Re: ALERT: WPA can be less secure than WEP

Mark McIntyre <markmcintyre@xxxxxxxxxxx> hath wroth:

>Newsflash: clients have been known to reorientate equipment to get
>better reception or to fit it in better to their furniture.

If you've ever seen a 2wire 1000 series router, it would be rather
difficult to mount in any manner other than vertically. However, I'll
admit that some routers can be mounted in creative manners which would
expose my post-it note. However, since I'm in charge of the
installation, and always optimize it for best coverage. It's most
commonly located up in an office suspended ceiling, high on a
bookshelf, or mixed in with the hi-fi stuff. You would have little
difficult finding the router and reading the WEP/WPA key. My guess is
that there are about 50 local wired and wireless installations that
I've done like this. No security breaches so far (and yes, I do
monitor and read logs). Interestingly, some of these are in local
coffee shops, where you would only need to hop over the country, climb
up a small step ladder, remove the cardboard box I placed over the
router, and read the setup password from the bottom of the WRT54G. Out
of 5 such installations, nobody has done it yet (except the owner when
they have forgotten the passwords). Of course, nobody can read my
handwriting, which might present another problem.

>My neighbour's router is balanced on top of what looks like a stereo
>speaker (though it could be a CD rack), and the window is elevated
>slightly relative to my position. I can imagine him standing it on
>one end (in fact is /designed/ to be stood on its end, it comes with a
>handy stand for doing that).

Probably a Netgear. Yes, it is possible to expose a written password
to the public. It hasn't happened yet to any of my customers and I
don't expect it to happen in the future. However, if it does, I'll
probably revert to my previous method of putting it in an envelope
(which tends to get lost).

>>that's about the only way I've found to avoid the chronic phone calls
>>asking "what's my wep key".
>
>Make it a chargeable request, then either you don't care or your
>clients remember better. :-)

I'm still in business largely because I don't bill by the millisecond
and charge for such things. Customers and friends (the difference is
the customers pay me) call at all hours asking all manner of trivial
and ridiculous things. I don't encourage this, but I also don't
micro-invoice them. However, the interruptions drive me nuts as it
seriously disrupts whatever I'm working on. I have various ways of
dealing with this, but retaliatory billing is not one of them.

>>I see no reason to add an additional setup
>>program when the tools already are there and are 90% complete.
>
>I agree with this. I personally can't recall the last time I did
>anything with a router or modem install CD except turn it into a
>bird-scarer.

Agreed. I tried Linksys SES (by Broadcom) recently and was seriously
disappointed. It only worked with WPA and not WPA2 or WEP. It really
did change the settings on the client but only if it used Wireless
Zero Config. It didn't bother to change the router config password.
If I turn off SSID broadcasting, nothing works. I had to do it
several times before I got it right. I suspect 2wire's system is
similar. Comparison of SES with AOSS.
http://www.smallnetbuilder.com/Sections-article126-page1.php

>>I have no idea how this works as I haven't seen the FullPass product
>>in action yet as it's only in the HomePortal 2000 line as a
>>"GreenLight" button on the front panel. Probably similar to Linksys
>>SES, or Buffalo AOSS, which is what I've been complaining about.
>
>I'll not hold my breath. I can't see how they can do this frankly,
>unless you buy all new kit from the same maker.

Actually, it's quite easy with WZC. The Windoze registry keys for
holding the WPA key and SSID are easy to find. I presume that the
stored WPA key is encrypted somehow. It would be a fair assumption
that both the router and the client radio need to be "supported" and
that it probably only runs on XP SP2. However, both Buffalo and
Linksys require support from the client manager/driver/utility so it's
probably more complex than I suspect. Chuckle.... The above review
notes that they had to uninstall the previous working version of the
Broadcom client driver in order to just try SES and AOSS and that it
disabled the ethernet driver in the process. All this to just change
exactly two items (SSID and WPA key). Like I previously ranted, we
don't need yet another layer of software to add to the installation
ordeal process.[1]

>>Just
>>push the button and you're instantly secure.
>
>I can do that too. Its called the "off switch" :-)

If you have read my previous rants on the subject, you'll probably
find where I been recommending a "component" system instead of an
integrated modem/router/wireless/switch. Part of the benefits to
separate boxes is being able to turn off the wireless part of the
puzzle when it's not in use without killing the rest of the network.
Two of my coffee shops do that in the evening to get rid of the
wireless table hogs and make room for paying customers.


[1] I've seen far too many products where the source of a problem was
never really fixed or even attacked, but where multiple layers of
band-aids were applied to treat the symptoms. I've even helped
precipitate such abominations. My instructions were "fix it, but
don't change it", which I interpreted to mean "Ignore the obvious
cause, and add anything you want". In most cases, it was because the
original designers feelings might be hurt if I dared to suggest they
his design was defective and needed rework. That's what I think SES
and AOSS are doing.


--
Jeff Liebermann jeffl@xxxxxxxxxxxxxxxxxxxxxx
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
.

Relevant Pages

  • Re: Urgent! New router and big disaster
    ... it's quite possible you misconnected the nics when you put the server ... just File and Printer Sharing and the Microsoft Client ... running the internet connection wizard, ... I wonder if I may have missed a firewall setting on the router as well. ...
    (microsoft.public.windows.server.sbs)
  • Re: DI 624 revC- severe wireless latency after consistent throughput
    ... What radio are you using for a client? ... know is that the wall between the router and the client is drywall. ... >it's probably not some firmware anomaly but some form of interference. ...
    (alt.internet.wireless)
  • Re: Urgent! New router and big disaster
    ... just File and Printer Sharing and the Microsoft Client ... running the internet connection wizard, ... If neother SBS server nor client workstation had ... I wonder if I may have missed a firewall setting on the router as well. ...
    (microsoft.public.windows.server.sbs)
  • Re: IP-Adressen und Netzwerkfreigabe
    ... der andere mit einem Router. ... gestartet, keine Chance, ich komme nicht mehr auf den Server. ... Client und Server neu gestartet? ... Hardwaredefekt (Netzwerkkarte, Kabel, Port des Routers / Kabelmodems) ...
    (microsoft.public.de.german.windows.server.setup)
  • Spam or not?
    ... Client wants a very sparse front page and also wants to be found in the SEs ... Buzby ... Prev by Date: ...
    (alt.internet.search-engines)