I've got it on two servers, had it on three but had to back down to 2.4 for one.
It's running a Qmail/Courier IMAP server w/ webmail interface. And it's running a rather busy nfs/samba server.
I had it running on a second NFS/Samba server that was using LVM2 (only difference that I can tell). With the 2.6 kernel I got kernel panics 2-3 times a week. So I went down to the 2.4 kernel and it hasn't crashed since.
When I got married my video game playing died down quite a bit and I missed it. Then we had two kids and my video game time went to nothing, but I don't care. Instead of playing with my friends in UT, I play legos with my kids, or play tickle-monster, and other fun games.
Now I look forward to when they're old enough to school me in the latest FPS. Then I expect video games to start sneaking their way back in to my life. Some of my earliest memories of video games are playing with my Dad... and how he was the best gamer in the world, no one could beat him.
I can't wait to introduce them to the games I grew up with. I hope they enjoy playing them with me as much as I enjoyed playing them with my Dad.
As a small business, i use a Linksys wireless router. Cisco now owns Linksys. Can anyone alleviate my "phears" and tell me that this vulnerability is more for the hardware found in big companies like Bell Canada, and not my WEP 64 wireless? I'd really appreciate a summary of what all the fuss is about and how it affects people who don't run mega corps. Thanks.
The vulnerability is if you use 802.1X authentication with the LEAP protocol.
The Access Point doesn't have a security flaw in it, the LEAP protocol does. If you have a Radius server that is configured to do LEAP and you have a wireless supplicant that supports LEAP and a wireless card that works with that supplicant, then you can do LEAP.
It used to only be the Cisco cards that could do LEAP, but I've noticed that changing lately.
But, you have a 64 bit WEP network, probably not doing 802.1x. I'd worry about that. And the thing is, that's worse than having a network secured with the security flawed LEAP protocol. You have no authentication and probably no key rotation going on. WEP is known to be horribly flawed. With LEAP you at least has authentication (although proven to be crackable by an offline dictionary attack) and WEP key rotation.
At least try and upgrade to WPA-PSK, with TKIP or AES. WPA w/Radius and TKIP or AES is preferred though. Some people say to use VPN's instead. I don't like that idea much... but that's just me, it seems to work great for some people.
But if thats not the case with your implementation, then I agree that VPN alone is not a solution for HotSpots and the like.
You're probably right. My VPN connection isn't the proper VPN for properly securing wireless connections.
But my point still stands, VPN isn't a solution for everyone. Not everyone has access to one or knows how to set one up properly. Same can go for Wireless security though... Setting up a Radius server and an Access Point to use it isn't a task my Mom can do. And I think that's the true test... When new wireless security protocols are out that are as good, if not better, than a VPN connection AND my Mom can do it, then it's been done right.
Anyway, I'm perfectly aware of how to secure my POP3/IMAP/Sendmail traffic. That doesn't mean my Mom is. There are more people like my Mom out there at Starbucks checking their email than there are like me.
Most wireless access that I do and my co-workers do is outside the office. Maybe at a Starbucks, at a hotel, or even at home on my couch.
The VPN could secure my data going to my office, but what about the data going elsewhere? What about my POP3 password for my personal email account that I just transmitted through the air?
A lot of "road warriors" put way too much trust in to their VPN and connect to insecure wireless networks and do very stupid things. A co-worker of mine was confused when he got an email from someone else at his hotel that had his password to his personal pop3 account in it. He asked me "But the VPN was on, how did they get my password?"
And personally, I hate the VPN at my office. It's buggy and it's extremely slow. I'd hate to be forced through it if I wanted to go wireless while I was actually sitting inside my office.
If VPN was the answer, new standards wouldn't be coming out... but VPN just doesn't cut it for the majority of wireless users.
Slashdot Mirror
I've got it on two servers, had it on three but had to back down to 2.4 for one.
It's running a Qmail/Courier IMAP server w/ webmail interface. And it's running a rather busy nfs/samba server.
I had it running on a second NFS/Samba server that was using LVM2 (only difference that I can tell). With the 2.6 kernel I got kernel panics 2-3 times a week. So I went down to the 2.4 kernel and it hasn't crashed since.
Windows gives me almost no options
Gentoo Linux lets me customize anything I have the time to customize.
When I got married my video game playing died down quite a bit and I missed it. Then we had two kids and my video game time went to nothing, but I don't care. Instead of playing with my friends in UT, I play legos with my kids, or play tickle-monster, and other fun games.
Now I look forward to when they're old enough to school me in the latest FPS. Then I expect video games to start sneaking their way back in to my life. Some of my earliest memories of video games are playing with my Dad... and how he was the best gamer in the world, no one could beat him.
I can't wait to introduce them to the games I grew up with. I hope they enjoy playing them with me as much as I enjoyed playing them with my Dad.
Yeek... let's try that again:
Response
*yay for not using preview!*
http://marc.theaimsgroup.com/?l=linux-kernel&m=108 308534628965&w=2
As a small business, i use a Linksys wireless router. Cisco now owns Linksys. Can anyone alleviate my "phears" and tell me that this vulnerability is more for the hardware found in big companies like Bell Canada, and not my WEP 64 wireless? I'd really appreciate a summary of what all the fuss is about and how it affects people who don't run mega corps. Thanks.
The vulnerability is if you use 802.1X authentication with the LEAP protocol.
The Access Point doesn't have a security flaw in it, the LEAP protocol does. If you have a Radius server that is configured to do LEAP and you have a wireless supplicant that supports LEAP and a wireless card that works with that supplicant, then you can do LEAP.
It used to only be the Cisco cards that could do LEAP, but I've noticed that changing lately.
But, you have a 64 bit WEP network, probably not doing 802.1x. I'd worry about that. And the thing is, that's worse than having a network secured with the security flawed LEAP protocol. You have no authentication and probably no key rotation going on. WEP is known to be horribly flawed. With LEAP you at least has authentication (although proven to be crackable by an offline dictionary attack) and WEP key rotation.
At least try and upgrade to WPA-PSK, with TKIP or AES. WPA w/Radius and TKIP or AES is preferred though. Some people say to use VPN's instead. I don't like that idea much... but that's just me, it seems to work great for some people.
But if thats not the case with your implementation, then I agree that VPN alone is not a solution for HotSpots and the like.
You're probably right. My VPN connection isn't the proper VPN for properly securing wireless connections.
But my point still stands, VPN isn't a solution for everyone. Not everyone has access to one or knows how to set one up properly. Same can go for Wireless security though... Setting up a Radius server and an Access Point to use it isn't a task my Mom can do. And I think that's the true test... When new wireless security protocols are out that are as good, if not better, than a VPN connection AND my Mom can do it, then it's been done right.
That was just an example.
Anyway, I'm perfectly aware of how to secure my POP3/IMAP/Sendmail traffic. That doesn't mean my Mom is. There are more people like my Mom out there at Starbucks checking their email than there are like me.
Most wireless access that I do and my co-workers do is outside the office. Maybe at a Starbucks, at a hotel, or even at home on my couch. The VPN could secure my data going to my office, but what about the data going elsewhere? What about my POP3 password for my personal email account that I just transmitted through the air? A lot of "road warriors" put way too much trust in to their VPN and connect to insecure wireless networks and do very stupid things. A co-worker of mine was confused when he got an email from someone else at his hotel that had his password to his personal pop3 account in it. He asked me "But the VPN was on, how did they get my password?" And personally, I hate the VPN at my office. It's buggy and it's extremely slow. I'd hate to be forced through it if I wanted to go wireless while I was actually sitting inside my office. If VPN was the answer, new standards wouldn't be coming out... but VPN just doesn't cut it for the majority of wireless users.