · 2008-11-06 05:11 · Score: 2, Insightful
  
  You can use the old Cat5 as a wire fish to piggyback and attach to the fancypants new wiring that the kids of the future will need; conduit can get expensive.
33. Re:WPA2 is NOT broken by nuckfuts · 2008-11-06 05:11 · Score: 1
  
  Some of my friends think I'm weird because I'm pulling cat5e around the house...
  If you're going to all that trouble, why not install CAT6?
34. Re:WPA2 is NOT broken by jjm496 · 2008-11-06 05:12 · Score: 1
  
  make sure you have at least 2 strands run to each point. With canges to cable services you may find yourself short pairs quickly. I didn't think of this when I had my place built and its a pain now to add an extra cable in some areas.
35. Re:WPA2 is NOT broken by sexconker · 2008-11-06 05:12 · Score: 2
  
  What, don't you know that Cat 5, 5e, and 6 are all the same for short runs? Don't you know that it's just a badge you get to essentially buy after some "testing"? Don't you know MONSTER cables are the only way to truly protect your sensitive electronic equipment?
36. Re:WPA2 is NOT broken by Firethorn · 2008-11-06 05:19 · Score: 3, Informative
  
  But are wired solutions really anymore secure? I mean can't packets that go out still be captured and worked on?
  Actually, unless you're doing seperate encryption, most wired connections today are less secure than wireless with proper security set.
  Part of the clue is with WEP - Wired Equivalent Privacy. The idea was that, at the time, to make the wireless connection as much of a pain to get into as a wireline. IE not very difficult in most circumstances. Today, due to the march of technology, WEP IS easier to get into than a wire, but not much less either.
  There are ways to sniff traffic today without breaching the wire, there's packet sniffers that can sit in the middle of a cable, etc... They just require either expensive equipment for ranged use or somebody actually getting to the wire.
  So, regardless if you have a wired or wireless connection, before you start putting financial or other private information onto a network, using a secure protocol is a very good idea. HTTPS, SSH, etc...
  Of course, if you want to be really secure, do something like WPA2/AES to the router, then VPN to the private network.
  
  --
  I don't read AC A human right
37. Re:WPA2 is NOT broken by Just+Some+Guy · 2008-11-06 05:20 · Score: 1
  
  People can get on your network and steal your bandwidth, try to attack your hosts, download child porn and post bomb threats.
  They can't steal my bandwidth unless I'm trying to use it at that moment. Attack my hosts? OpenBSD with about 3 ports open to my LAN (SMTP, NTP, SSH) says this is unlikely. And what happens when someone at Starbuck's or the mall downloads child porn or posts bomb threats?
  Seriously, quit being so fearful. It's not that scary out here, honest!
  
  --
  Dewey, what part of this looks like authorities should be involved?
38. Re:WPA2 is NOT broken by MasterNetHead · 2008-11-06 05:20 · Score: 3, Funny
  
  Its funny... my neighbors are probably thinking the same thing.
39. Re:WPA2 is NOT broken by smellsofbikes · 2008-11-06 05:21 · Score: 5, Informative
  
  Some notes on wiring -- either power or ethernet cable.
  1. Drill two holes in the header, each about 1/2" in diameter, about 2" apart. You put a flashlight over one so you can see what you're doing when you drop the line down the other.
  2. On the bottom end, cut a full-sized hole for a standard rework box. You can get standard wall faceplates for snap-in Cat5 outlets. I generally wire with double-hole faceplates, and put a phone cord in the lower one and Cat5 in the upper. A rework box hole gives you a large enough opening that you can get your hand in there and grab stuff. Pull the wire out and run it into a rework box and put that in the wall. (if you have really big hands you might not be able to do this. Find someone with smaller hands or run a loop of wire into the wall first, then drop the wire from the top, through the loop, and then pull the loop out the hole.)
  By using an adjacent hole to admit light, I can usually manage to drop a wire into an existing box if I've punched out the knockout on the top, with a bit of care.
  Note that all this advice, and the parent poster advice, all assume you don't have firebreaks inside the wall. Many newer houses have 2x4's across the wall halfway up, to keep the space between the walls acting like a chimney. In that case you're going to be cutting drywall and/or finding a seriously long drillbit. (It's possible to weld a drillbit onto the end of a 3' piece of mild steel rod, but it's pretty unpleasant to use.)
  
  --
  Nostalgia's not what it used to be.
40. Re:WPA2 is NOT broken by EvilIdler · 2008-11-06 05:36 · Score: 1
  
  I thought I was the only one paranoid enough to do this! (And I live on a mountain among luddites :)
41. Re:WPA2 is NOT broken by NeoSkandranon · 2008-11-06 05:43 · Score: 1
  
  also Joe the college student/wage slave or any of the other Joes that can't afford internet or don't want to pay for it.
  
  --
  If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
42. Re:WPA2 is NOT broken by Anonymous Coward · 2008-11-06 05:46 · Score: 0
  
  I've always thought a true geek's house should have Jerries tubes to easily future proof expansion needs.
43. Re:WPA2 is NOT broken by mortonda · 2008-11-06 05:48 · Score: 0
  
  Looking at my waistline, it's been more than 3 forks... more like 10 years worth of forks (meals).
44. Re:WPA2 is NOT broken by norminator · 2008-11-06 05:51 · Score: 1
  
  Although, if you really have data you're concerned about keeping safe, you should not use computers at all.
  There, now I fixed that for you... no wait a minute...
  
  Although, if you really have data you're concerned about keeping safe, you should not use data at all.
  OK, it's good now.
45. Re:WPA2 is NOT broken by zifn4b · 2008-11-06 05:59 · Score: 1
  
  Yes, wired is more secure from many standpoints. First of all, as the person above me points out, you need to gain physical access to the wire in order to attempt to snoop it and have specialized tools to do so. Above and beyond that, breaking through the siding of someone's house, tearing out their insulation is something that is illegal and it would be difficult not to make the occupants aware of that due to the racket it would cause. Of course, there is always the possibility that such a criminal would be willing to wait for an opportunity for the occupants to vacate the premises in order to perform this act. Even so, the occupants would probably be aware of the illegal activity due to the physical damage caused.
  With a wireless network on the other hand, the hacker doesn't have to be on the other person's property to sniff their network and can do so without the person being aware of it. Furthermore, if the person never once logs on to the other person's network in anyway so as to log packets that indicate such a thing and instead just snooped the over the air signal and captured personal information like a credit card number, it would be hard to prove that they even did such a thing. Not that I condone such actions but to me snooping a wireless signal is like overhearing a loud conversation in the next door neighbor's house.
  For these and many other reasons, when our house was built, I worked out a deal with the guy overseeing the construction of our house and ran my own cable and put my own junction boxes and patch panel in.
  
  --
  We'll make great pets
46. Re:WPA2 is NOT broken by AliasMarlowe · 2008-11-06 06:01 · Score: 1
  
  Although, if you really have data you're concerned about keeping safe, you should (a) use a wired network, (b) use IPSEC, or (c) both.
  We built a new house last year. It's got dual runs of cat6 from the technical room to the office, living room, kitchen, library, and bedrooms. Our router only supports 100Mbit, but it will be upgraded eventually when the fiber service is upgraded (ISP service maxes out at 100Mbit right now, but the 8 port switch supports 1Gbit per port).
  Several of our network devices support wireless (even the printer and headless server), but it's disabled on all of them. All of our devices are on the cat6 cables and have fixed IP addresses, including laptops which we bring home from work.
  Just for fun, the router has its wireless enabled, and is configured so wireless clients are given IP addresses in an address range which is only allowed access to other IP addresses in the same pool (no access to wired IP range or to internet). So if anyone hacks the WPA, they can only access others who have also hacked the WPA...
  
  --
  Those who can make you believe absurdities can make you commit atrocities. - Voltaire
47. Re:WPA2 is NOT broken by svallarian · 2008-11-06 06:06 · Score: 1
  
  um, 5 and 5e are pretty different...as in you cannot run gigabit over cat 5, but you can on 5e.
  
  --
  I patented screwing your mom. But it got revoked for "prior art."
48. Re:WPA2 is NOT broken by Anonymous Coward · 2008-11-06 06:08 · Score: 0
  
  It never ceases to amaze me that you have hollow walls in the US.
49. Re:WPA2 is NOT broken by Anonymous Coward · 2008-11-06 06:17 · Score: 0
  
  your telephones have wires? that's...strange
50. Re:WPA2 is NOT broken by jank1887 · 2008-11-06 06:22 · Score: 1
  
  many homeplug devices employ some flavor of point-to-point encryption.
51. Re:WPA2 is NOT broken by Anonymous Coward · 2008-11-06 06:22 · Score: 0
  
  TKIP amounts to a pathetic bandaid to make WEP seem more secure than it really is.. To hear that someone was able to crack TKIP is not really surprising...**at all** I was more surprised that Cisco would seriously concider using such a stupid concept in the first place. But these are the very same rocket scientists who brought us LEAP so I can't say that I'm surprised by any of it.
  As an aside/nit its not WPA* that is cracked.. Its the underlying selection of weak ciphers that are problems. WEP/TKIP always sucked but TKIP is better than nothing/wholesale replacement of wlan encryption asics.
  Wake me up when AES is cracked.
52. Re:WPA2 is NOT broken by PReDiToR · 2008-11-06 06:31 · Score: 1
  
  Oh do give me a break.
  
  People will crack WEP for a laugh, map a network, laugh at the names of devices on it and if they don't have a decent moral compass, go further and find stuff out about their neighbours just like they did when cordless phones came out.
  For those kids on my lawn, £15 would get you a scanner that gave you access to every phone call made within a 2 mile radius, and people did listen in. They even made movies about it [citation needed].
  
  --
  
  Do not meddle in the affairs of geeks for they are subtle and quick to anger
53. Re:WPA2 is NOT broken by maxume · 2008-11-06 06:33 · Score: 1
  
  If your ISP has caps, they are certainly using up some of your transfer (this is also a good reason to find another ISP, but the competitive landscape isn't exactly competitive in all areas).
  
  --
  Nerd rage is the funniest rage.
54. Re:WPA2 is NOT broken by LandruBek · 2008-11-06 06:39 · Score: 1
  
  Here's a hint: no one cares about your wireless network. No, really, they don't.
  Yeah, any concern for communications privacy is just so ridiculous, you know? The NSA would never engage in domestic surveillance -- the Church committee made it illegal! They would never monitor citizens' communications. And the telecom companies themselves would be too scared to be complicit in any such activities -- 47 USC 605 forbids it, and they could be sued for a bundle! Anyway, no one ever uses the internet for anything important; it's not like the internet is connected to our finances. Well, except if you do happen to do any internet banking, it's always through an SSL connection, which is foolproof and web designers never screw that up: passwords are ALWAYS encrypted. Really there couldn't possibly ever be any reason to have any concern about communications privacy. Cough.
  
  --
  $META_SIG_JOKE
55. Re:WPA2 is NOT broken by prisoner-of-enigma · 2008-11-06 06:39 · Score: 2, Insightful
  
  Joe the Pedo cares a lot about getting free untraceable internet access. I care a lot about not getting my house raided because someone abused my network.
  
  Can you reference a single incident where such a raid has taken place? On a lark I decided to Google around for such an incident and couldn't find a single damned thing.
  Given the hundreds of thousands -- perhaps millions -- of wireless devices in operation in homes across the U.S., the lack of any such raid seems to suggest your fear is either overblown or based on paranoia.
  
  --
  In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
56. Re:WPA2 is NOT broken by Abcd1234 · 2008-11-06 06:44 · Score: 1
  
  Joe the Pedo cares a lot about getting free untraceable internet access. I care a lot about not getting my house raided because someone abused my network.
  I know, that's happened so many times, right!
  No, wait, it hasn't happened once, ever.
  Paranoid much?
57. Re:WPA2 is NOT broken by maztuhblastah · 2008-11-06 06:49 · Score: 4, Interesting
  
  Joe the Pedo cares a lot about getting free untraceable internet access.
  Oh no you don't. If the politicians don't get to use the "think of children" excuse to justify increased surveillance, shredding the Constitution, and guilty-until-proven-innocent, then we don't get to use it as an explanation for our security decisions. Let's not have a double standard here; one standard will do just fine.
  
  --
  The real litigious bastards...
58. Re:WPA2 is NOT broken by smellsofbikes · 2008-11-06 06:54 · Score: 1
  
  Why? What do you put in your walls?
  I usually put insulation around bathroom walls, and sometimes even offset the studs so there's no continuous conduction path. But otherwise, the rooms are basically the same temp, so why bother insulating? Until zone heat control becomes common, it's just a waste of material. I've lived in older houses that had uninsulated external walls. If you don't have plumbing (which those houses didn't when they were built) and you have warm clothing, it is, again, a waste of money to put insulation in the walls.
  These days, any house I'd build would have 20 cm thick outer walls, filled with insulation. But I'm still not sure I'd bother with insulation between rooms, because it's too low a return on investment.
  
  --
  Nostalgia's not what it used to be.
59. Re:WPA2 is NOT broken by LandruBek · 2008-11-06 06:54 · Score: 4, Informative
  
  Can you reference a single incident where such a raid has taken place?
  The FBI has conducted armed raids of homes in at least three states due to clicks on honeypot links to files full of "gibberish." So the above scenario (of Alice getting arrested because of Bob's browsing habits) is highly plausible, even if it hasn't happened yet.
  
  --
  $META_SIG_JOKE
60. Re:WPA2 is NOT broken by fataugie · 2008-11-06 06:56 · Score: 1
  
  If the cableing was installed correctly (and not a retrofit situation), then there should be at least one staple somewhere holding it to the wall, eh?
  
  --
  
  WTF? Over?
61. Re:WPA2 is NOT broken by Anonymous Coward · 2008-11-06 07:04 · Score: 0
  
  Some houses, like mine, have completely insulated walls. In which case you can get a fiberglass rod made specifically for fishing wire. I'm sure you could find something ad-hoc that would work. I have one that is a 6' drill bit with a wire basket that is made specifically for threading wire through walls. Works awesome (lowes).
62. Re:WPA2 is NOT broken by Paul+Pierce · 2008-11-06 07:10 · Score: 1
  
  Wireless is foremost a technology of convenience rather than security.
  My wireless is actually more secure than my wired. I encrypt all of my wireless packets, use 802.1x with WPA2 AES, and my users have to authenticate. If you are wired, none of the above are true - in my case here.
63. Re:WPA2 is NOT broken by sexconker · 2008-11-06 07:12 · Score: 1
  
  You think it's not an issue for you until the cops are at your door, your machine is rooted, and your torrents slow to a crawl and you have to pay overage fees on your capped connection.
  But you're secure, don't worry.
  I also love how you completely ignore the other issue I brought up, which is the bigger issue.
64. Re:WPA2 is NOT broken by tepples · 2008-11-06 07:13 · Score: 1
  
  It's only a matter of time before someone breaks WPA2, but by then I plan to have turned wireless off.
  I take it you don't plan to connect a Nintendo DS or Wii video game system or an iPod Touch or iPhone handheld computer to the Internet. They have a Wi-Fi radio but no Ethernet jack.
65. Re:WPA2 is NOT broken by sexconker · 2008-11-06 07:13 · Score: 1
  
  Still need to figure out how to work the dreamcast into the mix.
66. Re:WPA2 is NOT broken by sexconker · 2008-11-06 07:16 · Score: 1
  
  You sure can.
  You're not Guaranteed! (TM) to get the signal through, but for shorter runs it'll work just fine.
67. Re:WPA2 is NOT broken by RiotingPacifist · 2008-11-06 07:27 · Score: 1
  
  but for the most part you have uncapped internet in the US so unless joe is a dick that hogs your bandwidth who cares.
  
  --
  IranAir Flight 655 never forget!
68. Re:WPA2 is NOT broken by bryanp · 2008-11-06 07:29 · Score: 1
  
  I take it you don't plan to connect a Nintendo DS or Wii video game system or an iPod Touch or iPhone handheld computer to the Internet. They have a Wi-Fi radio but no Ethernet jack.
  I'm not a console gamer. I have a PS3 but I use it as a DVD/Blu Ray player and media streamer. I use an iPod classic for my music and my cell phone is just a cell phone. Not even a camera.
  These things may change in the future. If they do I'll figure something out.
  
  --
  "An unarmed man can only flee from evil, and evil is not overcome by fleeing from it." Col. Jeff Cooper
69. Re:WPA2 is NOT broken by MikeBabcock · 2008-11-06 07:30 · Score: 2, Informative
  
  You can always buy a decent network switch with 802.1x authentication and make your wired network significantly less open.
  
  --
  - Michael T. Babcock (Yes, I blog)
70. Re:WPA2 is NOT broken by Anonymous Coward · 2008-11-06 07:37 · Score: 0
  
  That makes sense. You only need one stereo for the whole house.
71. Re:WPA2 is NOT broken by BeeRockxs · 2008-11-06 08:38 · Score: 1
  
  Why? What do you put in your walls?
  We don't put stuff in there, they're made of brick.
72. Re:WPA2 is NOT broken by DonJaime · 2008-11-06 08:42 · Score: 1
  
  I keep looking for advice on making drops in walls that have attic over them but are unreachable by anyone larger than an undernourished oompa loompa. I can do everything "else" with fish tape and patience, but the hang-up is getting that hole drilled in the top. Any suggestions on reaching a drill (safely... -ish) to the wall top from about 10ft/3m away? Or perhaps piecing together a long drill extension through the outlet hole to drill from the bottom up? I just really don't want to have to cut drywall. :)
73. Re:WPA2 is NOT broken by myvirtualid · 2008-11-06 09:03 · Score: 1
  Took me a minute to decide whether to mod or reply....
  advances in computing power are always going to result in security schemes being broken
  Not quite: No matter how powerful computers get, RSA, e.g., will not be broken, we will simply need larger keys. In other words, RSA has no fundamental cryptographic weaknesses, i.e., is not subject to any known cryptanalytic attack.
  Like all modern cryptographic algorithms, like AES, like the SHA2 family (last time I checked), like CAST5, etc., RSA is subject only to brute force attacks. This is known and cannot be prevented. Since it is known, we know to use key sizes that are expected to be good for many years, even in the advent of ridiculous advances that greatly outpace Moore's Law.
  The difference in the WEP case was that the scheme itself had fundamental cryptographic weaknesses. WPA's TKIP also has fundamental weaknesses. Certainly in the case of WEP and likely in the case of WPA/TKIP, the weakness required a certain level of computing power to exploit, and we could argue whether we reached that level of computing sooner than expected, but the weaknesses were known from the outset and, sadly, not field patchable.
  (IMHO we - the security oriented tin foil hat wearing geek crowd - expected that level to be reached far sooner than it was, while they - the public, PHBs, etc. - believed it could never happen. Mas o menos.)
  To be fair, you did mention "advances in research" as eventually resulting in all weaknesses, but being pedantic in this case is important:
  
  Algorithm design is really tough and good algorithms are always proofed against all known attacks, so that brute force is the only way to break 'em.
  Big cryptanalytic breakthroughs - really, fundamental breakthroughs in mathematics, e.g., analytic prime prediction, engineering, e.g., practical quantum computing, and physics, e.g., time travel, teleportation and subspace communication - are rare, relatively "generational" events, and impossible to plan for, predict, or mitigate.
  Threat-risk assessment and security decision making is always about identifying the known and the likely and mitigating those. For a decision maker, be they an executive planning for the protection of an enterprise network or a homeowner keeping their WiFi LAN safe, lumping together the predictable and the science fictive is less than useless, it's distracting and potentially misleading.
  We know - based on current physics and math - how long specific key sizes will be good for. We then choose keys that are orders of magnitude bigger and ensure that our schemes - our algorithms - can easily be configured to use larger keys when the time comes and we likewise ensure that our schemes have been publicly reviewed by expert cryptanalysts.
  And then we're good for a good long time. Regardless of what happens to computing power.
  --
  I'm here EdgeKeep Inc.
74. Re:WPA2 is NOT broken by enos · 2008-11-06 09:23 · Score: 1
  
  Joe the Pedo cares a lot about getting free untraceable internet access.
  Oh no you don't. If the politicians don't get to use the "think of children" excuse to justify increased surveillance, shredding the Constitution, and guilty-until-proven-innocent, then we don't get to use it as an explanation for our security decisions.
  Let's not have a double standard here; one standard will do just fine.
  It's not a question of the children. It's a question of the police coming after ME because Joe used my internet and made it seem like I'm the one looking at kiddie porn.
  The same applies to any other computer crime.
  
  --
  boldly going forward, 'cause we can't find reverse
75. Re:WPA2 is NOT broken by potat0man · 2008-11-06 09:28 · Score: 1
  
  This is from the "999 stitches in time saves 1" school of thought.
76. Re:WPA2 is NOT broken by element-o.p. · 2008-11-06 09:29 · Score: 2, Informative
  
  Part of the clue is with WEP...but not muc less either
  I disagree. WEP was a marketing phrase -- "See? Our wireless networking gear is just as secure as traditional wired networks!" Unfortunately, it wasn't. WEP was flawed from the start because of some mistakes made in the implementation of encryption (I don't recall exactly what was wrong and I'm too lazy to Google it, but IIRC, they implemented RC4 incorrectly). A more telling clue about the security (or lack thereof) of WEP was in a quote I found while researching wireless networking for a college presentation: "Installing a wireless LAN may seem like putting Ethernet ports everywhere, including in your parking lot." (Cisco Systems document, "Wireless LAN Security"). You are correct that if you are on the inside, getting access to a wire is not terribly difficult. However, if you don't have access to my facilities, getting access to my wired network just got orders of magnitude harder. It might still be possible, but it's certainly not as easy as simply plugging into an empty network jack. For that matter, where I work, we turn off unused network jacks, so even if you get inside the building, you still won't have physical access to my network unless you unplug someone else's connection -- which will probably be noticed, even if it's only for a few seconds while you connect a switch. But it's worse than that, because on my switch, I can filter ports by MAC address, so unless you find an active port *and* clone a valid MAC address for that port you still won't have access.
  
  If all you want to do is passively sniff traffic that is flowing through a wire, then it's certainly much easier for you -- all you have to do, as you state above, is insert a sniffer between a valid network host and the network jack and you're golden...but that's once you are inside my building. Fortunately, I work in a small enough company that if someone unknown starts mucking around with our network cables, someone is going to get suspicious, so even passively sniffing isn't as easy as you suggest.
  
  With WEP -- and now WPA, as well -- all you have to do is sit in your car on the street outside my building, take ten to fifteen minutes (according to the summary above, anyway) and you can sniff to your heart's content. Sounds much easier than gaining access to my wired network, IMHO.
  
  --
  MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
77. Re:WPA2 is NOT broken by NeoSkandranon · 2008-11-06 09:33 · Score: 1
  
  Fair point about bandwidth capping, but filesharing can crap up a standard linksys wireless router pretty handily from what I've seen, even if the actual internet connection isn't saturated.
  Not to mention the effects of whatever cyber-STDs his computer might be harboring.
  
  --
  If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
78. Re:WPA2 is NOT broken by element-o.p. · 2008-11-06 09:33 · Score: 1
  
  Yeah, I do the same thing. I've got a very old laptop with a very old network card that only supports WEP and 802.11b, so I also have a very old WPA11 router that only supports WEP and 802.11b. Then I have a Wii which only supports WPA (WPA2? I'll have to check now...) on 802.11g and a Netgear 802.11g router that only supports WPA/WPA2. So, I physically disconnect each router from my network until I am using it. It's a PITA but I'm too lazy and busy to try to bother with a better way of doing things.
  
  --
  MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
79. Re:WPA2 is NOT broken by element-o.p. · 2008-11-06 09:40 · Score: 1
  
  Seriously, quit being so fearful. It's not that scary out here, honest!
  Bovine scatology.
  
  As a former ISP sys admin, I used to suspend the accounts of people who ran unsecured wireless networks. I didn't care that they were running an unsecured wireless network; I cared that hosts on their wireless network were port scanning other people on the Internet, were spewing viruses or spam from their compromised machines, etc. and that other people were blacklisting us because of the offending traffic.
  
  --
  MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
80. Re:WPA2 is NOT broken by White+Yeti · 2008-11-06 09:43 · Score: 1
  
  I've seen where a pro installer forgot to run two wires (cat5e and RG-6) from the attic to the ground floor of a 2-story house. He had to cut drill-size holes in the upstairs room, one at the ceiling and one at the floor, to drill the holes and pass the wires. He had someone else do the drywall repair, but the home stores have kits and tips for that sort of thing. You can't see the drywall repair unless you already know it's there.
  
  Personally, I've crawled into small attic spaces, dragging along a small piece of plywood to lie on. Also, do you know a 10-year-old that can handle a drill?
81. Re:WPA2 is NOT broken by element-o.p. · 2008-11-06 09:46 · Score: 1
  
  Right. Because no one on /. has ever...ummm...borrowed...an insecure wireless network &lt/sarc>
  
  As long as the people borrowing your network are only trying how to get from here to there on Google Maps, so effin' what? However, what if your next door neighbor is a script kiddie who doesn't want his mom yelling at him -- again -- for trying to break into Sarah Palin's e-mail account? Or worse, is a perv who wants to download underage-poodle porn?
  
  --
  MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
82. Re:WPA2 is NOT broken by dcam · 2008-11-06 09:50 · Score: 1
  
  Further, there's numerous other security options you can enable both at the wireless level and the network level to further protect your network, alongside good security practices with existing WPA2 (e.g. maximum length WPA key consisting of random characters and numbers). For example, MAC Address whitelisting, a strong password on the AP, and enabling AP configuration changes to occur only through wired connections. A half decent wireless AP should expose all of these options.
  From what I have heard, MAC address whitelisting doesn't offer any real security. You can get that from someone else connecting to the AP.
  
  --
  meh
83. Re:WPA2 is NOT broken by thegrassyknowl · 2008-11-06 10:13 · Score: 1
  
  Kismet for the Mac (KisMac) would do that. I tried it on my own AP with a friend once but had very little luck; they attack is unreliable. If you're using strong keys that attack is hard to pull off.
  It seems this new attack is much more reliable and easy to pull off in only 15 minutes. That's quite scary. I'd move to WPA2 if I could get all my gear to support it!
  
  --
  I drink to make other people interesting!
84. Re:WPA2 is NOT broken by Anonymous Coward · 2008-11-06 10:25 · Score: 0
  
  facepalm.jpg
85. Re:WPA2 is NOT broken by smellsofbikes · 2008-11-06 10:27 · Score: 2, Interesting
  
  The walls between *rooms* are made of *brick*?
  Wow.
  Renovation must be a bitch. A couple years ago, it took me about three hours to move a closet from *this* room to *that* room, with wooden walls, coz I could just rip off some sheetrock, cut out two studs, put in a header, put in two studs in the old doorway, and put up new drywall.
  It's also my (rather picky, admittedly) habit that when I walk into a room and try and turn on the lightswitch in the wrong place, well, it's not the wrong place, then is it? so I move the switch. Which, again, takes about an hour and a half, and then it's where I wanted it to be in the first place. When I move a computer from over *here* to over *there*, I move the power outlet (because I run a separate circuit for the computers, through a UPS) and the Cat5 outlet. I can't even imagine trying to deal with that with brick walls.
  
  --
  Nostalgia's not what it used to be.
86. Re:WPA2 is NOT broken by smellsofbikes · 2008-11-06 10:39 · Score: 1
  
  I agree with what white_yeti said. If you can't fit in the space, usually your drill + the length of a drillbit that can get through the thickness of the studs -- typically at least 4 1/2" -- will usually won't fit in the space either. You can get a short right-angle drill, but you can also just make a couple small holes in the drywall up at the ceiling corner, feed the wire in (in both directions) there, and then refinish that point. Drywall work sucks, admittedly, but its obviousness rises as (roughly) the cube of the circumference of the hole times the square of the straight-line circumference. Which is to say a small oblong hole isn't too hard to make vanish, compared to a book-sized rectilinear patch.
  And drywall work is a hundred times easier if you use the wet-sandable mud, rather than dry-sand only because you can feather it with a wet sponge and never have to deal with dust.
  
  --
  Nostalgia's not what it used to be.
87. Re:WPA2 is NOT broken by Anonymous Coward · 2008-11-06 10:40 · Score: 0
  
  The only way to break WPA2 would be if there is some protocol weakness other than the encryption.
  
  Which is what exactly happened with WPA, dumbass. TKIP is used for key rotation, not as an encryption scheme.
88. Re:WPA2 is NOT broken by Hork_Monkey · 2008-11-06 10:50 · Score: 1
  
  Compare physical security, though. Would you be able to detect some fat geek sitting in your house lo-jacking your switch or a long patch cable running out your window?
  
  If someone compromises your wireless network, you'd probably never know. If someone compromises your wired network, it would be fairly obvious.
  
  Take that into account when trying to compare.
89. Re:WPA2 is NOT broken by Hatta · 2008-11-06 10:56 · Score: 2, Insightful
  
  It's not a double standard. I'm not using fear of pedophiles to justify not sharing my wifi, I'm using fear of the government to justify not sharing my wifi. That I think is entirely appropriate here. The FBI can, and does, raid people for nothing more than clicking on an URL. That's not paranoia, that's a fact.
  
  --
  Give me Classic Slashdot or give me death!
90. Re:WPA2 is NOT broken by g-san · 2008-11-06 11:08 · Score: 1
  
  For you slashdotters that don't know what an attic is, it's just like your room under the house, only it's above the house. Careful, there might be windows up there that could let sunlight in.
91. Re:WPA2 is NOT broken by Anonymous Coward · 2008-11-06 11:29 · Score: 0
  
  Wired Equivalent Privacy
  This misnomer is merely an unforunate declaration of lofty intentions.
  
  The idea was that, at the time, to make the wireless connection as much of a pain to get into as a wireline.
  That remains the practical goal with WPA and WPA2.
  
  IE not very difficult in most circumstances.
  It is ABSOLUTELY RIDICULOUS to imply that WEP's extremely limited effectiveness are intentional, or that it is the result of the "lowly" goal of "mere" wired equivalency.
  
  Today, due to the march of technology, WEP IS easier to get into than a wire, but not much less either.
  To get at my wired net, you need to be inside the building. To get at YOUR wireless net, all I need is to be anywhere in the area and have sufficient hardware and patience. Given WPA2's effectiveness, that patience may have to keep me going for years yet. But the possibility remains open for the future. (Funny how /. loves to talk about everything under the sun being breakable, except their beloved wireless.) No amount of patience and hardware advances can magically make an ethernet jack appear outside of the confines of my building without physical access.
  Simply put, there are relatively simple, exploitable attack vectors for all forms of wireless communication that DO NOT EXIST for wired nets, for the sole fact that wireless does not require physical access. The reverse is true also, but are much more difficult and require very different tactics (physical access of course, social engineering, etc). Care to try wardriving my wired net? Got a tank?
92. Re:WPA2 is NOT broken by Paul+Pierce · 2008-11-06 12:53 · Score: 1
  
  I was actually talking about the wireless setup at work, not my home. Many buildings, many jacks in many rooms.
93. Re:WPA2 is NOT broken by ThunderThor53 · 2008-11-06 13:24 · Score: 1
  
  If the politicians don't get to use the "think of children" excuse to justify increased surveillance, shredding the Constitution, and guilty-until-proven-innocent, then we don't get to use it as an explanation for our security decisions. Let's not have a double standard here; one standard will do just fine.
  This is the type of post that make me wish it was possible to mod above +5.
94. Re:WPA2 is NOT broken by MightyYar · 2008-11-06 14:10 · Score: 1
  
  It never ceases to amaze me that people want to trust wireless devices for secure purposes
  Well, not that I do anything terribly interesting, but when I'm working it's through a VPN so I don't really care how nasty the wireless connection is. Even connections to my home machine are through ssh. These days even gmail runs over https.
  
  --
  W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
95. Re:WPA2 is NOT broken by Anonymous Coward · 2008-11-06 14:26 · Score: 0
  
  You don't have a wireless Dreamcast. You just wanted people to know that you have the BBA. Well, so do I. Nyah.
  Two routers is the only way to have a DS in the house. Many of us already do this, given the low price of WAPs and routers these days. Your solution is not unique. Nyah.
96. Re:WPA2 is NOT broken by jambarama · 2008-11-06 15:40 · Score: 1
  
  Or you can just get some heat resistant cat5 and run it through your cold air return ducts. That's what we did and it 5 years into it we've not had any problems.
97. Re:WPA2 is NOT broken by Corporate+Troll · 2008-11-06 21:39 · Score: 1
  
  The walls between *rooms* are made of *brick*?
  I don't know where the original poster is from, but in Europe it is very common to have brick walls between rooms. Actually, wooden walls extremely uncommon.
98. Re:WPA2 is NOT broken by Anonymous Coward · 2008-11-07 02:09 · Score: 0
  
  I agree With You.
  Other security implementations are the use of VLANs and Access policies, keeping Wireless networks in a separate vlan than wired networks just adds another layer of security....
  Creating an network access policy between the vlans and allowing only the traffic you want between the two, and dropping the rest.
  let;s say if wireless devices only need access to HTTP and HTTPS just allow that traffic through.
  I personally think that WPA is still somehow secure for some small business or home use, but for corporates with sensitive data cruising through the air is best practice to use WPA2 or another method of authentications ( ssl, UAC , RSA )
99. Re:WPA2 is NOT broken by Anonymous Coward · 2008-11-07 03:22 · Score: 0
  
  I'd like to remind you of what I like to call the "some guy in Finland" property of information security. It goes something like this:
  Don't assume that you'll be safe because you're not a target. Don't assume that because you've made it difficult but possible, that no one is going to take the time to break your security scheme if there are known ways around it. There's always going to be some guy in Finland who thinks you're a worthy target and will go through the hassle.
100. Re:WPA2 is NOT broken by owlstead · 2008-11-07 06:55 · Score: 1
  
  "Why? What do you put in your walls?"
  Stone or concrete.
  We've looked at the story about the three little piggies and the bad wolf and have come to the conclusion that we don't like houses that can fly. Of course, most of Western Europe can have rather low temperatures and a lot of wetness.
  Give or take a few campers, in the Netherlands there are almost *no* pre-build homes. Then again, homes are really really expensive here. Of course, we still put students in container homes...
101. Re:WPA2 is NOT broken by Anonymous Coward · 2008-11-07 08:25 · Score: 0
  
  So the above scenario (of Alice getting arrested because of Bob's browsing habits) is highly plausible, even if it hasn't happened yet.
  
  Plausible? The definition means "it is possible that this may happen," so I'd agree it's plausible since the event you cited did indeed happen.
  Highly plausible? That means "it can happen and is very likely to happen," and there you're stretching reality to fit the paranoia of the GP. Further, I'll point out that Vosburgh's house was not "raided" in the sense of the word you're trying to convey. A "raid" is generally the police bashing down the door with guns drawn, screaming orders at people to get down on the floor. Instead, Vosburgh was thrown to the floor as he attempted to destroy evidence while the FBI was serving the warrant. Here's a quote from the C|net article regarding the raid:
  
  Vosburgh faced four charges: clicking on an illegal hyperlink; knowingly destroying a hard drive and a thumb drive by physically damaging them when the FBI agents were outside his home; obstructing an FBI investigation by destroying the devices; and possessing a hard drive with two grainy thumbnail images of naked female minors (the youths weren't having sex, but their genitalia were visible).
  Further investigation showed Vosburgh had failed to delete the hidden "Thumbs.db" file Windows creates automatically when photos are in a folder, even though the photos themselves had been deleted. This revealed Vosburgh had indeed possessed kiddie porn, and it was indeed his computer that was used to download it. Vosburgh was convicted and sentenced to ten years.
  Now I'll admit that using these techniques, my hijacked Wi-Fi could lead the FBI to my doorstep. They won't bust down my door. They won't break in my windows. If they ask to see my computers, they can look all they want. They'll find nothing and I'll be charged with nothing. Inconvenient? Sure. Scary? Not really. I don't approve of the FBI using such honeypots as their only means of snaring pedophiles, but since I'm not a pedophile I don't have much to fear in this regard.
102. Re:WPA2 is NOT broken by Firethorn · 2008-11-07 15:07 · Score: 1
  
  WEP was flawed from the start because of some mistakes made in the implementation of encryption (I don't recall exactly what was wrong and I'm too lazy to Google it, but IIRC, they implemented RC4 incorrectly).
  Oh yes, WEP was flawed. The whole 'equivalent' standard was marketing - and cost effectiveness. Especially for portable devices, computational power was limited. The flawed part is part of why it IS easier to break, especially today.
  
  "Installing a wireless LAN may seem like putting Ethernet ports everywhere, including in your parking lot." (Cisco Systems document, "Wireless LAN Security").
  I've heard that as well. It has it's good points and it's bad points.
  
  If all you want to do is passively sniff traffic that is flowing through a wire, then it's certainly much easier for you -- all you have to do, as you state above, is insert a sniffer between a valid network host and the network jack and you're golden...but that's once you are inside my building. Fortunately, I work in a small enough company that if someone unknown starts mucking around with our network cables, someone is going to get suspicious, so even passively sniffing isn't as easy as you suggest.
  
  While your company might be pretty good - Not all networks are locked down physically as much as yours. You mention working for a small company. Well I work for a large one. My area of responsibility is for over 3,000 users on a facility that's several dozen square miles.
  I also have to worry about espionage. Do you? Our wireless solution involves encryption all the way back to the servers.
  
  --
  I don't read AC A human right
Is it just me... by Jazz-Masta · 2008-11-06 04:00 · Score: 5, Insightful

or is anything worth protecting worth using CAT5 on?
Most banks and government institutions don't use WIFI because of the security vulnerabilities. Granted CAT5 doesn't have have security to access (like wifi tkip/aes key), but it is physically secure, which is at the same level of security as the physical machines themselves.
I find WIFI performance and coverage to be dodgy at best. It's an absolute pain to support.
1. Re:Is it just me... by H0p313ss · 2008-11-06 04:20 · Score: 2
  
  or is anything worth protecting worth using CAT5 on?
  The truly paranoid use fiber. Google "TEMPEST security" for hours of fun. (Tinfoil hat is optional.)
  
  --
  XML is a known as a key material required to create SMD: Software of Mass Destruction
2. Re:Is it just me... by ServerIrv · 2008-11-06 04:33 · Score: 1
  
  Any time I'm using a wireless connection I immediately connect to a VPN (ssh tunnel or OpenVPN) and tunnel all of my traffic through there. From a users standpoint, you then don't care if you connect to a utterly suspect WEP AP or now a maybe secure WPA AP. You can double bag the connection if you don't trust any intermediary nodes. Unless you encrypt the data (not just the connection), you have to trust that the nodes after your VPN connection are OK. If you don't trust, encrypt; once your data is in the wild, all bets are off.
  Here is an example of why end-to-end encryption is needed. Say you connect to your email server using an encrypted connection, but you do not actually encrypt the message. You send your "top secret" email to your buddy. Your email server then sends your top secret email in plain text to the intended email server, and then your buddy retrieves the email, potentially without a secure connection. So for two out of the three legs of the journey, who knows if someone is reading your email along the way.
3. Re:Is it just me... by 0100010001010011 · 2008-11-06 04:41 · Score: 0
  
  It's like double bagging with slutty chick.
4. Re:Is it just me... by digitalchinky · 2008-11-06 04:48 · Score: 2, Interesting
  
  You bend fiber just right and you can sense and demodulate the data stream. Unfortunately the act of doing this can also be detected since it causes signal degradation. This doesn't imply that detection is always going to happen though.
5. Re:Is it just me... by Zwitta22 · 2008-11-06 05:07 · Score: 1
  
  If it's worth protecting no matter what the medium it's worth encrypting further with something like IPSec and some certificates with a damn high key length... Our site to site wireless links are using WPA2 from bridge device to bridge device, but even before the traffic hits the link it has been shoved into an IPSec tunnel. Treat any wireless link as "Public" even if it has encryption; VPN or Tunnel is the only way.
6. Re:Is it just me... by H0p313ss · 2008-11-06 05:09 · Score: 1
  
  You bend fiber just right
  Well if we're talking about a LAN, at this point your physical security has already been compromised and all bets are off.
  
  --
  XML is a known as a key material required to create SMD: Software of Mass Destruction
7. Re:Is it just me... by Vancorps · 2008-11-06 05:39 · Score: 1
  
  Actually you can encrypt and authenticate on Cat5 just like you would on WIFI. 802.1x for the win!
  Any bank does dynamic vlan assignment based on a combination of MAC address, computer name, username, and password. Some probably also use certificates. These does it's pretty easy to do multi-factor authentication and it makes sense when you need something to be secure.
8. Re:Is it just me... by That's+Unpossible! · 2008-11-06 05:44 · Score: 1
  
  Granted CAT5 doesn't have have security to access (like wifi tkip/aes key), but it is physically secure, which is at the same level of security as the physical machines themselves.
  I use WPA2 with an apple 802.11n router at home, and all my important traffic goes over SSL connections. I would say this combination is close enough to "secure" that it's extremely unlikely my data is at risk. It's more likely that someone will break into my house and steal my computer.
  I find WIFI performance and coverage to be dodgy at best. It's an absolute pain to support.
  You didn't mention in what context, nor with what equipment, but now that I switched to an apple airport extreme, I completely disagree.
  At home, 1400 sq. ft. house built in 1963, I get extremely high speeds throughout my house with this router, and have not had any trouble with it. I can't say the same thing for my previous linksys routers, but then again, they were a fraction of the price.
  
  --
  Ironically, the word ironically is often used incorrectly.
9. Re:Is it just me... by jambarama · 2008-11-06 15:43 · Score: 1
  
  Wifi increases your exposure, but hard wiring everything isn't a security solution. There are a lot of hops between your computers and most others (including others on the same intranet), removing the wireless hop doesn't secure all the others.
Huh....So for data.... by Seakip18 · 2008-11-06 04:06 · Score: 4, Informative

If I remember reading right, a few years ago, TKIP client encryption was always able to be broken. The catch was that you had to capture the packets with the handshake between the access point and the client. This could be done by breaking the signal and capturing the ensuing reconnect. AES fixed this problem.
I think this may have been if you wanted to actually decrypt the data between the two though and that meant having the WPA key, which these guys have broken. Before this, as the article states, the only thing was a dictionary attack. So, I wonder if you combine the two, can you intercept data and successfully look at it.

--
import system.cool.Sig;
1. Re: Huh....So for data.... by tlhIngan · 2008-11-06 04:27 · Score: 4, Informative
  
  If I remember reading right, a few years ago, TKIP client encryption was always able to be broken. The catch was that you had to capture the packets with the handshake between the access point and the client. This could be done by breaking the signal and capturing the ensuing reconnect. AES fixed this problem.
  I think this may have been if you wanted to actually decrypt the data between the two though and that meant having the WPA key, which these guys have broken. Before this, as the article states, the only thing was a dictionary attack. So, I wonder if you combine the two, can you intercept data and successfully look at it.
  TKIP is a nasty hack, actually. It's designed to work with chipsets with onboard WEP encryption/decryption (it re-uses the RC4 hardware), and its security was always quite low (which is why it always re-keys itself every hour by default). It has mechanisms to detect and prevent replay attacks, as well as message integrity checks in case someone manages to break through the protections. It's final defense is a complete shut down of the network and a re-keying of everyone if it detects 2 or 3 MIC failures (the network literally shuts down for a minute).
  These days, modern chipsets can do AES in hardware, and there's no reason to use TKIP anymore except in legacy applications (which still exist - though modern software can often just offload the AES in software).
2. Re: Huh....So for data.... by ciroknight · 2008-11-06 04:57 · Score: 1
  
  One of the saddest parts here is that some of the newer routers that Linksys et. al are shipping do WPA2 so slowly when you've got any number of wireless clients over two that TKIP is generally a godsend. Now that it's broken, it's time to upgrade, yet again... Probably a good excuse to get people to spend the extra buck for WirelessN.
  
  --
  "Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
3. Re: Huh....So for data.... by Seakip18 · 2008-11-06 05:07 · Score: 1
  
  Interesting. I know some routers can do TKIP+AES, using the same WPA key. Would the network still shut down? I guess it's heavily dependent on the hardware.
  
  --
  import system.cool.Sig;
Well duh... by Zakabog · 2008-11-06 04:07 · Score: 3, Interesting

Does anyone seriously treat any wireless transmission as if it was secure? If anyone who cares to listen can easily pick up everything being sent from your computer it's only a matter of time and CPU power before they can read it.
Yes I know, the article mentions they actually found a more efficient method of cracking WPA than a simple brute force attack, and that is a flaw in WPA not wireless security. Although while they may come up with new encryption methods I still don't trust wireless for much more than browsing slashdot or searching google. If I need to do anything that involves sensitive information like ordering something online I can wait to go to a wired desktop.
1. Re:Well duh... by Anonymous Coward · 2008-11-06 04:18 · Score: 0
  
  How is this any different? Breaking encryption over a wired connection is still "only a matter of time and CPU power".
2. Re:Well duh... by Anonymous Coward · 2008-11-06 04:19 · Score: 0
  
  Since one's wireless router is going to happily spit out decrypted packets to the rest of the internet anyway, I'm not convinced securing the wireless protocol itself is important.
  An end-to-end approach (SSH/SSL/etc.) seems more valuable.
3. Re:Well duh... by sempernoctis · 2008-11-06 04:25 · Score: 1
  
  There's actually an interesting proof floating around out there about exactly how much time and CPU power would be required to perform a brute force attack on 256-bit AES, and the conclusion is something like the amount of power required to do so with anything resembling current technology exceeds the output of the sun for the the next 100 years or so. Due mostly to apathy (and not remembering the password for my WAP), I still use WEP at home, but I live in an apartment complex with several unsecured networks readily available, so if anyone really wanted to get on the intarwebs, they would just use those. There will always be an arms race between the people developing security and the people breaking it, but as long as you aren't the easiest target, it is unlikely that the "bad guys" will go after you. BTW, last I checked, you can sniff packets quite effectively on a cable network, and probably on DSL too, so if you want to tap a residential internet user, you don't really need to crack WiFi.
4. Re:Well duh... by Anonymous Coward · 2008-11-06 04:31 · Score: 0
  
  "How is this any different? Breaking encryption over a wired connection is still "only a matter of time and CPU power"."
  The difference is if someone wants my wireless data they can sit outside and pick it up with a good antenna. If someone wants my wired data they need to physically tap into the system at some end which is significantly harder to do undetected.
5. Re:Well duh... by plague3106 · 2008-11-06 04:39 · Score: 2, Informative
  
  Does anyone seriously treat any wireless transmission as if it was secure? If anyone who cares to listen can easily pick up everything being sent from your computer it's only a matter of time and CPU power before they can read it.
  Well, secure enough. I have WPA2 and AES with RADIUS setup... but as far as recording the transmitted data and decrypting it later, you can use tempest to snoop on Cat5 packets too.. so, I'm not sure wired vs. wireless is that relevent.
6. Re:Well duh... by marcosdumay · 2008-11-06 04:41 · Score: 1
  
  SSL and SSH were tested for enough time for using them over wireless. Of course, you'll have to assure that the endpoints aren't compromissed, but that is always a problem, not only for wireless.
  
  --
  Rethinking email
7. Re:Well duh... by maxume · 2008-11-06 04:47 · Score: 2, Informative
  
  The architecture of DSL is usually such that you can't see anybody else's traffic (well, it was the last time I spent any time trying to understand how it worked).
  
  --
  Nerd rage is the funniest rage.
8. Re:Well duh... by hairyfeet · 2008-11-06 04:48 · Score: 2, Interesting
  
  You'd be surprised how many times I've walked around the corner to the local cafe to get me a nice coffee and see folks doing their banking,using their CC,etc on the cafe free wifi. Hell I wouldn't even have to do packet sniffing on those that sit towards the center,as either of the two table nooks by the door allow me to see the screen and keyboard of anybody at the lower center tables quite easily. I think it is pretty obvious that folks don't have a clue when it comes to security in public.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
9. Re:Well duh... by Ephemeriis · 2008-11-06 05:03 · Score: 1
  
  Does anyone seriously treat any wireless transmission as if it was secure?
  Not by choice, no... But for some applications you're stuck with wireless whether you want it or not.
  We support a few medical offices where the doctors insist on roaming all over the place with their tablets. We tried using a wired network and providing tons of jacks, but it wasn't enough. They insisted on wireless. So we've got medical information flying over the airwaves all day long.
  It's encrypted, of course... Used WPA... But now I see that we may have to change that. And that's going to be an issue.
  
  If anyone who cares to listen can easily pick up everything being sent from your computer it's only a matter of time and CPU power before they can read it.
  Brute-forcing most encryption is kind of pointless. Obviously if you're doing something stupid like ROT13 you can crack that very quickly and easily... But most of the decent stuff takes a good amount of time to crack. So I'm not really worried about anyone brute-forcing our WLAN - it'd be much easier to dress up as a copier repair man and plug into a live jack inside the building. But at least with wired networking you do have physical security... With wireless you give up that physical security in favor or encryption - which we've seen get broken over and over again.
  The big issue with wireless is that you're often stuck with the lowest common denominator. At home I've got an old PDA that only does WEP - cannot do WPA on it at all. So that's the best encryption I can use on my WLAN if I want my PDA to connect. Some people have old hardware... Barcode scanners, or tablets, or ancient WAPs... And that old hardware might not be able to do WPA, or WPA2, or whatever the currently secure protocol is.
  So if WPA really isn't secure anymore, and we need to switch these medical offices over to WPA2 now, we may need to purchase new hardware. And depending on how much that new hardware is going to cost, or how different it is from the doctor's favorite tablet, or whatever...it may not get approved. And we may wind up having to stick with the older, less-secure protocol.
  
  --
  "Work is the curse of the drinking classes." -Oscar Wilde
10. Re:Well duh... by Anonymous Coward · 2008-11-06 05:14 · Score: 0
  
  Sure, you can get a dump of my wifi.
  Then start brute forcing the WAP2 AES encryption(and I use a long random generated password).
  After that, you will easily find some casual open web browsing to many sites, and apart from that you'll get ssl browsing(home banking, ebay, perhaps some e-shopping...), ssh traffic, jabber(tls encrypted) traffic, or imap4, also tls encrypted, many others mainly encrypted.
  So after spending some hundred years on the WPA2/AES decryption you would have to start over with whatever encryption these other protocols are using(mainly aes256 again, ssh is using even bigger keys, some websites still use rc5-128...you spare a few decades in that case).
  If you have some supercomputer handy, maybe you could finish before my grandsons are dead...
  This is, unless you have demonstrated the Riemann Hypothesis and found the correct way to apply it to prime number study, then perhaps you could decrypt it in a few minutes...
  Good luck.
11. Re:Well duh... by sexconker · 2008-11-06 05:15 · Score: 1
  
  Here's how it would go down in 99% of households:
  Hey! What are you doing in my house, with that dealie and that long wire?
  Uh... giving you free cable?
  Cool!
12. Re:Well duh... by Anonymous Coward · 2008-11-06 06:16 · Score: 0
  
  Does anyone seriously treat any wireless transmission as if it was secure?
  Actually the Payment Card Industry treats WPA/WPA2 as secure. I just had a meeting this morning for our company where the security officer gave out the requirements for the PCI 1.2 certification. If you are running WPA or WPA2 it is ok to run credit card transactions through your network. Of course there are other factors involved like vulnerability scans, syslogging, firewalling, IPS and scanning for rogue AP's. I'm sure most slashdotters have this setup at their house so they should be fine.
13. Re:Well duh... by Firethorn · 2008-11-06 06:30 · Score: 1
  
  That's because DSL is like switched ethernet - each subscriber has their own wires leading to the DSL connection point.
  Cablemodems are where you're able to see other traffic, because it's a shared media like yea old 10Base2.
  
  --
  I don't read AC A human right
14. Re:Well duh... by vertinox · 2008-11-06 06:36 · Score: 1
  
  Does anyone seriously treat any wireless transmission as if it was secure? If anyone who cares to listen can easily pick up everything being sent from your computer it's only a matter of time and CPU power before they can read it.
  In theory, if both computers had atomic clocks and a shared truly random one time pad txt file saved locally on both systems the encryption will never be broken.
  Of course finding a few atomic clocks to spare that could fit into a laptop and a true random number generator then I think the NSA would like to talk with you.
  
  --
  "I am the king of the Romans, and am superior to rules of grammar!"
  -Sigismund, Holy Roman Emperor (1368-1437)
15. Re:Well duh... by dakoda · 2008-11-06 06:44 · Score: 1
  
  Sniffing plaintext packets (no WEP, no WPA/WPA2, etc) of an HTTPS stream (used hopefully for banking/online shopping etc) doesn't give you anything useful -- the protocol itself (HTTPS) encrypts before sending, so what you sniff isn't usable without breaking HTTPS, even with no WiFi protection in place. If they're not on HTTPS, however, it's all over, as you suggest. Shoulder surfing is still probably your best bet :)
16. Re:Well duh... by Argilo · 2008-11-06 07:03 · Score: 1
  
  With proper crypto, your "matter of time" will be billions of years or more.
'Its just the starting point,' by Keramos · 2008-11-06 04:14 · Score: 4, Interesting

So, the headlines blare "WPA is cracked!!!!", but the researchers themselves say they haven't cracked the keys used to encrypt the data and all they have is a "starting point".
So, how is WPA cracked and useless, again??
I suppose maybe we'll see at the PacSec conference.
1. Re: 'Its just the starting point,' by themightythor · 2008-11-06 04:23 · Score: 0, Redundant
  
  Because, in the security realm, even a partial break is taken seriously. It implies that there could be unknown weaknesses in the algorithm/protocol that are waiting to be discovered and exploited.
2. Re: 'Its just the starting point,' by AdmiralXyz · 2008-11-06 04:24 · Score: 2, Informative
  
  For two reasons:
  
  1) Even if it isn't completely broken, any kind of significant attack, as this most certainly is, is reason enough to switch to a more secure system if one is available. This revelation, combined with that Russian breakthrough of using GPUs to brute-force WPA keys in very little time, is evidence that WPA is very close to being insecure and inadvisable for use as a wireless security protocol, if it isn't already.
  
  2) Alarmist headlines always have been the de facto when it comes to security-related news and always will be. While I agree it is an exaggeration in many cases, it gets people paying attention to vital security-related issues, which can only be a Good Thing.
  
  --
  Dislike the Electoral College? Lobby your state to join the National Popular Vote Interstate Compact.
3. Re: 'Its just the starting point,' by Anonymous Coward · 2008-11-06 04:25 · Score: 0
  
  RTFA:
  They can read traffic comming from the router.
  They cannot read traffic going to the router.
  They cannot join the network. Just listen.
4. Re: 'Its just the starting point,' by eimsand · 2008-11-06 05:19 · Score: 1
  
  I believe the article also said something to the effect that they could read data in one direction...
  
  If this is true (and I didn't imagine that part) then I might speculate that they have found some way to predict portions of the keystream utilized by TKIP. I dunno. As usual, these articles written for the general audience don't have enough information to fully discern exactly what has actually been achieved here.
5. Re: 'Its just the starting point,' by AliasMarlowe · 2008-11-06 06:02 · Score: 1
  
  So, the headlines blare "WPA is cracked!!!!", but the researchers themselves say they haven't cracked the keys used to encrypt the data and all they have is a "starting point".
  Not cracked, just barely scratched a little.
  
  --
  Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Oh nooo! by jmerlin · 2008-11-06 04:14 · Score: 0

Now it looks like someone can steal my porn downloads. How rude.
OHNOES! by Your+Anus · 2008-11-06 04:14 · Score: 1

I just upgraded my toaster to linux and put it on my wireless network!

--

In the USA, we like stuff watered down, like beer, television, and freedom.
1. Re:OHNOES! by Coraon · 2008-11-06 04:45 · Score: 4, Funny
  
  I know I just got root access...BTW could you put in some bread? I'm trying to install pop-up's.
  
  --
  -Ours is the wisdom of Solomon, the magic of Merlyn, the fall of Icaris.
2. Re:OHNOES! by jonaskoelker · 2008-11-06 15:25 · Score: 1
  
  I just upgraded my toaster to linux
  Theo disapproves of your choice of words.
Secure Wi-Fi by extract · 2008-11-06 04:18 · Score: 2, Informative

Use WPA 2, AES, create private network, MAC address lock on, turn off SNMP, if your router allows it: Reduce transmission strength (Mine is reduced to 10%). Some Windows laptops cannot use WPA2 or AES due to obsolete Wi-Fi card, change the card in the laptop to fix the problem.
1. Re:Secure Wi-Fi by Tony+Hoyle · 2008-11-06 04:44 · Score: 1
  
  Problem is handheld devices such as the PSP are yet to support it - they're TKIP only. Worse, even if you switch the router to accept both type of encryption it breaks some devices which can only understand a router in tkip-only mode.
2. Re:Secure Wi-Fi by Anonymous Coward · 2008-11-06 05:39 · Score: 2, Funny
  
  My security is a lot simpler and more effective: one of my neighbors has an open WAP with "linksys" for an ssid.
  Don't worry, I changed the default admin password for them.
3. Re:Secure Wi-Fi by Voyager529 · 2008-11-06 07:56 · Score: 1
  
  In all honesty, I think that the fact that your neighbor has a free-for-all WAP helps your security as well. If you've got a WPA node and they've got a 'linksys' node, odds are that most hackers (bandwidth or information) will gravitate toward the lower hanging fruit.
  Joey
why not RSA? by Lord+Bitman · 2008-11-06 04:37 · Score: 3, Interesting

As a serious question, the ignorant wanting to be enlightened: Why don't wireless access points just use some well-known and tested public key encryption? What problem is being solved by WEP/WPA/etc which simply broadcasting (or for the paranoid: copying over with a USB key) a regular old public key wouldn't cover?

--
-- 'The' Lord and Master Bitman On High, Master Of All
1. Re:why not RSA? by Anonymous Coward · 2008-11-06 04:58 · Score: 0
  
  Or better yet, why not SSL? My guess (and we're probably around the same level of expertise on this one) is that they've found some way to make WPA(2) cheaper than SSL or RSA (perhaps the hardware chips that do the encryption are more complex for SSL or something).
  The way I see it, now that 8.10 has fixed the network-manager vpnc plugin I could care less what wireless protocols get cracked. Wake me when they can touch enterprise worthy vpn protocols, because those are used on wires as well.
2. Re:why not RSA? by Anonymous Coward · 2008-11-06 05:01 · Score: 0
  
  Symetric is way faster than asymetric (private/public-key)
  So the machine and the access point share a key: the password.
3. Re:why not RSA? by Anonymous Coward · 2008-11-06 05:05 · Score: 0
  
  Performance.
4. Re:why not RSA? by Anonymous Coward · 2008-11-06 05:15 · Score: 0
  
  In internet protocols you are probably familiar with (e.g. SSL), public key encryption is only used to secure a symmetric key exchange. Symmetric encryption is used to protect the actual session data. Public key encryption is computationally expensive, and many wireless devices are low power. Further, public keys need to be signed in some way (how do you know which public key to trust?), so you need a PKI infrastructure of some sort.
  Hence, local wireless access points, where you can easily configure both the access point and the accessing devices yourself use pre-shared (i.e. symmetric) keys, avoiding the need for an initial, expensive public key handshake and infrastructure of some sort.
5. Re:why not RSA? by Anonymous Coward · 2008-11-06 05:19 · Score: 0
  
  PKI encryption is point to point, Ethernet is point to multi point medium.
6. Re:why not RSA? by swillden · 2008-11-06 05:20 · Score: 4, Informative
  
  Why don't wireless access points just use some well-known and tested public key encryption? What problem is being solved by WEP/WPA/etc which simply broadcasting (or for the paranoid: copying over with a USB key) a regular old public key wouldn't cover?
  Why public key? What problem is solved by using public key schemes, with their corresponding complexity, poor performance and large, unwieldy keys?
  The question you SHOULD ask is: "Why don't wireless access points just use some well-known and tested symmetric key encryption?"
  The answer is: They do. The cipher is called AES and the WiFi security scheme that uses it is called WPA2. What's been broken is the stuff that's still based on the RC4 cipher, which has some well-known flaws.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
7. Re:why not RSA? by Anonymous Coward · 2008-11-06 06:27 · Score: 0
  
  Aren't the computational requirements of public key -- that is, asymmetric -- cryptography significantly higher than that of symmetric ciphers like AES? Meaning wireless access points would need to have beefier processors, and it would take more computational horsepower (and regular power) to keep data flowing at the same speed as AES.
8. Re:why not RSA? by ettlz · 2008-11-06 06:44 · Score: 1
  
  Go lookup EAP-TLS.
Why is the encryption married to the transmission? by elex · 2008-11-06 04:37 · Score: 1

We should be allowed to employ various encryption schemes IMO, rather than whatever ones come out of the box. Hows this for a possible workaround: a vpn host device hooked up to the WAN port of the wireless router, or VPN hosting built into the router's firmware. That way all the clients get to keep thier hardware the way it is, with a little added hassle when connecting. Does that work?
Meh by 0100010001010011 · 2008-11-06 04:39 · Score: 1

arpspoof
So, what about key rotation? by Chabil+Ha' · 2008-11-06 04:42 · Score: 1

So, given that my key gets rotated every 5 min, am I safe from their attack that takes 10-15? Now, assuming that the crack time scales with the resources thrown at it, it would seem that this isn't a safe bet.
One thing that did interest me was this:

A new wireless standard known as WPA2 is considered safe from the attack developed by Tews and Beck
For how long?

--
We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
1. Re:So, what about key rotation? by Tony+Hoyle · 2008-11-06 04:47 · Score: 1
  
  Not really.. if you capture the data stream somewhere you can take all the time you like to break the key.
2. Re:So, what about key rotation? by Anonymous Coward · 2008-11-06 05:37 · Score: 0
  
  Yeah, but by then his key will have changed and all they'll have is the 5 minutes of data with the previous key.
  So..... take your time when banking I guess. Stretch it out lol.
Moooooooo! by lordnabob · 2008-11-06 04:45 · Score: 0, Offtopic

Anyone know how large the government's IT workforce is? Couldn't find it myself. I'm guessing it's massive, many times larger than the top several IT companies combined. In my town, the Department of Agriculture pays more for programmers than most private IT companies. (Hence the Mooo) Kinda scary actually.
1. Re:Moooooooo! by lordnabob · 2008-11-06 06:29 · Score: 1
  
  I hardly see how it is Offtopic to discuss the workforce the US-CTO will oversee in an article about the US-CTO position.
Re:I use ROT13 by ale_ryu · 2008-11-06 04:50 · Score: 2, Funny

Meh, that's nothing, I use DOUBLE ROT13. Learn 2 secure your data you n00b!

--
Check out my blog!
Just like cordless phones, really by Rastl · 2008-11-06 05:01 · Score: 2, Informative

Cordless phones have to be some of the most insecure communication devices out there but people still think nothing of using them for 'secure' transactions.
When my mom got her first cordless phone she was concerned about giving out things like credit card info to companies using the cordless phone. She got a revelation with my answer of "Just use the corded phone for those."
We also had Cat5 run when we had some electrical work done. We use the corded connections for 99% of what we do. Wireless is there for the very rare time when we want to use one of the notebooks in an area without a network jack. And in no way do I consider the connection secure regardless of any encryption put in place.
Wireless isn't all that great. I'm not about to do my online banking at a Starbucks or any other place when I'm literally broadcasting my communication to anyone willing to sniff for it. That's just silly.
1. Re:Just like cordless phones, really by JSBiff · 2008-11-06 05:32 · Score: 1
  
  An interesting thing to note is that, while WEP has been cracked, and it looks like soon, WPA+TKIP, I've not really heard any talk of SSL/TLS having been cracked. Yes, there is still a possibility of a man-in-the-middle with SSL, but I haven't heard of the type of out-right cracks that WEP has suffered with SSL. So, if your bank website is using SSL to secure the connection, does it matter if WEP or WPA gets cracked?
  Also, isn't there a version of WPA which does *not* use TKIP? Wouldn't that still be secure?
2. Re:Just like cordless phones, really by rock56501 · 2008-11-06 05:39 · Score: 1
  
  I'm not about to do my online banking at a Starbucks
  Hopefully your bank uses SSL.
3. Re:Just like cordless phones, really by Shados · 2008-11-06 05:55 · Score: 1
  
  WPA2 is AES instead of TKIP, and that hasn't been cracked yet. Once that is, then we're in trouble, since AES is used eeeeeeeeeeeeeeverywhere....
et cetera by spazdor · 2008-11-06 05:17 · Score: 1

...pixels?

--
DRM: Terminator crops for your mind!
1. Re:et cetera by billcopc · 2008-11-06 05:41 · Score: 1
  
  ... trolls.
  
  --
  -Billco, Fnarg.com
2. Re:et cetera by spazdor · 2008-11-06 05:46 · Score: 1
  
  There's MULTIPLE TROLLS in ONE PIXEL!??
  
  --
  DRM: Terminator crops for your mind!
3. Re:et cetera by DarthJohn · 2008-11-06 07:05 · Score: 1
  
  How many trolls can dance on the head of a pixel?
Technical information? by iSzabo · 2008-11-06 05:26 · Score: 1

Any source on this other than a news article? I Googled it and couldn't come up with anything. It would be nice to have some technical information: as much as a news source is great, wouldn't it be nice to RTFA and RTFPaper? I guess otherwise we'll just have to wait a week for the conference.
Comment removed by account_deleted · 2008-11-06 05:29 · Score: 3, Interesting

Comment removed based on user account deletion
Public access with encryption by Anonymous Coward · 2008-11-06 05:43 · Score: 0

Is it possible to have a public wi-fi network that encrypts the traffic between the access point and the user without requiring anyone to type in a password? WEP for example requires typing in a password, so it's useless for public networks because everyone would have the same password.
Cat5e? You nuts? by jd · 2008-11-06 05:44 · Score: 1

Everyone but everyone goes for Cat6! It's not only rated at higher speed, it looks cooler too.

--
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Comment removed by account_deleted · 2008-11-06 05:55 · Score: 1

Comment removed based on user account deletion
wpa != tkip by Anonymous Coward · 2008-11-06 06:09 · Score: 0

The verbage here is misleading. WPA does not imply TKIP and TKIP does not imply WPA. WPA/WPA2 are merely handshaking protocols between STAs used to decide on authentication and encryption suites. The choice of cipher suite is totally orthogonal, because both WPA and WPA2 are designed to be extensible.
When WPA was first introduced, TKIP was the only non-WEP cipher suite available. But in the present day, you can just as easily use CCMP with WPA. Notably, you can also use TKIP with WPA2.
XBox 360 by Anonymous Coward · 2008-11-06 06:15 · Score: 0

Hey Microsoft,
It's about time you issued a patch on the XBox 360 to support WPA2. I had to downgrade my network to WPA when I got my XBox 360.
Thanks!
Here's how I would do it if I felt I needed to... by Anonymous Coward · 2008-11-06 06:39 · Score: 0

Just VPN to my home site and use internal resources. If you're in a public place wireless or wired won't matter since you don't control anything.
Why make it complicated?
Does this help by jweller13 · 2008-11-06 06:49 · Score: 1

I set my router to not broadcast and to only allow specific MAC addresses access. I also have the WPA passkey very complex and set to its max length, 128 characters I believe. So I have things pretty locked down. I'm not a wireless expert by any stretch so I'm wondering if these settings mitigate somewhat the hack described here.
1. Re:Does this help by Mantrid · 2008-11-06 06:53 · Score: 2, Informative
  
  I think as long as your WPA passkey is not easily guessable and long enough you should be good to go.
  MAC Address filtering and not broadcasting your SSID is really not doing anything for you though. MAC addresses are trivial to spoof, and SSID can be sniffed out without too much trouble.
2. Re:Does this help by gad_zuki! · 2008-11-06 10:54 · Score: 1
  
  >I set my router to not broadcast and to only allow specific MAC addresses access.
  You can undo those. Thats just security by obscurity. WPA is what is doing all the work here. If someone gets past your WPA then spoofing the mac and detecting your network is the easy part.
  If anything you should just switch from TKIP to AES. You may need to update your XP clients to support WPA2 or install SP3.
3. Re:Does this help by bigstrat2003 · 2008-11-06 19:52 · Score: 1
  
  MAC addresses are indeed trivial to spoof, but is it necessarily trivial to figure out what addresses are on the "allowed" list? I would think this would be the part that would make MAC filtering useful.
  
  --
  "16MB (fuck off, MiB fascists)" - The Mighty Buzzard
Cracked and Mad by Anonymous Coward · 2008-11-06 07:00 · Score: 1, Funny

If WPA is Cracked then is WPA2 Mad?
X10? Are they still around? by tepples · 2008-11-06 07:11 · Score: 1

This is slashdot, does this play well with x10?
My web browser's pop-up blocker plays well with x10. I didn't know they were still around.
Obviously by spazdor · 2008-11-06 07:11 · Score: 3, Funny

over 9000.

--
DRM: Terminator crops for your mind!
Comment removed by account_deleted · 2008-11-06 07:30 · Score: 1

Comment removed based on user account deletion
CAT5 in Australia by labnet · 2008-11-06 07:36 · Score: 2, Interesting

And if you live in Australia it is *ILLEGAL* for you to run your own cat5 in dry wall. You need to have a special licence that not even electricians have.
Welcome to the REAL nanny country!

--
46137
1. Re:CAT5 in Australia by Johnno74 · 2008-11-06 09:34 · Score: 1
  
  Yeah, I found that out when I moved over here from NZ. Had a good laugh, shook my head at the sadness of it all and then wired up my house with ethernet and phone.
  I blame unions.
2. Re:CAT5 in Australia by smellsofbikes · 2008-11-06 10:31 · Score: 1
  
  In my original post I made a lot of assumptions.
  In most of the US, if you do your own work on your primary residence, and it is a single-family residence unconnected to any other residences, you can do your own work if you get a permit and have the work inspected by a licensed electrician afterwards.
  If it's a second home (not a primary residence) or connected to other houses, all work must be done by a licensed electrician.
  Nobody bothers to get a permit or get their work inspected on their own homes, however.
  (That's for 110v wiring. For 'low voltage', anything under 24 volts, you can do anything you want any time you want.)
  
  --
  Nostalgia's not what it used to be.
3. Re:CAT5 in Australia by Sabriel · 2008-11-07 02:32 · Score: 1
  
  Not unions. Enough people got electrocuted by shoddy wiring jobs that some politician noticed. Unfortunately for the gene pool it wasn't just the idiot cablers that were getting fried.
  Not that I condone the nannying. If you compare Australian and New Zealand safety records, last I checked we Aussies were still losing badly despite our shiny pieces of paper. An independant set of eyeballs does a lot more to keep people alive.
  It's interesting to compare the different regulatory approaches of the two governments to the software world - roughly "closed proprietary standard" for Aussies versus "open free standard" for Kiwis.
Those are HTTPS by tepples · 2008-11-06 07:38 · Score: 1

You'd be surprised how many times I've walked around the corner to the local cafe to get me a nice coffee and see folks doing their banking,using their CC,etc on the cafe free wifi.
Just because you've broken WPA doesn't mean you've broken HTTPS.
1. Re:Those are HTTPS by hairyfeet · 2008-11-06 15:44 · Score: 1
  
  You don't need to when folks are sitting there in plain site typing in their CC number or account number where anyone can easily see it. All I would have to do is sit my cam in front of me while I sip my coffee and could get all the data I need and they would never know it. The problem isn't the protocols,it's the fact that when folks are staring at a computer screen they tend to forget about their surroundings. Just as you wouldn't say loudly on your cell phone in a crowded room "My credit card number is xxxxxxxxxxx" where anyone within earshot can hear,folks shouldn't be typing in important information where anyone can easily read it over their shoulder. Especially with the new zoom capabilities built into today's cams.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
Why does WPA2 slow down my downloads? by Anonymous Coward · 2008-11-06 07:39 · Score: 0

I set up a wireless connection to my XP gaming machine when I got a new house and fios last year. Using the Access Point/Fios modem that Verizon gave me I tried to configure WPA2 for my first time, but my download speeds were severely crippled. Interestingly, the upload speed was not affected. Initially I had to fall back to WPA to fix the problem. I first blamed it on my crappy pci wifi card and went and bought a Linksys, but that didn't make any difference. Eventually I discovered that the AP had a setting for WPA with AES and that works fine with my XP pc. I was confused for a long time because I thought AES was the difference between WPA2 and WPA. Looking at this thread, I now see the difference is probably that I'm still using TKIP instead of CCMP as a key manager. My question is: What do you think is causing the incompatibility with WPA2, the access point or Windows XP? It actually sorta works, just is slower than hell (AP->PC only).
Only weird thing is cat5e by Anonymous Coward · 2008-11-06 09:07 · Score: 0

Pull cat6 or better for new work! Also pull multiple cables on the runs, in case you find a use later.
Why do you want to start with what is already marginal gigabit capability?
I'm betting that 10 gigabit over copper will get commoditized into cat6 cabling pretty soon.
Clearing up some points by jesset77 · 2008-11-06 11:46 · Score: 1

As is common, there are many half-baked ideas being flung around this comment thread about wireless security. I would like to clear up what I can.
1> There are three major transmission security methods for Wifi: WEP, WPA and WPA2. WEP was badly received from the start and almost immediately broken, this article asserts that WPA is now almost as badly compromised, and nobody has yet made any reasonable threat to WPA2.
2> The major reason many interested parties have not yet migrated entirely to WPA2 is because of certain legacy hardware and software only capable of WPA. For example, pre-windows XP SP3 OS, voip phones, entertainment systems, printers; in the business sector you might also have certain AP's and base stations which will be costly to upgrade beyond WPA capability.
3> It is not helpful to say "wireless is dead" or "everyone should just use cat5". Wireless in general and Wifi in particular fills an important roll for homes and businesses worldwide both to connect devices difficult to reach by wire and for freedom and mobility.
4> No, there is no such thing as perfect security. On the other hand security can be pretty readily quantified, and the impact to WPA is significant if TFA turns out to be correct. While wireless has many strengths regarding mobility, it has an inherent weak spot given that all of your data is blared out into the air in every direction â" making it more easily analyzed by interlopers. This threat is virtually negated by responsible use of stable encryption technology, including WPA2 AES.
5> the type of encryption compromise TFA discusses will allow script-kiddy level attackers to sit outside the home or business (up to a good distance if they have line of sight and a directional antenna) of WPA users and either eavesdrop on your communications (valuable for identity theft and farmable, even if you are joe nobody) steal your bandwidth, potentially perpetrating illegal acts hidden behind your IP address, or possibly hack your machine (from behind your NAT) for use in a bot network. This is just a list of the uses joe nobody's connection might be put to that I can imagine off the top of my head, there may be more.
6> No, TFA is not a sales pitch for hardware. OEM's are embarrassed by any products which might be easy to compromise, and I am aware of none that push product A with weak security in an effort to gouge with product B which instead uses decent security. It's not a sales pitch for "encryption" since AES is a public standard. You might make the argument that it's a sales pitch for computer and network consulting, but that's an entire industry and I don't believe it will ever run out of things to actually do.
So the moral is: WEP (and now also WPA1) are like car door locks. They only protect you as long as wardrivers can preferentially use your neighbors cleartext connection. WPA2 with a well chosen password will provide you a level of security similar to a wired connection, with all the benefits of mobility. While all encryption standards are eventually broken, I see no reason to believe that WPA2/AES will fail in the next decade.
Cleartext hotspots at cafes and WEP/WPA1 connections are not entirely useless (especially if you can use SSL, or VPN / SSH tunnel for anything you wish to protect) but it is advisable to know when your traffic has a relative expectation to privacy and when it does not. It is also wise to give some amount of value to your privacy, if only because you won't truly understand it's worth until you've after you've lost it.

--
People willing to trade their freedom of expression for temporary entertainment deserve neither and will lose both.
How's that a problem? by jonaskoelker · 2008-11-06 15:22 · Score: 1

and instead type something else in manually (not https: www.mynotsosecurebank.com)
Fixed that for you.

Since the latter could easily be hijacked prior to the typical auto-redirect to https.
Uh-huh. And firefox will display "My Mostly Secure Bank" in the green bar without warning about the self- or unsigned SSL certificate exactly why?
Or is your scenario something different that I'm not considering?