Slashdot Mirror
The Wi-Fi Hacking Neighbor From Hell
Hugh Pickens writes "Barry Ardolf, a Minnesota hacker prosecutors described as a 'depraved criminal,' has been handed an 18-year prison term for unleashing a vendetta of cyberterror that turned his neighbors' lives into a living nightmare. Ardolf hacked into his next-door neighbors' Wi-Fi network and used it to try and frame them for child pornography, sexual harassment, various kinds of professional misconduct, and to send threatening e-mail to politicians, including Vice President Joe Biden. The bizarre tale began in 2009 when Matt and Bethany Kostolnik moved into the house next door to Ardolf. On their first day at their new home, the Kostolnik's then-4-year-old son wandered near Ardolf's house. While carrying him back next door, Ardolf allegedly kissed the boy on the lips. 'We've just moved next door to a pedophile,' Mrs. Kostolnik told her husband. The couple reported Ardolf to the police, angering their creepy new neighbor (PDF). 'I decided to "get even" by launching computer attacks against him,' said Ardolf, who downloaded Wi-Fi hacking software and spent two weeks cracking the Kostolnik's WEP encryption. Then he used their own Wi-Fi network to create a fake MySpace page for the husband, where he posted a picture of a pubescent girl having sex with two young boys. Ardolf turned down a 2-year plea agreement last year to charges related to the Biden e-mail. After that, the authorities piled on more charges, including identity theft and two kiddie-porn accusations carrying lifetime sex-offender registration requirements."
Noob! :)
I'm not sure if I'd prefer the above, or this:
http://www.youtube.com/watch?v=sZqPQPhsuX4
They had nothing to hide anyway...
What additional security measures can be taken to thwart script kiddies like this guy? Is MAC address filtering + WEP/WPA encryption (or one of those) sufficient security. At this point I want to shut the fucking WiFi off, but there are others in the household who wouldn't go for that.
I often balk at the sentences our judicial system hands down (too much punishment for minor offenses, too little for major offenses), but in this case I think the punishment fits the crime.
What additional security measures can be taken to thwart script kiddies like this guy?
Well, there's always physical security. You catch someone doing something like this, and you put them under arrest yourself and then hope they resist, at which point you may use necessary force to subdue them. In California, anyway. Bring a witness with a camera.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
turned into byzantine obsession is a sign of a person who will do nothing but bring grief to anyone who ever touches his or her life
if you ever meet this type, back off slowly smiling, then run like hell
their feeling of disempowerment and helplessness (self-learned) and the eternal fight against that (fruitlessly projected outwards) is all they know, it defines their entire existence
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Some nodes can change their MAC address, so you just need to monitor the network for a while and spoof a good MAC address which is not in use.
http://michaelsmith.id.au
Mac filtering + WEP is useless.
Go for WPA2, and you are not 100% safe anyway. But better than WEP for sure...
From the summary:
'I decided to "get even" by launching computer attacks against him,' said Ardolf
Sounds like he confessed, so, um, yeah?
We're all full up on Crazy here...
The guy didn't download the CP for sexual purposes. He's not a paedophile, just a warped anti-social individual.
That register is for people who have a proven (and acted upon) attraction to minors; Those who are a danger to children. Adding him to the list dilutes it and mitigates its usefulness. What he did should be covered by libel / defamation laws. He deserves to be taken out of society for what he did to that family, but there's nothing in there which supports the idea that he's dangerous sexual offender.
Finally had enough. Come see us over at https://soylentnews.org/
This seems totally bogus to me. How could someone possibly crack WEP in two weeks? I suppose if you didn't read the instructions you might be able to stretch it to a few hours, but two weeks? What was he doing all that time?
Consider the Wifi network as "open" and use it only to connect VPN nodes (such as OpenVPN, for example.) This does require that you use a PC as the Internet gateway/NAT/VPN server.
MAC address filtering is very loose security. MAC addresses arent private things, and aren't hidden when a computer is communicating. To build a list of MAC addresses that are allowed on the network (by simply seeing the machines that are on the network), and then change your machine's MAC to match is fairly trivial.
So how would you monitor your network to see if someone is brute forcing their way in? The options on a lot of these consumer grade wireless base stations are fairly limited, but there must be some reasonable way to monitor for brute force attacks.
Kiteboarding Gear Mention slashdot and get 10% off!
I shut it off anyway. If you don't have a wire, you don't connect to my network.
Most NICs support either intentional or "back-door" MAC address cloning. Cloud-computing resources can crack your WEP (trivial), WPA (harder/slower), and WPA2 (much harder and slower, but still doable, unless you rotate them daily).
Then, if you have implemented some reasonable level of security, when the jackboots kick in your door, you'll have a much harder time defending yourself during the pre-trial investigation, and, then, assuming you live long enough, in court, due to the security you put into place, obviously trying to hide your evil actions.
At best, you can discourage casual (mis-)use of your WiFi, but that wouldn't help against a long-term attack like this one.
If you're worried about it, shut it off, and run the cable, as I have.
http://www.random.org/passwords/ has a fairly good pw generator. Make a bunch and pick 2 strung together.
"Well, good luck finding a judge that doesn't run a bestiality site."
It must have taken them a long time to figure out what happened unless he wasn't spoofing MAC addresses. It wouldn't occur to most people that their wifi was hacked. Most would assume someone had hacked their individual machines. Wonder if the target was technical, in which case the hacker would have been stupid to do what he did (not to mention evil).
Do what you can, with what you have, where you are.
Or it could be the author of the article has his head up his ass and just calls all wireless security WEP.
"Well, good luck finding a judge that doesn't run a bestiality site."
Is that prosecutors are allowed to offer plea deals.
If the prosecutor believes crimes were committed, then file charges. If not, don't.
If people are cowed into pleaing guilty (or no contest) to charges to which they believe they're innocent due to legal costs or fears of false conviction, the solution is radical reform of the legal system. NOT to create a gray area of semi-crime, semi-guilt, and semi-punishement. That is *not* innocence until proven guilty.
Yeah, Mac filtering is pretty useless. I mean, what's the chances of a leet hacker using a Mac?
Steven Seagal's Apple Newton notwithstanding.
Why? It does not actually matter if the mac address is in use or not.
1. spoofing an IP will not get you past MAC address filtering
So you just spoof your MAC address as well. It's not as if this was rocket science (... as anybody would know who ever sat in a boring airport lounge..)
The obvious solution is to not piss off the creepy neighbor.
And if some stranger I just met kissed my kid on the lips I'd be doing a little hacking of my own, involving a Extra Heavy Duty Glad Bag and a large surgical skiving knife.
See, the trick is to cut the bags open so you can cover the furniture. It makes cleanup a snap.
You are welcome on my lawn.
He went from a 2-year plea bargain to an 18-year sentence? They raked him over the coals for not cooperating with the prosecution.
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
WPA2 is probably adequate, MAC address filtering would probably stop only very incompetent hackers, it's pretty useless in my understanding (correct me if I'm wrong)
"It is our choices, Harry, that show what we truly are, far more than our abilities." -- Prof. Dumbledore
if you read TFsentencingmemo, there's no doubt he did.
If you use WPA2 and a strong WPA password that is 18+ characters long you don't have much to worry about. MAC filtering is easy to bypass and WEP is a joke.
If you read that whole pdf you would see that the evidence against him is overwhelming. He'd be better off claiming he had an evil twin.
Tell that to the Norfolk Four, watch the PBS documentary.
While I'm not suggesting that's what happened here, I am saying that a confession isn't necessarily definitive evidence that anyone has done what they confessed too. The methods used to solicit the confession, the motivations of those involved, and the persons mental capacity (either at the time, or in general), need to be taken into account.
Hopefully they have substantially more evidence than just a confession. Especially if this person is "creepy", weird, or similar, as he might be the kind of person who would fall prey to this sort of coercion.
Just something to keep in mind when they say "he confessed".
This is my footer. There are many like it, but this one is mine.
Although it can have security issues itself HomePlug is a good option. I live in an old granite 3 storey house so I can't get a decent wireless signal throughout my house so HomePlug works great for me. I doubt many hackers check to see if they can access homeplug in their neighbours house via the electrical sockets in their own house.
The neighbor would have been able to use him as a source address for traffic -- but *not* to steal his usernames and passwords out of the air.
MAC address filtering is useless against a determined attacker. Your best bet is a WPA2 PSK with a long key, unless you fancy setting up WPA2 Enterprise.
There are plenty of WPA and WPA2 cracking services online, pretty much just a click away. These services rely on their "rainbow tables" for WPA/WPA2, which if you use a non-standard SSID and a long (18+ character), strong password are pretty much useless. Once the WPA password passes about 14 characters the table generation time starts running into years.
You mean besides the confession (already mentioned by another reply to you), and besides the fact that when he was emailing his victim's coworkers and bosses with message claiming to be a pedophile he accidentally left some of his ISP's software running, so his laptop was sending login information to Comcast using his own name and Comcast account number? Besides the search warrant that turned up a journal where he detailed his plan to "utterly destroy his life"? Besides the manuals on hacking WEP where he had scribbled his victim's wifi network name? Besides the fact that on his computer was the child pornography he planted on his victim? Along with a note in his journal "PLANT CHILD PORN". Besides the pile of stolen mail under his bed? Besides the unsent letter he had prepared where he had printed off his victim's last tax return, and attached a note that their life belongs to him, and he will end it? Yeah, basically sounds like a setup, could have been anybody!
ASCII stupid question, get a stupid ANSI
Not broadcasting the SSID is a pretty worthless security measure. If you have a wireless client connected I can see your SSID.
but seriously, who hasn't enjoyed some Gedankenexperiment and run through all the neat little things one could do to really make someone's life a living hell? The fail here was the evidence trail he left :)
You appear to have missed the fact that the person who said 'I decided to "get even" by launching computer attacks against him,' is the guy who kissed the other guy's son, not the guy who reported it to the police (which by the way, I did as well on the first read through of the summary).
The truth is that all men having power ought to be mistrusted. James Madison
The only passwords I'm seeing that this guy stole in TFA was the WEP key. Apart from that it looks like he just used the persons connection to create new accounts to frame him for anything and everything he could get away with.
MAC filtering + "something better than WEP" (e.g. WPA2) + don't broadcast your network's SSID. Of course that makes it sort of annoying when you have guests over to your house who want to connect to your network.
Hmm -- I didn't catch that it was new accounts. Depending on how his corporate email system was secured, it may or may not have been necessary to steal username/password credentials to send messages appearing to be from the intended target.
1. spoofing an IP will not get you past MAC address filtering
So you just spoof your MAC address as well. It's not as if this was rocket science (... as anybody would know who ever sat in a boring airport lounge..)
You don't have to spoof your IP address at all. Just spoof the MAC address and let DHCP take care of the IP address.
True, but make them go through the effort.
It is one more step, which when revealed in court, will help hang them.
I am very small, utmostly microscopic.
Indeed, in most cases this works... unless the DHCP server is smart enough to know that the re-request came way too early (the Mac still has a lease, and it's still valid several hours...)
Guess your dad was a made man with low friends in high places.
Working with what you got, here's off the top of my head: -Adjust the transmit power setting. Unless you need wireless coverage outside your residence, then I would turn down the power to where the signal is just barely getting outside your walls. For example, can you stand outside your apartment door and see your wireless network? If so, others can. AFAIK, only the custom firmwares support adjusting the power aka tomato and DD-WRT. Look at them if you haven't. -MAC address filtering + WPA 2 is good. Others will point out the MAC addresses can be spoofed. WEP is pathetic at the time of this writing. -Turn off support for unneeded services and protocols on your router. For example, if there's no 802.11b network cards, turn this off.
"It's one thing to talk about the poetry of machines. Quite another to listen to it for yourself."
Every device that has access to the internet in my house is listed in the mac address filter on the router. I use a wpa-tkip-aes key as well as stateful packet inspection. The reality of it is any asshole (like the one mentioned above) who is motivated enough will eventually break my security key. I just do the best I can to make it a pain in the ass to all that are not truly motivated. As a parent I would have had something to say about a stranger kissing my child but to call the police and report him as a sex offender without even checking the listing is irresponsible. At the very least she should have checked her states' website that lists sex offenders before she made an accusation.
"We are just a war away from Amerikastan. When god vs god the undoing of man." Dave Mustaine
WPA2 is probably adequate, MAC address filtering would probably stop only very incompetent hackers, it's pretty useless in my understanding (correct me if I'm wrong)
You may be right about that. Can you find the MAC addresses of systems connected to a network you are passively sniffing? Then it is a matter of waiting for that system to go offline (such as the case for a laptop or phone), then steal its MAC. In this case the hard part is getting past the WPA2.
I'm a good cook. I'm a fantastic eater. - Steven Brust
MAC filtering + "something better than WEP" (e.g. WPA2) + don't broadcast your network's SSID. Of course that makes it sort of annoying when you have guests over to your house who want to connect to your network.
So you think that MAC filtering and a non-broadcast SSID are going to stop someone that can break WPA2? Seriously, just use WPA2 and be done with it.
MAC filtering is, in my opinion, a pain in the ass for little gain. Every time you want to add a new device you gotta add the device's MAC to your filter list.Yes it's usually trivial to do, but it's a pain when family or friends come to visit. If it added a significant amount of security I'd consider it worth the annoyance, but it's trivial for anyone who even vaguely knows what they're doing to bypass. I use WPA2 with a long non-trivial password. If someone gets past that I think I can legally argue that did due diligence in keeping my network safe.
I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
In a serious type of criminal activity of this nature, trying to falsely incriminate the other person technically means YOU were the one obtaining the child p0rn, so YOU should face those charges you are trying to bring unto them....glad the courts saw this and acted accordingly....
If he really has no time other then to get back at someone...then he faces the consequences of getting caught....and that is what he got,
i feel no pity for him, and if what he did was true(kissing the little boy on the lips, when he did not even know the boy), means to me he definitely is a weirdo...
and belongs where he is...
Physical security like control your Wireless signal. place the AP in a location where it does not spill outside. I.E. actually understand RF energy and how to control it.
I have an Open AP that unless you are in the house or up against my glass you are NOT getting in. and no you posers claiming you can do it with a cantenna cant. I have a 27db gain 2 foot dish and I cant get into it until I am 4 feet from the house. There are advantages to having aluminum siding and aluminum window screens plus the AP residing in the basement on the floor.
Do not look at laser with remaining good eye.
Unless his corporate network was pathetically set up (a possibility, I'll grant you), even with access to the guy's wireless network corporate network should have been safe without a lot more effort. Ideally connections to work should have been VPNed, but at the very least they should have been HTTPS, or an encrypted e-mail protocol.
I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
Aye, but passwords are transmitted in the clear.
I like this one:
http://www.thebitmill.com/tools/password.html
Can set length, include different sets of character classes (helpful sometimes to turn off punctuation for the idiotic apps/sites that block punctuation in passwords)
Well, if he was an uber skilled script kiddie, he could just spoof one of the allowed IP's which isn't hard to do at all considering 'script-kiddies' have been hacking into government affiliates as of late... :) got something to hide?
Does anyone know if stateful packet inspection will catch ip or mac spoofing?
"We are just a war away from Amerikastan. When god vs god the undoing of man." Dave Mustaine
There was another case of Wifi hacking a while back - the victim of the hacking was able to get the charges dismissed largely because they were running an unsecured WiFi. The implication was clear: if they had secured their WiFi, they probably would have been convicted. The authorities probably not have accepted their claim to have been hacked.
Enjoy life! This is not a dress rehearsal.
I don't know if I should mark you as stupid or smart/funny... STOP CONFUSING ME...
It does. If it's in use at the same time as the hacker connects with the MAC spoofed, you have two machines on the network with the same MAC. That causes enough problems that the victim will notice something is going on.
Heh, my previous house was just like that. I called it my "Faraday home". It was nice knowing that nobody could get into my Wifi network because they simply couldn't reach it. I didn't run security on mine either. Although not being able to get online with my laptop while sitting in my back yard was, admittedly, annoying.
My new place is not so lucky, so I have to keep the Wifi power turned down quite a bit and use WPA2 security with a stupidly long and complex key. But I wasn't as bad as my neighbors, almost none of which had security turned on at all, or used the broadcast name as the security key. At least until I went in and changed all the names of the base stations to rude phrases, then they all got locked down in a weekend. :)
Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
I agree that the mother over reacted by calling the police. Marching up to the guy and giving a major scolding is more likely effective.
Oh, come on, now, you're being completely unreasonable. We're trying to build a society here where one can completely abdicate personal responsibility and avoid personal confrontations at all costs.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
So typing in a "long non-trivial password" every time a guest or new device needs to be added to the network is less of a "pain" than adding MAC filtering which, according to you, is "trivial to do, but it's a pain"?
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
"perceived sleights turned into byzantine obsession is a sign of a person who will do nothing but bring grief to anyone who ever touches his or her life"
Have you never see the Cable Guy or One Hour Photo. I guess the lesson to be learned here is don't piss off technical support .. :)
"Up until his termination in June of 2010, Ardolf worked at Medtronic as a neuromodulation device repair technician" link
Cloud-computing resources can crack your WEP (trivial), WPA (harder/slower), and WPA2 (much harder and slower, but still doable, unless you rotate them daily).
Baloney. If you pick a long password (say 15 upper/lower/numbers), "cloud computing" can't break a WPA2 AES password. If you know otherwise, please post a reference of how you can possibly accomplish this.
If someone can hack WPA2 then MAC filtering isn't going to do jack, the ultimate answer here is to use WPA2 (if you must use wifi).
WPA2-PSK-AES with a 64-character passphrase that looks like line noise. Save it to a text file stored on a USB key, so you can just move around to various devices and cut-n-paste it in to set them up. Change it if you ever give it to a guest -- once they leave, or sooner if you want to *prod* them to leave.
Change your SSID to something like "invite_only" or "private_keep_out". This is more for legal support than any actual physical defence.
Turn on and periodically check the logs on your WAP. Become familiar with what normal entries look like and keep an eye out for anomalies. Specifically, look for any duplicate MAC alerts, which is a sign someone is trying to spoof one of your MAC addresses.
Noob tricks like MAC filtering, DHCP client limits, etc. are trivially bypassed by a knowledgeable attacker. Please note, anyone with a few minutes access to Google is now a knowledgeable attacker.
Make sure all your devices support WPA2-PSK-AES. Any that don't, upgrade or replace.
Learning HOW to think is more important than learning WHAT to think.
WPA2 (much harder and slower, but still doable, unless you rotate them daily).
If it's so slow, why would you change they keys daily? If your key has sufficient entropy, you are set for years.
Give me Classic Slashdot or give me death!
The neighbor would have been able to use him as a source address for traffic -- but *not* to steal his usernames and passwords out of the air.
If one were to go to the trouble of using an internal VPN rather than standard wireless encryption, it would really make sense to go the one extra step and ensure that only traffic from the VPN tun device on the endpoint gets routed to the internet...
That would leave anybody who gets onto the wireless harmlessly twiddling their thumbs in some 192.186.1.* backwater until they figured out what VPN client to fire up and somehow obtained the credentials for it.
I don't know if I should mark you as stupid or smart/funny... STOP CONFUSING ME...
They've finally added the "-1, Stupid" mod?
My sister opened a computer store in Hawaii. She sells C shells by the seashore.
Indeed, in most cases this works... unless the DHCP server is smart enough to know that the re-request came way too early (the Mac still has a lease, and it's still valid several hours...)
What DHCP server behaves in that way? It sounds likely to go wrong.
Then I suggest you try it. Spoof a mac from a machine which is on another machine and make sure one of the machines is allocated a different ip address. You will be surprised by the events when they unfold. It may not work with wpa / wpa2 (never tried) but it will work with wep (tried). Both machine will just see each other's ip traffic and drop them at the ip stack. The following can also work. It is possible to shadow a wireless user using wep / the same mac and the same ip address. So long as both machines have a stateless firewall which drops everything by default. It will prevent the hosts from interfering with each other :)
It doesn't matter how trivial it is since MAC filtering adds no security at all and is a waste of time. A "long non-trivial password" is the only security measure you can take (or need to take) with WPA2.
I know what happens when you have a duplicate MAC on a wired network... confuses the routing. Is there a similar collision on a broadcast/wifi system? If so, even if he spoofs a MAC he has to wait until yours is offline, otherwise it's just a DOS. In my house all the networked devices are on 24/7 except my cell phone which obviously travels with me.
Check out my lame java blog at www.javachopshop.com
Almost. You beat his ass first and then figure out how to blame it on him. In Texas, anyway. Bring a shotgun.
In Soviet Russia, Chuck Norris will still kick your ass.
It's surprising how many companies have open relays.
Check out my lame java blog at www.javachopshop.com
I used to connect to open wifis in my neighborhood, login to the routers using the default admin passwords, block google.com, then change the router's hostname or something to "secureyourwifi". They're all using encryption (of some kind) now.
http://alternatives.rzero.com/
I understand the risks, but I personally find this level of security a pita for a home network. I use WPA2 and my password is non-trivial but still probably dictionary-able (words with character substitutions such as a $ for an s in the word...) Anyways, I do this specifically because I got tired of everybody and their brother with an iphone wanting to get on my network and having to add their MAC and provide them with a card with the complex key written on it. I realize that some people run businesses at their homes so it makes sense in that case to be a little extra paranoid, but I think many people around here are overly paranoid. I don't mean that part to be specifically about you, I'm sure many people have good reasons to want their home networks secure. In my case, I treat it like locking the door... it's just enough to keep the honest people out.
Check out my lame java blog at www.javachopshop.com
I hesitate between damn funny, dripping sarcasm, and informative.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
MAC filtering is only a pain if you routinely have company. For someone who only occasionally has guests, it's not a problem - and when I do, it takes all of 2 minutes to get them set up on my network. What I do...
1. Disable DHCP, assign each device on my network its own static IP address.
2. Enable MAC address filtering for each device.
3. Enable WPA2+PSK, using a long, seemingly random string of letters and numbers that only I know the proper means to mentally 'generate' on the fly (as opposed to having to memorize the whole damned thing).
Granted none of these are impenetrable, but put 'em together and I feel reasonably secure, especially against your average script kiddie.
(Now let's watch as some random "wardriver" drives past my apartment and proves me wrong. -.- )
There was a book written called "3 Felonies a Day" which details how the legal code is so complex, everyone is a felon. What you are describing is a symptom of that.
Except for ending slavery, the Nazis, communism, & securing American independence, war has never solved anything.
I don't know about Homeplug specifically. But most network over powerline inhome systems network signals will not go through the transformer on the pole. He would have to have access to power after the pole.
This is why you don't use wep!!!! Anyone stupid enough to enable wep is just as at fault as the hacker.
I'm glad someone called him out on it. The only practical WPA2 attacks are dictionary attacks. Don't pick passphrases that include dictionary words.
I have an Open AP that unless you are in the house or up against my glass you are NOT getting in. and no you posers claiming you can do it with a cantenna cant. I have a 27db gain 2 foot dish and I cant get into it until I am 4 feet from the house. There are advantages to having aluminum siding and aluminum window screens plus the AP residing in the basement on the floor.
Do not underestimate the power of 60 years of lead based paints.
read the summary AGAIN... he did NOT kiss his own son, he kissed the Kostolnik's son...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
Good point. Though, I think in general MAC filtering and non-broadcast SSID will deter many amateurs. I mean, look at the guy in this article. It took him 2 weeks to crack WEP. If they had not been broadcasting the SSID, are we certain he'd have even figured out they have a network? Neither of those methods (MAC filtering and non-broadcast SSID) are going to defeat someone who knows what he's doing. The corollary is that many people don't know what they're doing.
You read the article! No fair!
You know, there comes a point when your faith in Eugenics is so complete that you're still a believer in it even though it means that you'd probably have to render yourself infertile.
Consider yourself spoken to.
Erm, I don't know what you mean by 'smart enough'. If a computer rerequests a IP, DHCP is supposed to respond to it and give them their IP.
Anyone trying to 'secure' something by making a DHCP server not do that until that IP's lease 'expired' would pretty much break everything. 'Oh, look, that dastardly computer crashed without turning in their lease, no IP for them when they reboot! And that one went to sleep mode and, upon waking, checked to make sure it still on the network by updating its leash, no IP for them either!'
If corporations are people, aren't stockholders guilty of slavery?
wish I could give you points for the QUALITY Newton reference. made my morning.
having dupe mac addresses causes ARP cache conflicks.
arp -an (to view)
arp -d (to delete the entry)
until the entry is gone or aged out, the router who has that arp cache will send packets for that mac addr out the 'port' its 'attached' to (in cache).
all made worse by multiple bridges having forwarding databases (your switches are really bridges, just wire speed) having mac_addr to port tables and this can point in 'all different directions' for data flow.
the thing is, users are so used to wifi being 'messed up' or having hangs and pauses, they won't NOTICE a mac addr poisoning, necessarily. heck, they'll just reboot something until the data flows again.
--
"It is now safe to switch off your computer."
It's not much less of a pain, but unlike MAC filtering it's actually reasonably secure. I don't mind something being an annoyance if it works, but it seems stupid to add yet more effort on top of the existing effort while adding no real value. Besides with a bit of effort a password (really a passphrase) can be long and non-trivial, but still be memorable. I can type my WPA key from memory, I don't make a habit of memorizing MAC addresses.
I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
Yes, because you can keep the password on a flash drive, and when guests come over, you can hand it to them and they can get online with almost no delay added. It's a copy and paste.
Meanwhile, if you filter MAC addresses, you have to have another computer already on the network handy, and log into the admin pages and add them.
If corporations are people, aren't stockholders guilty of slavery?
The guy took two weeks to crack WEP? He must have been doing something wrong then.
... or, maybe he initially knew nothing of wireless hacking, and had to spend 13 days learning about it and downloading stuff ... and the actual hack took five minutes.
Really, this is what people are harping on?
Texas?
There are two types of people in the world: Those who crave closure
Disabling DHCP does nothing for your security at all. Anyone who break WPA2-PSK is going to have enough skill to be able to set their own fricking IP in your network.
And the same with MAC filtering, although that might actually help if every single device in your house is on. (Or, rather, every single device that is often on, is on. Obviously, they can't guess the MACs of devices that are never on in the first place.) Generally, no, that's equally pointless.
There are sometimes reasons to have multiple levels of security, but they have to go from least to most to make any sense at discouraging and stopping people. To break into your network, people have to first break WPA2, and at that point, anyone who manages that can certainly figure out the rest of the thing. (Not that I think anyone could manage that.)
You have put a dollar store padlock on a box that you're storing inside a safe. All you've done is make it more work for you.
If corporations are people, aren't stockholders guilty of slavery?
I miss the 1990s.
MAC filtering would have done, quite literally, nothing to stop this guy, and I will explain why.
To crack WEP, you generally fire up a scanner like kismet to locate your target. This will locate any SSID where there is either a broadcast, or traffic. This is why non-broadcast isnt much security-- its possible that the scanner will miss your network, but given enough time it will eventually respond to a packet and show up in the scanner.
Once you have located your network, you check its details, which shows authenticated MACs, encryption type, etc. At this point, you start collecting IVs through aircrack or whatever else you use. One of the ways to generate traffic is to spoof de-auth packets to auth'd laptops, forcing them to reauthenticate, generating additional traffic. This whole way through, you have a list of valid MAC addresses-- so when you finally crack the password, you can simply spoof your mac as one of theirs (Wifi macs are easily changed in software), issue a deauth command to their connection, and authenticate as them. If it is at night, they probably wouldnt even notice, and their router would show you as being them.
If you want additional security, you use an encryption type that wasnt broken in 2001, horribly broken in 2004, and left in shambles a few years later as the cracks got progressively better. It is now possible to crack a WEP network on bog-standard Ubuntu with unpatched drivers with bog standard hardware in about 5 minutes (the span of 2 youtube videos) if you have the right software.
In other words, use WPA or WPA2-- preferably with AES. The vulnerabilities for those consist of pounding the routers in a brute force attempt to get the password. For a password, use a sentence-- it can be anything, like "My dog's name is Rover.". Good luck to the would-be hacker guessing which of the billions of permutations of sentences you used.
Have we learned nothing from Independence Day?
All nodes can change their mac. Under windows it can be done from device manager, under linux I think iwconfig and macchanger can do it.
WEP / WPA? I wouldn't lump those two together. WEP is garbage. These people were running WEP. WEP should be unincluded for all modern routers (you should have to go out of your way to get a special purpose WEP router if you really need it). That's an ideal world. So, what can you do? Use WPA2-AES with a 40 character passphrase if you're paranoid. Problem solved (for all practical purposes).
That would not prevent someone authenticating to your wifi AP and doing what this guy did, namely take incriminating actions from your connection.
That is what outdoor outlets are for. I know there are a couple on my house. They also do have loops to put a padlock over the covers of the outlets, but who locks up their outlets?
"But this one goes to 11!"
Why not use WPA2-AES, rather than WPA-TKIP/AES? The latter has only the minimum strength of WPA-TKIP (which isn't terribly strong).
No sense in exposing your network needlessly.
Now for a truly terrifying experience, imagine what would have happened if he wasn't grossly incompetent.
So do you change your long passphrase every time someone comes over who wants to use your Wifi and you have to provide the password, or do you go through the hassle of actually typing it in on their machine yourself, and then making sure it is not saved and such? Or do you just pull the dick move and tell everyone that comes over with a laptop that they can't use your WiFi?
"But this one goes to 11!"
MAC filtering is 99% worthless. It takes one command in terminal to change your ethernet or wifi MAC to anything want, good till reboot.
And afaik MAC addresses are sent in the clear so a packet sniffer would instantly have a valid usable MAC when someone logged in legitimately. Just a matter of waiting for them to put their computer to sleep, as more than one computer with the same MAC tends to make the router go skitzo.
I work for the Department of Redundancy Department.
This man is truly a depraved and evil person. Not only did he try to frame his current neighbors, he harassed and stole from his previous neighbors. When the Feds attempted to go easy on him, he fired the lawyer that scored this sweetheart deal and withdrew his plea. He then proceeded to blatantly violate the terms of his release from prison. Well after the trial had begun, he pled guilty a second time. Because this wasn't nearly enough fun, he tried to withdraw his plea AGAIN (that failed.) He also added attempted witness tampering to his list of crimes, because apparently he wasn't going to be locked away for enough time yet. (But he did it via mail sent from prison! I guess he didn't get the memo that except for mail to your lawyer, all letters to/from prison can be read. Whoops!)
He shows absolutely no remorse for his actions; to this day thinking this "revenge" was justified. (He even tried to get the victim's testimony disqualified because they failed to obtain a construction permit for work done on their basement and therefore they could not be trusted. Talk about the (cast iron) pot calling the stainless-steel kettle black.)
Was he TRYING to dig his hole as deep as possible? About the only thing that could have made him worse off would have been a pro se defense, followed by trying to attack the judge during the trial.
Locking guys like this away is what we have a justice system for. Good riddance.
No, he would not have been able to use the victim's internet as source address. The internet gateway/NAT should not forward to/from Interent anythign that is not on the VPN 'network'.
And if some stranger I just met kissed my kid on the lips
That was the original complaint from the neighbor. If we take this on its own, and presume nothing before or after, I think it warrants a little more examination of what happened. We are, after all, talking about a small child. Sure, based on what we know about this nutjob it is certainly possible he intended to plant a kiss on the lips of a kid, in which case he is a dirty pedophile who should be taken out of society.
On the other hand, we should consider the behavior of a lot of typical 4 year old kids - rather unpredictable. If your neighbor kissed your kid on the cheek or forehead you might not be offended, right? What if that is what the guy was going for and the kid moved his own head at the last second? Now the stranger's lips are on the kid's lips unintentionally.
Of course, I would generally think it unwise to kiss a kid you have never met before. and based on what he did afterwards the guy is psychotic and should be put away.
But there is a chance, particularly given how little information we have, that the first encounter was innocent in intent, and ended up blown out of proportion. There is, of course, an equal chance that it was just as bad as it looked.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
oh, if we're adding more mods, how about a "-1 typing while intoxicated"? :)
"This message was brought to you by Sarcasm and Troll Feeders United (or STFU, for you un-hip people)."
Boy I believe this. My signal gets knocked down to below 50% just by moving downstairs and over one room.
On top of that I can hardly watch broadcast TV from towers that are less than 10 miles from my home. I get the station, but the UPS truck driving by causes it to go out.
This guy reminds me a lot of Hans Reiser. Absolutely no remorse, and obsessed with how "fairly" he was being treated and wanting everyone to know how mean his victims were, vs. at least pretending he was sorry and getting out of prison prior to collecting Medicare.
read the summary AGAIN... he did NOT kiss his own son, he kissed the Kostolnik's son...
Yep, but other than that, there was nothing mentioned to support the idea he was a pedophile. The article said he had two kids of his own and despite having his computers raided there was no mention of kiddie porn other than the frame-job pic.
In the current culture of fear, reporting him as a pedophile is tantamount to convicting him. At the very least it substantially raised the risk that child protective services would take his kids away from him, never mind all the other social stigma issues. Lots of parents will go batshit crazy when you threaten their kids like that.
On the other hand, he apparently was a repeat offender. Having done something similar, on a smaller scale, to a neighbor at a previous residence because he was pissed that their physical therapists (often?) blocked his driveway. At least that's what the article I read said, it may have over-simplified for purposes of sensationalism since it didn't sound like he had actually been convicted of anything before.
When information is power, privacy is freedom.
Sorry but you misunderstand this concept about wireless. It send it out its port "aerial" which is then broadcast to "all" clients. So both machines can see this. The clients on the lan can only see a single mac for all nodes on an access point. Which is the mac of an access point connected to the wan. This is how a bridge works. The same attack works on a hub. But nothing in this situation is actually being "switched" while you are spoofing the mac ....
That wouldn't be a problem on wireless like it is on wire...on the wire, the switch switches packets based on MAC addresses, so it would not be able to reliably switch traffic to the correct host. Wireless just shoots the traffic out more like a hub...the wireless card picks it up, seeing that it is destined for its MAC address, then the network stack discards it seeing that it doesn't match the interface's IP address. While this might cause a slight performance issue, I doubt it would be noticeable.
RTFA is Known to the State of California to cause cancer.
I'm not that paranoid. I just give them the passphrase. I rotate it every 6 months or so so to prevent it being guessed by an outsider, but I don't assume that everybody who comes to my house is trying to steal mah wirelsses.
I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
Do any wireless routers have the option to set a more permanent passphrase for longtime use, and also provide a short term temporary password for guests? That would be ideal.
"But this one goes to 11!"
If it is at night, they probably wouldn't even notice
So the MAC filtering would either make the hacking noticeable (interfering with legit users traffic) or force the attacker to wait. That's not much, but it's inconvenient for the attacker and it costs close to nothing to implement. So why not turn it on?
you have to have another computer already on the network handy
That's a fair point, but for some of us not having a computer on the network would be a rather unusual event.
Use openvpn, and lock down access to only those on the vpn network. If you don't mind spending $200, you can get a 3 port netgate loaded with pfsense. Put your wireless AP on the third interface.
http://store.netgate.com/Desktop-Systems-C83.aspx
Actually, people are going to jail for that, and business dealing have halted, and a lot of investigation is still underway.
The Kruger Dunning explains most post on
Newer models of the Apple AirPort Extreme have an option for a guest login, with reduced access, etc.
Cool. But what if I don't want to shell out $180 for a router? Anybody know if this feature exists on cheaper non-Apple routers?
"But this one goes to 11!"
When the Supreme Court upheld sex-offender registration laws it was because of the presumed high recidivism (a presumption which has not stood the test of time, I might add).
If you have someone you KNOW is not likely to commit a new sex-related crime you are cluttering up the list and arguably violating the constitution.
Now, if there were a list for amorally dangerous felons, then this guy might qualify for civil commitment, assuming he still has his "I can do anything I want to anyone I want" attitude in 18 years when his time is up.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I run an open wifi network in addition to my private net (forced through transparent proxy that limits what kinds of sites you can get to, and speed limited to 25kbyte/s)... I named the SSID "I promise you won't get any viruses, wink wink". Strangely, nobody has even attempted to log into it. :)
Most people who "hack" a wifi connection are just looking for a free Internet hookup. Give them access to e-mail and web, maybe IM, but make it too slow and too limited for them to do anything illegal, and they usually won't bother trying to go after your private network unless they have a reason to go after you. So name your private network something that has nothing to do with you, and could not be guessed as yours (open a dictionary to a random page and pick the longest word on the page), and you're pretty much safe. Still use WPA2, but you don't need a stupidly long passkey to protect it, just one that's long enough to make it not worth hacking (which is why you provide an open network for them to go after instead).
In other words, get your network security through social engineering. If you're going at it from a lock-everything-down perspective you'll be stuck in an endless cycle of upgrades, and you will ultimately lose. You still need to keep your tech current, but the need is nowhere near as pressing when you take a few steps to make your network unattractive to a potential hacker.
Most homes share a transformer with a few of their neighbors. There are 46 homes on my street, but only 4 transformers (if I'm interpreting the aerial photo in Google Maps correctly). Odds are fairly good that you and your next-door neighbors are on the same transformer.
20 January 2017: the End of an Error.
"WPA2 (much harder and slower...)"
Unlike data being measured in Libraries of Congress, WPA2-PSK cracking is measured in universe ages. I would definitely say "slower"
I hate to break it to you, but you misunderstand the difference between layer 2 vs. 3, bridging vs. routing and how ARP works.
In your scenario where LAN clients only see the MAC of the Access Point, the AP is acting a a Router (Layer 3). A bridge works at layer 2, all MACs are passed unchanged. A bridge is nothing more than a two port switch (or hub, depending on how/if it manages unicast/broadcast/multicast). This has nothing to do with the nature of wireless.
Even if the AP is acting as a router as most home APs do, having identical MAC addresses on the wirless side will still mess with ARP and cause all kinds of weird connectivity issues. Even in the best case where you've spoofed your target's MAC address *and* IP address, there will be no way to differentiate which packets from each machine go where. In an unswitched network, you'll get massive collision errors and TCP will be quite upset with incomplete conversations flying around and in a switched environment, the switch's MAC table will be FUBARed.
~Any apparent grammatical or typographic errors are caused by defects in your display device.
Dont need lead based paint. go and buy " magnetic paint" it has a TON of iron in it so that magents will stick to kids walls. well 3 coats of this and painting in a copper strip to ground = a significant attenuation of RF. so much that a cellphone will NOT work in my daughters room.
Do not look at laser with remaining good eye.
Also neighbors with unsecured WiFi acting as lightning rods would help.
Justice is the sheep getting arrested while an impartial judge declares the vote void.
I'm starting to think that a home auth server for wireless connections is a must. Hmm...I have been looking for a reason to learn Diameter. :)
In California you may execute a citizen's arrest if you witness a misdemeanor or have reason to believe someone has committed a felony. Don't fuck up, though. Cops don't like competition.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
It doesn't hurt to turn it on. Think of it as closing the screen door to keep the insects out. I think the reason why people say "leave it off" is because there some out there that would put MAC filtering in place and think they are completely secure. So they so to leave it off to avoid confusion.
Except if the gateway PC only lets through traffic comming via the VPN, which it probably would be setup to do.
Don't call the police and accuse people of being pedophiles unless they actually are pedophiles !
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
If it's so slow, why would you change they keys daily? If your key has sufficient entropy, you are set for years.
Because apparently, judging from the responses I've seen, there are some people on here who are unbelievably paranoid.
Actually, you might not but someone who is on the list for a crime committed before the SO registry came into being might.
The Supreme Court upheld ex-post-facto sex-offender registry on the grounds that it was protective, not punitive.
Anyone who can demonstrate that his placement on the SO list is both ex-post-facto and not protective has a good case.
It's largely moot as most people who have only "old" crimes were able to take advantage of ways to get off the list that used to be in place before the Adam Walsh act, or their crimes did not require lifetime registration and the registration has since expired.
However, a guy who is just now getting out of prison on a 15+ year rape conviction AND who is demonstrably not a risk to anyone (e.g. physically incapacitated or many years of proven pro-social attitude) has a good shot at a court-ordered removal from the list once his parole is up.
As for those who committed their crimes after the law was changed: For them, the registration can be considered "part of their punishment" from a constitutional perspective, making their current danger-level irrelevant.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Yes, but they're often in another room or turned off or whatever.
It takes less time for a cracker to fake their way past than it takes to add a legitimate user to the network.
That is not a reasonable security measure.
If corporations are people, aren't stockholders guilty of slavery?
If he's like me, then because his older devices don't support it.
~S
I refuse to run an open wifi network. I prefer to encourage the use of proper encryption.
If you want to run a publicly available wifi network, just use WPA2-PSK and put the short key in the SSID. For example, an SSID of "free_wifi_password_is_SECRET2".
Unlike WEP, which uses the PSK for everything, WPA just uses it for associating. Connection keys are generated and rotated frequently during actual data transmission.
Learning HOW to think is more important than learning WHAT to think.
He wasn't kissing his kid he was kissing the neighbors kid (on the lips) on the very first day they moved in... come on, nobody can think that is OK!
Encryption: I may not agree with what you say, but I will defend your right to encrypt it...
It seems that, according to the justice system, the errant hacker would have been better to have acted on his revenge anger immediately,
rushing over and killing the accusing father in a pique of rage.
Then he would have received 10 years for manslaughter instead of 18 years for various cybercrime offenses.
Where are we going and why are we in a handbasket?
When you kiss your child are you sexually exploiting them?
The missus here over-reacted quite a bit by saying "We've moved next to a paedophile".
Granted, the neighbor over-reacted hugely.
But this isn't paedophilia. Because not everyone who kisses a child means to have sex with them.
Maybe some places there are different definitions of "acceptable," but I imagine anywhere in the US that a social difference between a stranger kissing kissing a child on the lips is crossing the line. If it was the fore-head or the hand or something I "guess" you could argue some sort of culture clash... on the lips is pushingit. Either the parents saw it in which case the guy's in trouble, or the kid makes an off-hand comment about it in which case the parents wonder what ELSE was going on.
But even if you're on the fence about the kiss for culture reasons or whatever, combining the kiss and the photos starts putting you on the sex offender radar. Maybe you're not a flat-out pedo, but you've crossed a line. Meanwhile, the crazy s**t this guy was doing was beyond the pale so they probably wanted to throw whatever charge they could at him.
I will admit, I think in some places the sex offender registry is a bit over-used. Technically some places can ding you for public urination or something, and then you're pretty much a pariah for life.
Psychic damage... lol.
Maybe he used some sort of telepathy. Hacked their brains and their router.
You'd think that attorneys representing the government would know the difference between psychic and psychological.
bah , just wrap your house in aluminum
Where do you live?
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
He's obviously passive-aggressive and has serious problems but the mom was out of line to make the critical "pedophile" allegation to police based upon the single isolated incident. She inadvertently set in motion what Steven Pinker calls a "doomsday machine" mechanism in the brain of the accused, whereupon he tossed caution to the winds and became hell-bent upon destroying his neighbors.
This "amok" behavior is a common behavior found in all societies where a man feels he has lost status, has no power and seeks revenge for his mistreatment.
I think the mother got what she deserved and the convicted got worse than he deserved. But neither party is innocent here.
Doesn't seem anybody's posted anything useful, so here goes... 1. Hide your SSID (this in itself requires crazy measures to get around, far beyond a script kiddie) --makes your network not user friendly 2. Use WPA2 encryption, don't have it? Time to upgrade --the difference is night and day in cracking speeds, but now with gpu cracking... 3. as stated filter MAC --really not user friendly, I don't use this 4. Disable legacy frequencies (B/G networks) --never know, good practice at the least. That's all I can think of for now, the above just about everyone can do, there's things like setting up Snort that are harder or a fake AP. Easiest simplest advice I can give though is watch the network light on your router, is it going too much when your not online? Turn off ALL your wireless / wired devices, is it still firing like mad? That's not you using it then, simple. Call a tech savvy friend before the cops.
Note that while I think that the court documents of the prosecution read like a really badly written TV soap, I am in no way supporting this "hacker" (not a term I would even think of attributing to him).
In the court document (second link in this post), there is crap like:
Details of the Offense
A. Ardolf Kisses the Kostolniks’ Four-Year-Old Son Shortly
after the Kostolniks Move to the Neighborhood
Matt and Bethany Kostolnik moved into their dream home in
August 2008. Located on a cul-de-sac in Blaine, the home provided
room for their growing family; they had two children under five
years old, and were expecting another child soon. On August 2,
2008, one day after moving into their new home, the dream became a
nightmare. The Kostolniks’ four-year-old son, W.K., wandered into
a neighbor’s yard to climb on an inviting play-set. A pregnant
Bethany saw W.K. in the neighbor’s yard and, while standing in the
driveway of her home, called for him to come back while
simultaneously trying to keep her 18-month-old son, J.K., from
walking out the open doorway of their home. Finally, Bethany
chased after W.K.
.
Its not a statement of facts, its a horror story told in the voice of Morgan Freeman at the beginning of a B movie.
Sham(e)
d'oh. redacted
The U.S. Attorney gave Mr. Ardolf a choice. Sell your house and put the proceeds in a trust for your three children or we will use the Civil Forfeiture law to take the house and the proceeds will go to the U.S. Treasury. The goal is to remove him from the neighborhood. It appears that Mr. Ardolf has chosen to forfeit the house and shaft his three children. So sad...
The neighbor kissed the child on the lips, not the parent(s). I don't know that that automatically warrants a police investigation, but it turns out that he was a sick individual, so it was right in this case.
...the future crusty old bastards are already drinking the Kool-Aid.
[...] stupidly long and complex key.
Stupidly long and complex keys are the only keys that aren't stupid.
Thank you, Edward Snowden.
"Arguments from authority are worthless." —Carl Sagan
i don't think anything can crack a nice password with wpa2+aes. not in a reasonable amount of time, anyway. it'd take years!
Wealth is the gift that keeps on giving.
Are you talking about me?
Do not meddle in the affairs of geeks for they are subtle and quick to anger
1. Hide your SSID (this in itself requires crazy measures to get around, far beyond a script kiddie)
Utterly wrong.
Most skiddies will be using Linux (backtrack) with Aircrack-ng. Unknown SSIDs show their MACs up immediately. You don't need the network name to crack WiFi, just the MAC.
Do not meddle in the affairs of geeks for they are subtle and quick to anger
No state allows citizen's arrest for misdemeanors or the "belief" of a felony.
I like how I'm logged in, and you're anonymous. It makes me happy. Peace and love!
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
The problem with this entire answer is it's basically:
Hire an enterprise network admin or become a wifi hobbyist.
Neither is ever going to happen for the vast majority of users.
Opera, Proxomitron-Grypen,GPG 0x0A1C6EE3
1. spoofing an IP will not get you past MAC address filtering
You don't have to spoof your IP address at all. Just spoof the MAC address and let DHCP take care of the IP address.
This, sorry, that is what I originally meant.. thanks for correcting me
Then forget the logging part and just do the SSID and password bits. Those only have to be done on setup and can pretty much be forgotten about. The only other time you'd touch it would be adding a new device to the network, which isn't an everyday occurrence.
Learning HOW to think is more important than learning WHAT to think.
Maybe. My phone supports OpenVPN or IPsec, but I don't know about the PS3 or the Wii... and not having a "guest network" for visitors would be more than a little inhospitable. I've certainly had situations where I had a wireless home network with lighter security and a VPN running over it 24/7 (typically with that VPN's local endpoints being dedicated, work-only, company-owned machines).
If I knew I had the kind of situation discussed in TFA, I'd certainly go the extra mile... but absent that kind of urgency, I don't think that "VPN over wireless == VPN traffic *only*" necessarily follows.
A citizens arrest requires clear evidence of a felony.
That's what I said, reason to believe. If someone reports it to you, and they don't normally lie to you, then that's evidence.
Use of (legal) force during a citizens arrest requires an immediate threat of bodily harm.
That's true. But there are numerous ways to set up a situation to create that threat. Cops do it every day in order to excuse brutality.
You should learn more about citizens arrests.
I already had to learn about them, and read the relevant text, when I became a security officer. That was a long time ago, though. I'm not proud of it or anything, it is only the basis of my interest.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
If you need WiFi, and want security too, stop trying to implement layer 2 security and move on to layer 3. It is much more practical to set up your WiFi network so that it has no route to your network, the Internet, or anything else, and then use VPN software to establish a secure tunnel, which in turns gets you access to these things. IPSec VPN with AES-256 encryption has been around for quite some time, is freely available, and isn't in the news for being cracked on a weekly basis like WiFi was/is.
Toms Hardware had an article a few weeks ago about cracking encryption using GPUs. They concluded that as long as you're using a secure password, AES-256 encryption will keep your data safe well beyond the time you die, even against big multi-GPU clusters purpose built for password cracking. Of course, Moore's law has implications here, but as of *right now*, you would be hard pressed to find a method providing better wireless security.