, SecurityFocus 2003-07-03
Think you've heard more than enough about war driving and Wi-Fi insecurity? Two days of electronic eavesdropping at the 802.11 Planet Expo in Boston last week sniffed out more evidence that most Wi-Fi users still aren't getting the message -- or are comfortable broadcasting their e-mail into the ether.
Expand all |
Post comment
professionals have managed the message. Users
generally regard WEP as worthless, primarily
because of the reported results of Ioannidis,
Rubin and Stubblefield in recovering WEP keys
with 2 hours of passive listening via the
Fluhrer-Mantin-Shamir attack.
This is equivalent to saying that it's useless
to lock your house because a determined
adversary can penetrate the premises anyway.
Of course, we all have reason to lament
the deeply flawed process observed by
the IEEE in the development of WEP, and
they should have known better. The hubris
of the 802.11 working group was revealed
with the defensive PR spin that appeared
between the time Scott Fluhrer et al proposed
the attack ("it's just theoretical") and
the time Avi Rubin et al published the
results of succesful application of the
attack.
Most of the interim measures that provide
security -- disabling ARP, using IPsec,
etc. seriously harm the utility of WiFi.
Let's hope that lessons have been learned.
Regards,
Michael Sierchio
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/6290/20781#20781