WEP looked pretty secure when it was just released.
Excuse me, WEP was a known vulnerability even before it was released. WPA and RSN are looking forward to provided a sufficient number of years of protection before future processing power is able to defeat it.
Anyway, there was a fat report claiming that only 22 % of WPAv1-enable devices from different vendors can interoperate.
I hadn't heard, but this was probably before Wi-Fi certification became so commonplace. Anything with a Wi-Fi logo supports WPA and is proven to interoperate with the major chipset manufacturers.
By the way, TKIP-PSK key-from-passphrase generation algorithm is, indeed, flawed...
PSK with weak passwords is theoretically attackable. I don't think there's a script for the kiddies yet, but if you choose a passphrase like "i read about this on slashdot, Wi-Fooers!", then you are not at risk from that attack.
Yes, I would choose to distribute the user certs for TLS. There are many managment tools for this. The problem with PEAP is that the CA cert is widely distributed, if not actually public, which could allow someone to attack weak passwords.
I glad you got something out of the book. I do think they present it as a practical guide, but then are too vague in spots, and even resort to hand waving at the higher end. Take their advice on acquiring a WLAN card with the Prism chipset. Many of the manufacturers they mention don't sell Prism based cards anymore. Just another example of how you have to figure it out yourself anyway (as with most of the software). So, who needs the book?
It seems to me that you have not read through the book, just glanced through the free chapter and the table of contents, if you derive to such conclusions.
Imagine, basing my comments on the actual contents of the book. You have nothing to complain about here, I think. From what I've seen, I'm not going to waste my $35 for the whole book.
Pretty much every topic you can think of is covered on the Internet, so what?!
Usually a book presents more and better organization than what is found on amatuer websites. We disagree on whether this book is worth charging for.
How many APs have been sold in the world, that do not support WPA? How many people who have such APs would buy a new one...
We are presuming people who care about security, right? $60 for a WPA enabled G access point is cheap. If we're talking about really old stuff, they'll want to upgrade from 802.11b anyway.
Suggesting a RADIUS server is OK for corporate users willing to spend a $$$ on protecting the wireless infrastructure, but for for a home use of one AP and one client...
I didn't say 1 AP and 1 client. For someone with a home network who is already running RADIUS, TLS is not a big overhead. Surely, someone with Wi-Foo like yourself would have no problem setting up Free RADIUS and Open CA.
I hope I've been able to answer some of your questions, but if your position continues to be that I'm on drugs and you're not, then you should just ask yourself, what is the best wireless security that you been able to defeat with your Wi-Foo? Oh, is that all? What does THAT tell you, Grasshopper?
You should expect, with a name like Wi-Foo, that the author will try to mystify a rather simple topic. There's nothing here that isn't covered better on the Internet. The state of wireless hacking is sniffing obscured but open networks, compromising WEP, and compromising LEAP.
Wireless Protected Access (WPA) with TKIP or AES is all you need to stop the author and any of his readers. Someone mentioned WPA-PSK - end of drama. [No weak passphrase, of course] If you have a RADIUS server running anyway, or need to serve a large pool of users, try WPA EAP-TLS. The real security issues faced by corporate wireless network administrators, such as rogue access points and other AP management issues, are better dealt with by books for security administrators, not wanna-be hackers.
The free chapter is filled vague, yet dismissive descriptions of non-existent PSK and TKIP attacks. In fact, the reader would have to surpass the author to learn how to really implement a man-in-the-middle attack, based on those "buy this hardware and use this software" descriptions. Use it how?! The obligatory reprint of the published WEP exploitation theory did not include any additional practical code. The rest, it seems, is left as an exercise for the reader, as it is everywhere else. How did this get such a fawning review?
Slashdot Mirror
WEP looked pretty secure when it was just released.
Excuse me, WEP was a known vulnerability even before it was released. WPA and RSN are looking forward to provided a sufficient number of years of protection before future processing power is able to defeat it.
Anyway, there was a fat report claiming that only 22 % of WPAv1-enable devices from different vendors can interoperate.
I hadn't heard, but this was probably before Wi-Fi certification became so commonplace. Anything with a Wi-Fi logo supports WPA and is proven to interoperate with the major chipset manufacturers.
By the way, TKIP-PSK key-from-passphrase generation algorithm is, indeed, flawed...
PSK with weak passwords is theoretically attackable. I don't think there's a script for the kiddies yet, but if you choose a passphrase like "i read about this on slashdot, Wi-Fooers!", then you are not at risk from that attack.
Yes, I would choose to distribute the user certs for TLS. There are many managment tools for this. The problem with PEAP is that the CA cert is widely distributed, if not actually public, which could allow someone to attack weak passwords.
I glad you got something out of the book. I do think they present it as a practical guide, but then are too vague in spots, and even resort to hand waving at the higher end. Take their advice on acquiring a WLAN card with the Prism chipset. Many of the manufacturers they mention don't sell Prism based cards anymore. Just another example of how you have to figure it out yourself anyway (as with most of the software). So, who needs the book?
It seems to me that you have not read through the book, just glanced through the free chapter and the table of contents, if you derive to such conclusions.
Imagine, basing my comments on the actual contents of the book. You have nothing to complain about here, I think. From what I've seen, I'm not going to waste my $35 for the whole book.
Pretty much every topic you can think of is covered on the Internet, so what?!
Usually a book presents more and better organization than what is found on amatuer websites. We disagree on whether this book is worth charging for.
How many APs have been sold in the world, that do not support WPA? How many people who have such APs would buy a new one...
We are presuming people who care about security, right? $60 for a WPA enabled G access point is cheap. If we're talking about really old stuff, they'll want to upgrade from 802.11b anyway.
Suggesting a RADIUS server is OK for corporate users willing to spend a $$$ on protecting the wireless infrastructure, but for for a home use of one AP and one client...
I didn't say 1 AP and 1 client. For someone with a home network who is already running RADIUS, TLS is not a big overhead. Surely, someone with Wi-Foo like yourself would have no problem setting up Free RADIUS and Open CA.
I hope I've been able to answer some of your questions, but if your position continues to be that I'm on drugs and you're not, then you should just ask yourself, what is the best wireless security that you been able to defeat with your Wi-Foo? Oh, is that all? What does THAT tell you, Grasshopper?
You should expect, with a name like Wi-Foo, that the author will try to mystify a rather simple topic. There's nothing here that isn't covered better on the Internet. The state of wireless hacking is sniffing obscured but open networks, compromising WEP, and compromising LEAP.
Wireless Protected Access (WPA) with TKIP or AES is all you need to stop the author and any of his readers. Someone mentioned WPA-PSK - end of drama. [No weak passphrase, of course] If you have a RADIUS server running anyway, or need to serve a large pool of users, try WPA EAP-TLS. The real security issues faced by corporate wireless network administrators, such as rogue access points and other AP management issues, are better dealt with by books for security administrators, not wanna-be hackers.
The free chapter is filled vague, yet dismissive descriptions of non-existent PSK and TKIP attacks. In fact, the reader would have to surpass the author to learn how to really implement a man-in-the-middle attack, based on those "buy this hardware and use this software" descriptions. Use it how?! The obligatory reprint of the published WEP exploitation theory did not include any additional practical code. The rest, it seems, is left as an exercise for the reader, as it is everywhere else. How did this get such a fawning review?