funny how this didn't make it into the main article:
We've been trying to warn vendors about 3.3 and the need for privsep, but they really have not heeded our call for assistance. They have basically ignored us. Some, like Alan Cox, even went further stating that privsep was not being worked on because "Nobody provided any info which proves the problem, and many people dont trust you theo" and suggested I "might be feeding everyone a trojan" (I think I'll publish that letter -- it is just so funny). HP's representative was downright rude, but that is OK because Compaq is retiring him. Except for Solar Designer, I think none of them has helped the OpenSSH portable developers make privsep work better on their systems. Apparently Solar Designer is the only person who understands the need for this stuff.
1) 2.4GHz has lots of interference from other consumer products. You couldn't take a phone call on your WiFi phone if someone in your house was using a cordless 2.4GHz phone (or using the microwave).
2) WiFi cards are very power hungry. The battery life would be horribly short.
3) VOIP is very sensitive to latency.
4) Peer-to-Peer calls with 802.11b... what? WEP would have to be disabled, with no server to manage the ip addresses, who would know what phone is where? It's a logistical nightmare. You would have to walk over to the person and ask them for this information. Kind of defeats the purpose now doesn't it?
I currently use an OpenBSD machine with an orinoco silver card and an antennae to act as a wireless gateway. I've found that Orinoco's have the best range (probably since they're 5v, and most prism-based cards are 3.3v)
Security is two factor. First, all non-IPSec traffic is dropped immediately by the firewall (pf). The OpenBSD server is running isakmpd with a shared key. The client software is SSH Sentinel since it appears to be the best Windows software available that interacts properly with OpenSBD's implementation. (I've found that PGPnet doesn't work under Windows XP, and it sounds like it might be illegal to distribute PGPnet soon) Secondly, users must authenticate via authpf to have their traffic passed (NAT'd) to the world.
If you want to implement this wireless system, then please do it right, or else you'll be joining the scores of misconfigured, insecure wireless networks that exist.
djbdns is an open source replacement. you get a cash award for finding vulnerabilities in it.
the only reason i can see for suing a software company is if there is a glaring security problem and they act slow to fix it, or deny that it is a problem. microsoft used to do both of these, but have since gotten much better.
it really is funny though when microsoft servers get defaced/hacked. it seems that they too can lack the competence to patch (their own) servers.
Slashdot Mirror
a buffer overflow exploit has been discovered for Microsoft's PPTP implementation, which leaves Microsoft VPN solutions vulnerable to exploit.
An exploit is vulnerable to an exploit?
Miscapitalize :)
And it really annoys me when people say "misspell" when they should be saying "incorrectly capatlize".
You mean Harper College is actually somewhat known for something outside of the NW suburbs of Chicago?
:)
Wow, I might just have to go back and enroll again
uhm. if you enable privsep, and there's another remote exploitable bug, then you'll be fine.
privsep is kind of a "permanent solution"
funny how this didn't make it into the main article:
We've been trying to warn vendors about 3.3 and the need for privsep,
but they really have not heeded our call for assistance. They have
basically ignored us. Some, like Alan Cox, even went further stating
that privsep was not being worked on because "Nobody provided any info
which proves the problem, and many people dont trust you theo" and
suggested I "might be feeding everyone a trojan" (I think I'll publish
that letter -- it is just so funny). HP's representative was
downright rude, but that is OK because Compaq is retiring him. Except
for Solar Designer, I think none of them has helped the OpenSSH
portable developers make privsep work better on their systems.
Apparently Solar Designer is the only person who understands the need
for this stuff.
Or just buy the fucking CD's instead and support the one man Linux distribution.
1) 2.4GHz has lots of interference from other consumer products. You couldn't take a phone call on your WiFi phone if someone in your house was using a cordless 2.4GHz phone (or using the microwave).
2) WiFi cards are very power hungry. The battery life would be horribly short.
3) VOIP is very sensitive to latency.
4) Peer-to-Peer calls with 802.11b... what? WEP would have to be disabled, with no server to manage the ip addresses, who would know what phone is where? It's a logistical nightmare. You would have to walk over to the person and ask them for this information. Kind of defeats the purpose now doesn't it?
This is definitely the right track.
I currently use an OpenBSD machine with an orinoco silver card and an antennae to act as a wireless gateway. I've found that Orinoco's have the best range (probably since they're 5v, and most prism-based cards are 3.3v)
Security is two factor. First, all non-IPSec traffic is dropped immediately by the firewall (pf). The OpenBSD server is running isakmpd with a shared key. The client software is SSH Sentinel since it appears to be the best Windows software available that interacts properly with OpenSBD's implementation. (I've found that PGPnet doesn't work under Windows XP, and it sounds like it might be illegal to distribute PGPnet soon) Secondly, users must authenticate via authpf to have their traffic passed (NAT'd) to the world.
If you want to implement this wireless system, then please do it right, or else you'll be joining the scores of misconfigured, insecure wireless networks that exist.
It says *INTEL* switched from another UNIX, not amazon.
Bang up job.
djbdns is an open source replacement. you get a cash award for finding vulnerabilities in it. the only reason i can see for suing a software company is if there is a glaring security problem and they act slow to fix it, or deny that it is a problem. microsoft used to do both of these, but have since gotten much better. it really is funny though when microsoft servers get defaced/hacked. it seems that they too can lack the competence to patch (their own) servers.