Hams Report 85-mile 802.11b File Transfers @ Oregon
Mark C. Langston
mark at bitshift.org
Wed Apr 14 15:23:26 PDT 2004
On Wed, Apr 14, 2004 at 05:37:58PM -0400, Chuck Yerkes wrote:
> it's clearly been a Best Practice, from the start to:
> - assume that someone hostile is standing 3 feet from the AP and
> can gather all your packets.
> - and *know* that WEP (and now LEAP) are deeply broken and shouldn't
> be used for auth or encryption anyway.
>
Since it hardly ever gets mentioned, except as a "secure substitute" for
WEP, I'll point out that WPA is also broken, in a manner somewhat
similar to WEP:
http://www.icsalabs.com/html/communities/WLAN/wp_SimpleSecrets.pdf
(note that the weakness is related to choosing simplistic keys for WPA
and is not due to ISV problems as WEP is).
The caveat here should be: Assume all hosts and protocols are insecure,
regardless of the steps taken to secure them. Act accordingly.
For the truly paranoid, you may assume all hosts have already been
compromised, and take steps to ensure data integrity and service
continuity.
--
Mark C. Langston Sr. Unix SysAdmin
mark at bitshift.org mark at seti.org
Systems & Network Admin SETI Institute
http://bitshift.org http://www.seti.org
More information about the Baylisa
mailing list