Re: ALERT: WPA can be less secure than WEP
- From: Mark McIntyre <markmcintyre@xxxxxxxxxxx>
- Date: Fri, 27 Jan 2006 23:15:44 +0000
On Fri, 27 Jan 2006 09:32:38 -0800, in alt.internet.wireless , Jeff
Liebermann <jeffl@xxxxxxxxxxxxxxxxxxxxxx> wrote:
(don't get me wrong, I totally agree with the principle of better
preconfigured wireless security schemes, I just happen to consider
what you've said so far to be simplistic and possibly disengenuous)
>Mark McIntyre <markmcintyre@xxxxxxxxxxx> hath wroth:
>
>>On Fri, 27 Jan 2006 01:37:23 GMT, in alt.internet.wireless , Jeff
>>Liebermann <jeffl@xxxxxxxxxxxxxxxxxxxxxx> wrote:
>
>>>Wouldn't it be easier for the manufactures to ship their products
>>>secure by default rather than insecure?
>>Indeed, but probably impractical.
>
>Impractical? 2wire.com can do it on every wireless router they ship.
requiring an extra step (ie cost) in manufacturing and packaging...
>They attach a label to the bottom of the router with the router
>password, unique SSID, and WEP encryption key.
Excuse me while i snort into my coffee. They stick a label on the box
with the password written on it? And this is considered secure ?
Remind me, is it currently recommended security practice to write your
password on a post-it note on the underside of your keyboard?
>However, if the cost of an additional label will cause the wireless
>manufacturers undue financial harm, it can be done in firmware by
>changing the default setup:
>1. Upon a hard reset or as shipped, the router will not work until
>the user assigns a unique router password.
>2. Upon a hard reset or as shipped, the wireless is disabled until
>the user sets the SSID and either sets up WEP/WPA, or intentionally
>disables encryption.
I agree, this is what should happen. But this is precisely what you
pooh-pooed in your earlier mail when you said that it was wrong to
expect the user to run hrough a setup process.
>Yep. See 2wire.com They've only been doing exactly that since the
>beginning.
And they're right up there with linksys, cisco, 3com, netgear, in
terms of units shifted, cost comparison etc... :-)
>>And indeed some of the information seems positively
>>misleading - the suggestion that you can get instant secure links
>>without typing in any passphrase for instance.
>Huh? I think they're referring to the router being secure, not the
>clients or the entire system.
Here's what they say:
"Our exclusive FullPass instant connection technology enables any
computer, and other service provider supported wireless devices, to
automatically connect to the correct wireless network with the highest
level of Wi-Fi security available."
Sounds to me like a claim to be able to reconfigure client devices.
Mark McIntyre
--
----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
.
- Follow-Ups:
- Re: ALERT: WPA can be less secure than WEP
- From: John Navas
- Re: ALERT: WPA can be less secure than WEP
- From: Jeff Liebermann
- Re: ALERT: WPA can be less secure than WEP
- References:
- Re: ALERT: WPA can be less secure than WEP
- From: Mark McIntyre
- Re: ALERT: WPA can be less secure than WEP
- From: John Navas
- Re: ALERT: WPA can be less secure than WEP
- From: Mark McIntyre
- Re: ALERT: WPA can be less secure than WEP
- From: John Navas
- Re: ALERT: WPA can be less secure than WEP
- From: Mark McIntyre
- Re: ALERT: WPA can be less secure than WEP
- From: glenn
- Re: ALERT: WPA can be less secure than WEP
- From: Jeff Liebermann
- Re: ALERT: WPA can be less secure than WEP
- From: Mark McIntyre
- Re: ALERT: WPA can be less secure than WEP
- From: Jeff Liebermann
- Re: ALERT: WPA can be less secure than WEP
- Prev by Date: Re: Two wireless routers one network
- Next by Date: Re: WDS questions
- Previous by thread: Re: ALERT: WPA can be less secure than WEP
- Next by thread: Re: ALERT: WPA can be less secure than WEP
- Index(es):
Relevant Pages
|
