But how secure is secure?
So you've been told that you need to encrypt your wireless access point. You've heard about wardriving and you don't want to be a victim of people using your WAP without your knowledge. So you activate WEP on your Linksys, D-Link, 3-Com, or whatever commercial brand of access point or wireless router.
Then what happens? You're secure. But my friend Jim found that that's not always the case:
It took me less than 5 minutes to set WEP up.It took me less than 30 minutes to gather the data.
It took me less than 10 seconds to crack my own WEP key.
So how was it done? Well, I setup a 26 character 128bit WEP key on both my access points. I picked the one closest to me to crack. Then I just downloaded and followed the instructions for Aircrack. Once Airdump was running on my laptop (the hacker in my own test) I simulated traffic on my wireless network from the inside. I waited until I got a little more than 500,000 unique WEP IVs and started up Aircrack. Before I could figure out how the program worked my WEP key was given to me.
What does this mean? It’s been known for years that WEP is worthless. But what this really means, is that for busy wireless networks, WEP is not worthless, it’s a joke. The good news is my wireless network doesn’t normally generate this kind of traffic so the odds of getting hacked by a wardriver are slim. If I suddenly notice a bunch of directional antennas pointed towards my house - then it’s a whole different story.
Now I know why Miami University doesn't encrypt its wireless networks. Instead, it asks us to login with our IDs and passwords in order to obtain an IP address. A much more secure idea, but one that doesn't scale down for the home network.
This, of course, doesn't mean that you shouldn't encrypt your wireless access point. Not everyone is Jim, which means that if the average user wants to listen in on your wireless communications, he won't be able to do it. If a hardcore h4xx0r wants to do it, there's little stopping him -- short of a login system like Miami's.
Oh, and Merry Christmas.
Comments
I want to start off this by saying that Mark is a big dweeb. Not only did he just torture a seven-year-old until she ran off whimpering, but he is also a big egomaniac. He actually is watching over my shoulder as we speak re-reading all his own articles and admits to reveling in his own glory. What a loser! He is just lurking in here like a big fat little baby and won't leave because he is so mesmorized with his own non-existant brilliance. Oh, and I don't care about this article either, because it's written in nerd and I can't read that very well and I left my nerd-dicyphering dictionary at home. I, awesomebot.
Posted by: Bud-dy | December 26, 2004 10:27 PM
Check out the other comments I wrote on the earlier entires, because i spent a lot of time bashing mark on them. thank you,
-management
Posted by: Bud-dy | December 26, 2004 11:08 PM
What you've described for Miami is a captive portal system. Starbucks, Borders, etc also use these under the umbrella of the T-Mobile service. There are even free systems such as NoCatNat which I have been dying to try for myself. I just need to build a time machine first.
Posted by: Jim | December 27, 2004 6:39 PM
Correction - NoCatAuth is the name of the software, NoCatNet created it.
Posted by: Jim | December 28, 2004 7:06 AM
:: shakes head ::
Posted by: matt | December 28, 2004 11:16 AM
I agree. Nerds. Oh, BY THE WAY, I OWNED Mark in a grilled cheese cookoff. I won officially 2-1, unofficially 3-0, because my dad voted for mark's thinking it was mine, because he liked the one he thought was mark's better. but he later admitted he liked mine the best, but voted for the other one as not to hurt my feelings. So really, I am just amazing. GRILLED CHEESE CHAMPION!
Posted by: Bud-dy | December 28, 2004 6:24 PM
ADVERTISEMENT:
www.sedhe.net/sandwich/
go here to wake up after reading this trash.
Posted by: Bud-dy | December 29, 2004 1:53 AM