|
Back in the saddle again
Join Date: Oct 2001
Location: Central TX west of Houston
Posts: 57,205
|
No WEP encryption is enough, regardless of the size of the key
http://blogs.zdnet.com/Ou/?p=60
Quote:
May 12, 2005
WEP cracking for dummies
-Posted by George Ou @ 10:37 am
* Security
For those who still don't think it's a major problem to run WEP encryption on a wireless LAN, this is your final warning. Humphrey Cheung of Tomsnetworking has released a tutorial that can essentially be summed up as "WEP cracking for dummies". Every time I've written articles on the vulnerability of WEP, I almost always get some wise guy telling me that I'm full of it and that I'm exaggerating the ease with which WEP can be cracked. Now that WEP cracking is child's play, it's almost become a recreational sport for script kiddies and a primary tool of choice for hackers. Now anyone can break in to your WEP based wireless LAN with relative ease.
As I've warned earlier, any WEP based wireless LAN can be cracked in a matter of minutes. The current set of attacks are all implemented in a simple all-in-one CD that is available for free download over the web and it employs the latest packet injection techniques and advanced statistical analysis tools to rapidly recover WEP keys. Even 802.1x based enterprise wireless LANs that have relied on per-user per-session rotating WEP keys to mitigate the security threat are no longer safe because they too can be cracked wide open with just a little more effort. Corporations and homes must protect themselves with a minimum of WPA TKIP encryption but preferably use WPA2 AES encryption.
|
http://blogs.zdnet.com/Ou/?p=48
Quote:
April 1, 2005
FBI demonstrates 3 minute Wi-Fi hack
-Posted by George Ou @ 1:06 pm
* Security
For those of you who have been reading my blogs on a routine bases, it would come as no surprise to you that the FBI demonstrated the hacking of a wireless LAN in 3 minutes.? It was only last month that I blogged about how you can hack most wireless LANs in minutes with the very same techniques.? It's ironic that the FBI is not using some fancy top secret multi-million dollar device to snoop in on your wireless LAN but instead is using off-the-shelf hacking tools that are freely available on the Internet.
The lesson here is that it doesn't take some super hacker to break in to your home or business network, anyone can.? At the end of the linked article, the FBI gives some decent advice that is pretty much in line with the best practices for homes that I've also outlined.? I probably would have not talked about "network segregation" since that's well beyond the means of most small businesses and homes, but I would definitely recommend following their other recommendations.
|
__________________
Steve
'08 Boxster RS60 Spyder #0099/1960
- never named a car before, but this is Charlotte.
'88 targa  SOLD 2004 - gone but not forgotten
|
09-20-2005, 09:59 AM
|
|