wifi security

Archived from groups: comp.sys.palmtops.pilot (More info?)

n wrote:

> i have a tungsten t3 and a palm wifi card. i am new to wifi.
> how can i secure my wifi transmissions, so that individuals can not
> intercept my wifi transmissions. so far i have only used the wifi card at
> free wifi locations.
>
> thanks in advance--

Your WiFi exchange of traffic should be fairly secure because there is an
exchange of keys if I recall correctly. There are two points of insecurity:

1. The WiFi supplier can monitors your traffic

2. WiFi can be hijacked by unauthorised users if its use is not properly
protected using some secret string and/or username/password authentication.

Don't let these flaw deceive you. Your traffic is rather safe despite being
wireless. In fact, being wireless, security is at a premium.

Roy

--
Roy S. Schestowitz
http://Schestowitz.com

Archived from groups: comp.sys.palmtops.pilot (More info?)

>>how can i secure my wifi transmissions, so that individuals can not
>>intercept my wifi transmissions. so far i have only used the wifi card at
>>free wifi locations.
> Your WiFi exchange of traffic should be fairly secure because there is an
> exchange of keys if I recall correctly. There are two points of insecurity:

Impossible. Broadcasting over wifi today = unsecured (even with
WEP/WPA on). A hacker merely has to use the various tools out there and
have at it with time and data packets transmitted.

WEP is like an open-door today = don't even bother using it! It can
be cracked so fast, it's almost pointless
(http://wepcrack.sourceforge.net/
http://www.tomsnetworking.com/Sect [...] e118.php). WPA is tougher,
but can be done if you have a short password
(http://wifinetnews.com/archives/004428.html). You'll really need to go
with WPA2 + AES, etc.

http://www.informit.com/articles/a [...] 69221&rl=1

Archived from groups: comp.sys.palmtops.pilot (More info?)

Laurent Bugnion wrote:

> Hi,
>
> John Bartley K7AAY telcom admin, Portland OR wrote:
>
>> Roy, you're full of it.
>
> Is that really needed?


Thanks for the defense. These words echoed in my head all morning. When I
said WiFi was secure, I fully believed it. I wasn't aware of
freely-available hacks even though I read every single Slashdot headline.
Your typical hacker or 'script kiddie' would probably not hang around the
OP's office or cluster anyway, so it's fairly safe. I think the worry in
many people's mind is that a nearby co-worker would pick up the wrong
packets and interpret them properly, in particular if the same PDA gets
distributed among the staff.


>> It's been well documented, on /. and elsewhere, that the feeble
>> encryption available (WEP 128-bit, which ins't even 128-bit), can be
>> easily and quickly cracked using freeware software tools. In once recent
>> demo, it only took 3 minutes for an FBI team to do so at a hackers'
>> conference.
>>
>> Palm does not have WPA encrption, which *would* protect the user.
>
> Actually, the LifeDrive supports WPA encryption as well as WEP.
>
> Laurent

Roy

Archived from groups: comp.sys.palmtops.pilot (More info?)

John Bartley K7AAY telcom admin, Portland OR wrote:

>>> I too-strongly opined:
>>>> Roy, you're full of it.
> <snip>
>
>>Laurent Bugnion replied:
>>> Hi,
>>> Is that really needed?
>
> Laurent is correct. I apologize for the strong language. However:


Apology accepted. *smile*


> WEP is only token security, as these three Slashdot headlined articles
> show:
>
> http://hardware.slashdot.org/artic [...] 0&from=rss
>
http://apple.slashdot.org/article. [...] ed&tid=183
>
http://it.slashdot.org/article.pl? [...] d=93&tid=1


Since you like citing Slashdot, have you read the latest related story?

http://hardware.slashdot.org/artic [...] 01&tid=222
(Injecting Audio Into Insecure Bluetooth Handsets)


>>Your typical hacker or 'script kiddie' would probably not hang around the
>>OP's office or cluster anyway, so it's fairly safe.
>
> Not required with a directional high-gain antenna, such as these
> inexpensive models:
> http://www.usbwifi.orcon.net.nz
> http://www.turnpoint.net/wireless/has.html
> http://www.turnpoint.net/wireless/cantennahowto.html
> http://www.cantenna.com


Yes, but would anybody wish to go /that/ far? And for what purpose? Spying
amongst competitors is the only case I can think of.


>>I think the worry in many people's mind is that a nearby co-worker would
>>pick up the wrong packets and interpret them properly, in particular if
>>the same PDA gets distributed among the staff.
>
> Doesn't require using the same kind of hardware. Packets are packets, and
> any hardware that can sniff will reveal data.


Yes, of course. I was talking about the illusion -- the perception in the
user's mind. One would be more inclined that if the device looks identical,
it behaves identically and also receives the same traffic.

That would also be the case with cheaper or older device like remote
controlled cars where identical circuits are mass-produced. In our
University network, some students have the same MAC address. Far east
manufacturers assume the merchandise will not reach the same subnets, or
perhaps they do not care. In principal, shops do not stock diverse types of
hardware, especially if it is cheap.


>>>> Palm does not have WPA encryption, which *would* protect the user.
>
>>> Actually, the LifeDrive supports WPA encryption as well as WEP.
>>> Laurent
>
> But, the TKIP crypto of WPA is weak.. and Palm doesn't have WPA2 which
> uses the
> stronger AES. With WPA and PSK, make darned sure to use a long and
> difficult passphrase.

....if the data is at all sensitive in the first place.

Roy

--
Roy S. Schestowitz
http://Schestowitz.com

Archived from groups: comp.sys.palmtops.pilot (More info?)

> Your typical hacker or 'script kiddie' would probably not hang around the
> OP's office or cluster anyway, so it's fairly safe. I think the worry in

LMAO.

er... see www.wifimaps.com -> type in your zip code, click Get List
in the green area, then click on the [Map] link on any of the nodes in
the list that comes up to see all of the WiFi nodes in your area.

Next, wonder, who the heck has been driving around your entire
neighboorhood and actually picking up all of the nodes in your area?!?

Gee, perhaps those script kiddies you thought had nothing better to
do than to hang around the office.....

=P

Anyways, the maps are great for jumping on any open node as well if
you're out and about, and want to get online ASAP.

Also, makes you realize how many people are 'clueless' wifi router
owners who haven't even bothered to change the default configuration on
their boxes.

Archived from groups: comp.sys.palmtops.pilot (More info?)

David Chien wrote:

>> Your typical hacker or 'script kiddie' would probably not hang around the
>> OP's office or cluster anyway, so it's fairly safe. I think the worry in
>
> LMAO.
>
> er... see www.wifimaps.com -> type in your zip code, click Get List
> in the green area, then click on the [Map] link on any of the nodes in
> the list that comes up to see all of the WiFi nodes in your area.


Nice. I have no use for a WiFi connection. Perhaps this will finally push
system administrators towards changing the default settings on the system.
I can't believe that some army bases had their root password set to 'root'.


> Next, wonder, who the heck has been driving around your entire
> neighboorhood and actually picking up all of the nodes in your area?!?


I think people submit data about connections that they are aware of (in this
PHP-Nuke site you should easily be able to submit news though I havent't
checked). It's a collaborative thing. Anybody could expose details about
the connection at his/her workplace.


> Gee, perhaps those script kiddies you thought had nothing better to
> do than to hang around the office.....
>
> =P
>
> Anyways, the maps are great for jumping on any open node as well if
> you're out and about, and want to get online ASAP.


People have ended up getting fines recently. Slashdot had at least two items
I can think of recently.


> Also, makes you realize how many people are 'clueless' wifi router
> owners who haven't even bothered to change the default configuration on
> their boxes.

*LOL*

Roy

--
Roy S. Schestowitz
http://Schestowitz.com