I have taken a bunch of different courses on Coursera. I didn't realize they were tracking completion rates - I just watch the videos, in order to learn something. I don't really care about the certificate, because it's worthless to me, so I'm not particularly strict about taking the quizzes or completing any of the graded work. The knowledge - that's worth a lot to me. I guess I don't know what their goals were in the first place, but I hardly consider them a failure. I have learned a lot of interesting things - and sure the information is already out there for free, but I sure appreciate having an instructor (in some cases, pretty famous professors) guiding me on what to go and learn.
Of course, maybe they have a savvy business plan to "monetize the content". If that's the case, then yeah I suppose it's a failure so far.
Dual_EC_DRBG is *not* mandatory under FIPS 140-2. As of today (January 1), some of the older RNGs are no longer permitted for new FIPS validations, effectively leaving you with only SP800-90A (DRBG). However, there are four different DRBGs contained within 800-90A. Nothing says you need to implement all four of them. One is good enough. Out of the four, only one of them (Dual_EC) is considered suspect.
I didn't know those were the rules. Are they well-known and well-understood? I've been out in fields in the middle of nowhere with two different people who were flying drones well above 400ft - nobody made any mention of a 400ft limit. I'm just curious.
Nothing stops these UAVs from flying in the same airspace as planes carrying people - all it takes is a little software malfunction. They are small and hard to see, aren't in radio contact with air traffic controllers, and don't show up on radar. There's a reason the government is concerned about them, and I suspect it's not about supressing truth.
Does the author actually know anything about cryptography? When the slides make reference to 128-bit and 256-bit, they are talking about *strength*, not number of bits. A 512-bit hash produces something with 256 bits of strength. In addition, let's keep in mind that the NSA has zero interest in making crypto weaker. Their interest (speaking of the SIGINT people, not the IAD people) would be in backdoors that allow them, and only them, to decrypt something while nobody else can. Nothing to see here, move along.
"Got a meeting with colleagues on the other side of the world? 4 a.m. means 4 a.m. for everyone."
Yeah, and I have no idea if anyone will be awake at 4 a.m. in that part of the world when I'm scheduling the meeting unless I consult my handy "sleeping hours around the world" chart. Or we can keep things the way they are now, where I know that 4 a.m. in India is a bad time to schedule a meeting.
Apparently the mentality at Cisco now is that if they paint a box green and write Cisco on it, people will buy it.
As a longtime Cisco competitor, I can tell you that that is their mentality, and they are right. There are a huge number of IT departments that buy Cisco just because it says Cisco, and refuse to consider anything else. Whether it's for purchasing convenience, politics, job protection, or just reasons of laziness, there are people who just buy what their Cisco rep wants them to buy. If you manage to actually get into a bakeoff test at these places, network engineers will actively try to sabotage the non-Cisco gear in an attempt to get it to fail, and thus provide justification for spending 50% more on the Cisco gear because "it's the only product that meets our stringent requirements." It is a sad thing to watch, but a fact of life if you compete against Cisco. The trick is recognizing those places early in the sales process and adjusting your efforts accordingly so you don't waste too much time.
The difference between open source and closed source software: Here's a security flaw, and on Slashdot some guy can analyze what happened and why. If this were Windows with the same problem, Slashdot would be alive with "Go figure, another security flaw in M$, when are they going to learn to write secure software?"
Moral of the story: If you are going to have security vulnerabilities, make sure Slashdot readers can analyze the source code!
Huh? First, I think you mean "WPA" and not "WAP". Second, 802.11a, b, and g specify how data is encoded over the air. They have nothing to do with security. Don't want WEP? Don't turn it on. There are plenty of people running WPA/WPA2 over 802.11b. I think someone gave you some bad information,
The carriers, AT&T in particular, have this view of the world. It's not wireless LAN they are talking about (that's still a LAN after all), it's public cellular data type services. The way AT&T views the future, a company will outsource its entire LAN to the carrier, who will service everyone with cell towers and microcells. Each device will be assigned to a "LAN" that belongs to the company - it's basically a big nationwide VLAN per customer. It is kind of an interesting idea - you can roam all over the country and your laptop/phone/etc. stays connected to your corporate network everywhere you go. No more VPN, no more wireless hotspots. Security would be handled by the network. The network admin's job inside a company would be to manage the outsourced service.
Personally, I have some issues with how we can get public networks up to the required level of performance, but hey, I'm not a physicist.
802.11n uses MIMO (multiple-in multiple-out) as well as some other techniques to achieve faster speed. It operates in 2.4GHz and 5GHz, though 2.4GHz is not really recommended because of legacy congestion and the fact that with 40MHz channel spacing (802.11a/b/g used 20MHz) you effectively have only a single non-overlapping channel in 2.4GHz. Life will be good in 5GHz.
The main idea of MIMO is using reflection and multipath to your advantage. If you know the signal is going to bounce around, why not transmit multiple streams from multiple radios and multiple antennas? If you get lucky (and 802.11n has some techniques to try to guarantee that luck) you can end up getting much higher throughput by sending a different bitstream from each antenna. One thing to keep in mind - you only get this indoors and in areas with multipath. If you have line of sight between you and the transmitter, and not much for signals to bounce off of, you're really not going to get the huge performance boost. There are, in fact, over 300 different rate adaptation algorithms in 802.11n so there's a wide variety of different speeds you might get, depending on conditions.
(Vast oversimplification, but there's lots of reading material out there if you want more..)
the existing network was 802.11a
I think you mean "802.11", not "802.11a". 802.11a is still in widespread use, and in fact lots of
people are moving TO it, not away from it. 802.11a is 54Mbps on the 5GHz radio band. 802.11 was
either 1Mbps or 2Mbps depending on flavor.
How much has Meru been paying people to say this stuff publicly? My usual conversation with network admins who have deployed Meru goes something like this:
Them: I love Meru Me: So it's working really well? Them: Well, no, we have a lot of problems. Me: So... Them: Yeah, but I really love Meru. Highly recommend it.
I see this stuff on the Educause mailing lists all the time. It confuses me.
I'm not too scared of Linux, I just don't have time for it. After reading the last 100 or so Slashdot articles where someone commented "Just switch to Linux, everything will be good" I decided to have another go at it. I installed it on a Thinkpad T41. And it was great. And then I needed wireless to work. The distro was kind enough to include MadWiFi drivers that worked out of the box without me having to do anything, but I could only use open networks or static WEP. I needed WPA2 with 802.1x, and authentication with MS-CHAPv2. Guess how many hoops I have to jump through if I want that capability on Linux? How many programs do I need to compile, and how many config files do I need to tweak? Now guess how many with Windows? Quite honestly, I didn't get any further than that because without a secure wireless connection, a laptop is not that useful to me.
I do have to give kudos to Evolution and OpenOffice - they have both come a long way since the last time I saw them. Making Evolution work with Exchange servers - brilliant!
Until some Linux distro can match the usability level of Windows, yes, people will remain scared of it. The second you tell someone they need to open a shell and edit some file in/etc that contains cryptic contents - in order to play with some functionality that Windows has built-in already with a point-and-drool interface - it is over.
Sorry.
WPA2 and WEP do not mix. WEP is a specifically prohibited encryption method when using WPA2. Your choices are AES and TKIP, and the spec does allow you to mix the two together at the same time.
WEP - even dynamic WEP - is evil. It can be cracked in a period of a few minutes, which means you have to do key rotation faster than the time required to crack the key. Unfortunately, 802.1x with dynamic WEP does not have a standardized way of doing key rotation. Often the AP will rotate the key, tell the client "hey, I'm rotating the key", and the client misses the message. Because it's not acknowledged, the AP doesn't know that the client didn't get the message. Thus the AP and client end up using different keys, and connectivity dies. That is another very very good reason to upgrade to WPA/TKIP or WPA2.
Other notable flaws of WEP include lack of anti-replay protection and a simple CRC that makes bit-flipping attacks possible.
Did I mention that WEP was evil and trivial to defeat?
Slashdot Mirror
So RF5961 turns a pesky annoyance bug into a bug where its possible to determine who's connecting to a particular website
Well what's the big deal? NextGenHacker101 showed us how to do that back in 2008!
I have taken a bunch of different courses on Coursera. I didn't realize they were tracking completion rates - I just watch the videos, in order to learn something. I don't really care about the certificate, because it's worthless to me, so I'm not particularly strict about taking the quizzes or completing any of the graded work. The knowledge - that's worth a lot to me. I guess I don't know what their goals were in the first place, but I hardly consider them a failure. I have learned a lot of interesting things - and sure the information is already out there for free, but I sure appreciate having an instructor (in some cases, pretty famous professors) guiding me on what to go and learn. Of course, maybe they have a savvy business plan to "monetize the content". If that's the case, then yeah I suppose it's a failure so far.
Dual_EC_DRBG is *not* mandatory under FIPS 140-2. As of today (January 1), some of the older RNGs are no longer permitted for new FIPS validations, effectively leaving you with only SP800-90A (DRBG). However, there are four different DRBGs contained within 800-90A. Nothing says you need to implement all four of them. One is good enough. Out of the four, only one of them (Dual_EC) is considered suspect.
I didn't know those were the rules. Are they well-known and well-understood? I've been out in fields in the middle of nowhere with two different people who were flying drones well above 400ft - nobody made any mention of a 400ft limit. I'm just curious.
Nothing stops these UAVs from flying in the same airspace as planes carrying people - all it takes is a little software malfunction. They are small and hard to see, aren't in radio contact with air traffic controllers, and don't show up on radar. There's a reason the government is concerned about them, and I suspect it's not about supressing truth.
Does the author actually know anything about cryptography? When the slides make reference to 128-bit and 256-bit, they are talking about *strength*, not number of bits. A 512-bit hash produces something with 256 bits of strength. In addition, let's keep in mind that the NSA has zero interest in making crypto weaker. Their interest (speaking of the SIGINT people, not the IAD people) would be in backdoors that allow them, and only them, to decrypt something while nobody else can. Nothing to see here, move along.
"Got a meeting with colleagues on the other side of the world? 4 a.m. means 4 a.m. for everyone." Yeah, and I have no idea if anyone will be awake at 4 a.m. in that part of the world when I'm scheduling the meeting unless I consult my handy "sleeping hours around the world" chart. Or we can keep things the way they are now, where I know that 4 a.m. in India is a bad time to schedule a meeting.
Apparently the mentality at Cisco now is that if they paint a box green and write Cisco on it, people will buy it.
As a longtime Cisco competitor, I can tell you that that is their mentality, and they are right. There are a huge number of IT departments that buy Cisco just because it says Cisco, and refuse to consider anything else. Whether it's for purchasing convenience, politics, job protection, or just reasons of laziness, there are people who just buy what their Cisco rep wants them to buy. If you manage to actually get into a bakeoff test at these places, network engineers will actively try to sabotage the non-Cisco gear in an attempt to get it to fail, and thus provide justification for spending 50% more on the Cisco gear because "it's the only product that meets our stringent requirements." It is a sad thing to watch, but a fact of life if you compete against Cisco. The trick is recognizing those places early in the sales process and adjusting your efforts accordingly so you don't waste too much time.
The difference between open source and closed source software: Here's a security flaw, and on Slashdot some guy can analyze what happened and why. If this were Windows with the same problem, Slashdot would be alive with "Go figure, another security flaw in M$, when are they going to learn to write secure software?" Moral of the story: If you are going to have security vulnerabilities, make sure Slashdot readers can analyze the source code!
Huh? First, I think you mean "WPA" and not "WAP". Second, 802.11a, b, and g specify how data is encoded over the air. They have nothing to do with security. Don't want WEP? Don't turn it on. There are plenty of people running WPA/WPA2 over 802.11b. I think someone gave you some bad information,
The carriers, AT&T in particular, have this view of the world. It's not wireless LAN they are talking about (that's still a LAN after all), it's public cellular data type services. The way AT&T views the future, a company will outsource its entire LAN to the carrier, who will service everyone with cell towers and microcells. Each device will be assigned to a "LAN" that belongs to the company - it's basically a big nationwide VLAN per customer. It is kind of an interesting idea - you can roam all over the country and your laptop/phone/etc. stays connected to your corporate network everywhere you go. No more VPN, no more wireless hotspots. Security would be handled by the network. The network admin's job inside a company would be to manage the outsourced service.
Personally, I have some issues with how we can get public networks up to the required level of performance, but hey, I'm not a physicist.
Republican != Conservative Democrat != Liberal
802.11n uses MIMO (multiple-in multiple-out) as well as some other techniques to achieve faster speed. It operates in 2.4GHz and 5GHz, though 2.4GHz is not really recommended because of legacy congestion and the fact that with 40MHz channel spacing (802.11a/b/g used 20MHz) you effectively have only a single non-overlapping channel in 2.4GHz. Life will be good in 5GHz. The main idea of MIMO is using reflection and multipath to your advantage. If you know the signal is going to bounce around, why not transmit multiple streams from multiple radios and multiple antennas? If you get lucky (and 802.11n has some techniques to try to guarantee that luck) you can end up getting much higher throughput by sending a different bitstream from each antenna. One thing to keep in mind - you only get this indoors and in areas with multipath. If you have line of sight between you and the transmitter, and not much for signals to bounce off of, you're really not going to get the huge performance boost. There are, in fact, over 300 different rate adaptation algorithms in 802.11n so there's a wide variety of different speeds you might get, depending on conditions. (Vast oversimplification, but there's lots of reading material out there if you want more..)
the existing network was 802.11a I think you mean "802.11", not "802.11a". 802.11a is still in widespread use, and in fact lots of people are moving TO it, not away from it. 802.11a is 54Mbps on the 5GHz radio band. 802.11 was either 1Mbps or 2Mbps depending on flavor.
How much has Meru been paying people to say this stuff publicly? My usual conversation with network admins
who have deployed Meru goes something like this:
Them: I love Meru
Me: So it's working really well?
Them: Well, no, we have a lot of problems.
Me: So...
Them: Yeah, but I really love Meru. Highly recommend it.
I see this stuff on the Educause mailing lists all the time. It confuses me.
I'm not too scared of Linux, I just don't have time for it. After reading the last 100 or so Slashdot articles where someone commented "Just switch to Linux, everything will be good" I decided to have another go at it. I installed it on a Thinkpad T41. And it was great. And then I needed wireless to work. The distro was kind enough to include MadWiFi drivers that worked out of the box without me having to do anything, but I could only use open networks or static WEP. I needed WPA2 with 802.1x, and authentication with MS-CHAPv2. Guess how many hoops I have to jump through if I want that capability on Linux? How many programs do I need to compile, and how many config files do I need to tweak? Now guess how many with Windows? Quite honestly, I didn't get any further than that because without a secure wireless connection, a laptop is not that useful to me. I do have to give kudos to Evolution and OpenOffice - they have both come a long way since the last time I saw them. Making Evolution work with Exchange servers - brilliant! Until some Linux distro can match the usability level of Windows, yes, people will remain scared of it. The second you tell someone they need to open a shell and edit some file in /etc that contains cryptic contents - in order to play with some functionality that Windows has built-in already with a point-and-drool interface - it is over.
Sorry.
b) WPA2, using WEP or idealy AES
WPA2 and WEP do not mix. WEP is a specifically prohibited encryption method when using WPA2. Your choices
are AES and TKIP, and the spec does allow you to mix the two together at the same time.
WEP - even dynamic WEP - is evil. It can be cracked in a period of a few minutes, which means you have to do key rotation faster than the time required to crack the key. Unfortunately, 802.1x with dynamic WEP does not have a standardized way of doing key rotation. Often the AP will rotate the key, tell the client "hey, I'm rotating the key", and the client misses the message. Because it's not acknowledged, the AP doesn't know that the client didn't get the message. Thus the AP and client end up using different keys, and connectivity dies. That is another very very good reason to upgrade to WPA/TKIP or WPA2.
Other notable flaws of WEP include lack of anti-replay protection and a simple CRC that makes bit-flipping attacks possible.
Did I mention that WEP was evil and trivial to defeat?