What many people don't realize is that these programs require the harvest of between 2000 and 10000 'weak' packets which can take as little as 20 hours and as long as a week of constant monitoring to collect. If you don't believe me, go read the FAQ of any WEP cracking program. These programs are only proof of concept models, and lack a practical implementation. I tried KisMAC against my own ap and failed to produce any results.
What? You couldn't get any results from your own AP (with I'm guessing perhaps only 1 or two computers).
Oh that's alright then - panic over.
I suggest you go and do some reading yourself. WEP is NOT secure due to fundamental flaws in the protocol design. For example MAC addresses are not encrypted, nor are beacon frames. Wireless networks CAN and ARE compromised. Just because you cannot get a tool working on your own equipment does not mean that the tool does not work.
That maybe well known, but it doesn't make it true. Breaking WEP requires a certain number of weak keys to be snooped. These weak keys are rare. I once saw an estimate of how much traffic it would take. I've never sent that much traffic on my WEP connection.
I don't know where to even begin with this one...
You seriously don't know anything about wireless security do you?
From the article: Authentication credentials are
obfuscated, and then sent over the network. If an AirPort is
administered over the Ethernet interface or via an insecure (non WEP)
wireless connection, an attacker that can sniff the network can
obtain administrative access to the AirPort. ... If an AirPort is administered over the Ethernet interface or via an
insecure (non WEP) wireless connection, an anonymous attacker that
can sniff the network can obtain administrative access to the
AirPort. If WEP is enabled, then the attack is limited to WEP
authenticated attackers.
However, I stand by the fact that airport is intended for home use where the exploit isn't much of a risk anyway.
Really? A device designed to support 50 computers simultaneously designed only for home use. You better tell that to all of the business and academic users quick - or are they all using the "other" version of the Airport?
...it's simply NOT going to catch on. The whole industry is driven by standardisation - either everyone gets a PDA (not going to happen) or they will still use cards - it's that simple!
When these governments realize how much they could be raking in if there was a postage-like tax on spam messages, they won't be able to resist creating a broad email tax. Think, for instance, how much money postal services must be making off junk mail.
Why do you think that the problem has not been addressed for so long?
If you ask me the government has been waiting for the problem to reach critical mass. If two years ago someone had suggested that people pay to send email they would have been laughed at. Now people are thinking "hey that might work", and naturally it will get taxed to death meaning even more nice houses & cars for congress.
Has anyone actually tried to interpret the SQL Server license agreement?
In court:
Judge: "So can the court see the software license for this software?"
(shuffling of paper)
"Ah we see from this that you have 10 user licenses for your SQL server."
"Yes your honour"
"...yet your server was connected to the Internet - correct?"
"Correct your honour"
"But according to this license agreement, you must acquire a separate CAL for each Device that... accesses or otherwise utilizes the services of the Server Software (which techically includes every worm infected machine) and seeing as the server was behind a website, that would come under Hardware or software that reduces the number of Devices directly accessing or using the Server Software does not reduce the number of required CALs. The number you need is based on the number of distinct inputs to the hardware or software "front end."...so therefore you would theoretically need a license for anyone who could access your site, which right now is a total of around 619 Million people if it is connected to the Internet.
*thud*
Judge:"...and then we have the Windows 2000 server CAL's..."
If your coworker kept pictures of his wife naked or his life-savings (s/his/her/g, etc) in his deskdrawer you'd bet your life he/she would make sure that drawer was locked down with the best possible securitymeasures every time it he/she leaves...
Ahh yes - this reminds me of my suggestion that naked pictures of web server admins, along with their/. nickname, be stored on the web server to "encourage" an interest in server patch updates and security.
After all, if someone steals your finger, at least they won't know your PIN!
...Well not unless they put a gun to your head and say "give me your PIN".
To tell you the truth where I work they would be better simply asking the staff for their PIN and "would they mind letting them in".
Actually - I just remembered - we do have some doors that need those electro-magnetic induction keys to open.
They are always propped open. The problem is that people can't be bothered with too much security - make it a hassle, and they will use the simplest method of bypassing the system to suit their own lazyness. This is where transparent biometric authentication will clean up - let the door know who you are without bothering you. By this stage though we will be at the same technology level as a guy on the door who knows you and opens it for you.
If you think SS2 is scary, try playing it with the music turned off. It's just you and lots of noises in the background belonging to things trying to kill you. Much more creepy!
Slashdot Mirror
..aquire SCO or something? Something smells fishy about this whole thing.
Everybody knows Mac users have more money than PC users.
All questions demonstrate ignorance. But those who don't ask remain ignorant. And those who critisize asking questions are doubly ignorant.
And people who refuse to believe facts because they do not like them choose to remain ignorant.
Compete with your Windows box? Compete at what?
The fact that you ask that question shows your ignorance.
So could this be used to destroy a nuclear power station?
There is no building within range of my AirPort Base Station, apart from my own house. Some of us have elbow room. :-)
Phew - no buildings near your base station. Looks like all those starbucks using Airport kit are secure after all.
psst. it may be difficult for you to accept, but the world does not revolve around you see...
What many people don't realize is that these programs require the harvest of between 2000 and 10000 'weak' packets which can take as little as 20 hours and as long as a week of constant monitoring to collect. If you don't believe me, go read the FAQ of any WEP cracking program. These programs are only proof of concept models, and lack a practical implementation. I tried KisMAC against my own ap and failed to produce any results.
What? You couldn't get any results from your own AP (with I'm guessing perhaps only 1 or two computers).
Oh that's alright then - panic over.
I suggest you go and do some reading yourself. WEP is NOT secure due to fundamental flaws in the protocol design. For example MAC addresses are not encrypted, nor are beacon frames. Wireless networks CAN and ARE compromised. Just because you cannot get a tool working on your own equipment does not mean that the tool does not work.
Proof of concept my ass.
That maybe well known, but it doesn't make it true. Breaking WEP requires a certain number of weak keys to be snooped. These weak keys are rare. I once saw an estimate of how much traffic it would take. I've never sent that much traffic on my WEP connection.
I don't know where to even begin with this one...
You seriously don't know anything about wireless security do you?
From the article: Authentication credentials are obfuscated, and then sent over the network. If an AirPort is administered over the Ethernet interface or via an insecure (non WEP) wireless connection, an attacker that can sniff the network can obtain administrative access to the AirPort.
...
If an AirPort is administered over the Ethernet interface or via an insecure (non WEP) wireless connection, an anonymous attacker that can sniff the network can obtain administrative access to the AirPort. If WEP is enabled, then the attack is limited to WEP authenticated attackers.
It is well known that WEP can quickly and easily be broken, so really what this is saying is that all Airport base stations that are administered are vulnerable, regardless of whether WEP is used or not
Workaround: Only admin the Airport from a Mac connected directly to the cabled ethernet interface using a crossover cable until this issue is patched.
However, I stand by the fact that airport is intended for home use where the exploit isn't much of a risk anyway.
Really? A device designed to support 50 computers simultaneously designed only for home use. You better tell that to all of the business and academic users quick - or are they all using the "other" version of the Airport?
I think what is needed are solar powered tree mounted wireless bridges.
Oops I'm off to patent that.
Instead of targetting spammers, perhaps action should be taken against the morons who actually buy the crap spammers advertise?
If it were illegal to buy anything that was advertised in an email message, would this cause spammers problems?
I have no idea how it could be enforced but it's just a thought.
w00t!
...it's simply NOT going to catch on. The whole industry is driven by standardisation - either everyone gets a PDA (not going to happen) or they will still use cards - it's that simple!
When these governments realize how much they could be raking in if there was a postage-like tax on spam messages, they won't be able to resist creating a broad email tax. Think, for instance, how much money postal services must be making off junk mail.
Why do you think that the problem has not been addressed for so long?
If you ask me the government has been waiting for the problem to reach critical mass. If two years ago someone had suggested that people pay to send email they would have been laughed at. Now people are thinking "hey that might work", and naturally it will get taxed to death meaning even more nice houses & cars for congress.
Have you ever heard of per processor licensing?
Yes I have, but it only counts if you buy it before hand! (Otherwise companies would simply buy a 10 user license then switch if they get caught)
I got a relay kit from Carl's Electronics which switches 8 relays and works brilliantly. Great fun!
Has anyone actually tried to interpret the SQL Server license agreement?
... accesses or otherwise utilizes the services of the Server Software (which techically includes every worm infected machine) and seeing as the server was behind a website, that would come under Hardware or software that reduces the number of Devices directly accessing or using the Server Software does not reduce the number of required CALs. The number you need is based on the number of distinct inputs to the hardware or software "front end." ...so therefore you would theoretically need a license for anyone who could access your site, which right now is a total of around 619 Million people if it is connected to the Internet.
In court:
Judge: "So can the court see the software license for this software?"
(shuffling of paper)
"Ah we see from this that you have 10 user licenses for your SQL server."
"Yes your honour"
"...yet your server was connected to the Internet - correct?"
"Correct your honour"
"But according to this license agreement, you must acquire a separate CAL for each Device that
*thud*
Judge:"...and then we have the Windows 2000 server CAL's..."
Now try Google
Right now, never. Seriously - not even considering it.
Realistically speaking, I'd say 5 - 10 years, right after I get my flying car.
If your coworker kept pictures of his wife naked or his life-savings (s/his/her/g, etc) in his deskdrawer you'd bet your life he/she would make sure that drawer was locked down with the best possible securitymeasures every time it he/she leaves...
/. nickname, be stored on the web server to "encourage" an interest in server patch updates and security.
Ahh yes - this reminds me of my suggestion that naked pictures of web server admins, along with their
After all, if someone steals your finger, at least they won't know your PIN!
...Well not unless they put a gun to your head and say "give me your PIN".
To tell you the truth where I work they would be better simply asking the staff for their PIN and "would they mind letting them in".
Actually - I just remembered - we do have some doors that need those electro-magnetic induction keys to open.
They are always propped open. The problem is that people can't be bothered with too much security - make it a hassle, and they will use the simplest method of bypassing the system to suit their own lazyness. This is where transparent biometric authentication will clean up - let the door know who you are without bothering you. By this stage though we will be at the same technology level as a guy on the door who knows you and opens it for you.
You know I think I'm gonna have to dig it out and play it again now!
For me, I'd have to go with System Shock 2
If you think SS2 is scary, try playing it with the music turned off. It's just you and lots of noises in the background belonging to things trying to kill you. Much more creepy!
Anyone know where they are buried? I'd like to go dance on their graves.