Re: ALERT: WPA can be less secure than WEP

William P.N. Smith <news2006a@xxxxxxxxxxxxxxx> hath wroth:

>The number of people pointing their password out the window is
>insignificant, IMHO...

I couldn't resist a quick experiment. I scribbled a phrase on a
yellow post-it note and plastered it to the side of my computah. I
then took my 7x35 binoculars and started walking until I could no
longer read the phrase. The big problem was finding a place where the
glare from the window glass didn't cause problems. I didn't measure
it accurately, but my guess is about 20ft. I also tried it with two
digital cameras, which were readable to about 15 ft. A proper
telescope or spotting scope should work much better. Perhaps write in
a small font and security will be improved.

Incidentally, I recently attempted (and messed up) a variation of a
previous security exploit. In a previous "security audit" I arranged
for the server room video security camera to tape the system
administrator logging into a system. When we played back the video in
slow motion, the fingers could be seen typeing the password. My
neighbor, the 15 year old (at the time) finger hacker, got all but one
letter correct when run at full speed. (This is the same kid that can
read ROT13 encoded text at full speed).

Anyway, I had my digital camera with me set to record an MPEG movie
when I stomped on the button. I successfully recorded a different
system administrator logging into his system. When played back, the
login and passwords were easy to extract. However, I screwed up and
ran out of storage space plus my camera emitted a loud warning beep
when the CF card filled up. Oops.

Never mind using the binoculars to read the post-it note. Just video
tape your neighbor doing banking or email.

--
Jeff Liebermann jeffl@xxxxxxxxxxxxxxxxxxxxxx
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
.