more mandatory reading. Read and understand these. That's an order.
If lowes employed WEP, they wouldn't have been put in the position they were to begin with. They became the low lying fruit by trying to follow these myths (although when I connected, long before Adam and Brian, they didn't even employ mac filtering).
I shall deliver a swift kick in the balls to anyone I see implementing these. Seriously.
17 thoughts on “”
I don't use any of that, I use IPsec. Although I wish prism54 would finish WPA support, I want to use EAP-TLS instead of IPsec. IPsec tunneling has some issues.
yea, besides the pain in the ass it generally is, people can also connect to the IPsec gateway and attempt attacks on it. Even if you seal everything off, if your IKE daemon becomes exploitable (or already is), you're still screwed.
I want someone to come up with WPA support for the orinoco stuff. Not because I really like orinoco much anymore, but because my laptop has one built in, and I'd like to switch away from WEP.
Pain in the ass is an understatement. The *only* reason I do it is because I lived in a dorm. I trust my friends not to abuse the nightmare filesystems exported from my server, I don't trust the skiddie down the hall with aircrack.
The other reason I want WPA support is I have a program that does a weak shared-key attack on WPA-PSK that I want to try out :p Kind of useless without the ability to connect afterwards though.
Should I mention that I used to allow non-IPsec on my wifi and ran dsniff on all the traffic :p Got myself a shitload of login passwords for MTU with that.
I have some pretty tough security implementations.
in the form of about 200' of cat5 ;op
(and if someone walks in and attempts unauthorized network access, in the form of plugging into my router, I have a baseball bat…)
I'm so leet, or something. hehe
(I also have an old-school VCR instead of tivo. weeee)
awesome. Your security is perfect.
if the cable is in a compromisable location you're still subject to cutting in, jacking out the two ends, having a switch tossed into the works, and it's the ideal example of a man in the middle attack.
I admit this is a metric assload less likely than some dillweed with a wireless card, but physical security is highly under valued.
Right, so I should be using WEP, right? I checked and realized I was using WPA-PSK. I have switched over to WEP with 128 bit encryption. I really need to do my homework on this whole wireless shit. This is what I get for getting away from the industry, it's so hard to get back in the know.
No, not at all. WEP is better than nothing, but WPA-PSK (so long as you don't have a shitty password) is WAY, WAY better than WEP.
Oh, so I should have stuck with WPA-PSK and my complex pass key?
absolutely. you're probably safe as a household at 128 bit WEP (it's what I use), but if all your cards and your AP support WPA-PSK, definitely use it.
(Almost none of my gear supports WPA but my access point, so I can't use it)
Yeah, I switched back to WPA-PSK (128b) and used a very complex pass key, so I feel somewhat secure.
Bet that was a bugger to pin down.
Personally I wouldn't go to that much expense. A cheap wireless router that has a built in 4 port switch can easily be hidden in a ceiling and having access to an electrical outlet isn't an unreasonable hope.
That's also clever, but when you need a gig, my friend, you need a gig.
Besides, I'll bet if they were using wireless, they'd have found it quickly. I'd be willing to bet that the university in question was running airespace gear, which if I recall correctly, can find rogue wireless gear and triangulate it.
Dude. That's all kinds of hardcore awesome. Do you know if this was a mistake, or intentionally done to avoid detection?
I've heard of that sort of thing (and have seen the directories on those servers), but never knew any of them were in Michigan.