Researchers in Japan have developed an attack against WiFi Protected Access when using the Temporal Key Integrity Protocol (TKIP) that can successfully break the encryption in less than a minute. If you’re using WPA with TKIP, switch to AES, or step up to WPA2.
Or, be like me, and forget trying to encrypt your transmission method, and rely instead on strong encryption at the protocol level. All of the wireless networks I’ve set up at home have been wide open. If you’re not using SSL or TLS for your traffic anyway, you’re doing something wrong. Besides, I hate having to key in security details when I visit friends’ “protected” wireless networks.
Via Yahoo News.
>> “rely instead on strong encryption at the protocol level”
Someone have an explanation for what Scott is referring to here?
Use HTTPS instead of HTTP whenever possible. Use TLS for protocols that support it (IMAP, POP3, etc), and SSL for the rest (IMAPS, POP3S, etc). Use ssh.
Well, you obviously rely on other people (server operators etc) to secure your connection – I wouldn’t do that. Instead, I use OpenVPN as much as possible, on every network I don’t control or know is clean. This way, my connection is always secure. Not only when _every_ service I use is secured.
You secure traffic to and from hosts you control. That’s great. I do that, too when I can.
But OpenVPN won’t secure your password transmission if you log into Facebook, or Gmail, or other web-based services. For those sites that support it, I only use HTTPS. That’s the best we can do, sometimes.
Actually, that’s exactly what it does. (Nearly) every connection is tunneled over the VPN connection to a trusted endpoint. Only connections to that endpoint aren’t tunneled, because of the routing table. So, basically, no unencrypted information is sent or received.
“Well, you obviously rely on other people (server operators etc) to secure your connection” – I guess you rely on other people to secure also. OpenVPN does not fully secure a connection to a website that is not secured. There will always be a leg that is open in that instance. But thanks for trying to demean everyone with your comments
Well, it does secure the most vulnerable instance, the wireless transmission. Which is what I tried to say – otherwise, everyone can capture everything without even being connected to the network. At least, that’s my main concern with using hotspots etc. :)
So leave your WIFI open and for everybody to use? Oo
And be fined by every song somebody downloads over your WIFI by the MAFIAA
Data security is one thing. For that, I agree that protocol security is a must. But wireless encryption is not really about data security for me, it’s about access control. I pay good money for my broadband, so why should I leave it open and let my neighbors mooch off of me for free?
In all my years of running open wireless networks, I’ve never had a neighbor abuse my hospitality. A few have occasionally tapped in, but I’ve never had anyone take advantage of it.
The number of freely available WiFi hotspots these days is absurd. Why sit in my car parked on the side of a residential street to do something when I can just go into a coffee shop?
That’s fine and all, but don’t project your experience on others. Hotspots are not everwhere and not everyone is going to have nice neighbors; so it’s not a good recommendation.
Taking the precaution is wise for many reasons; some of which have already been mentioned (like the fact that we’re responsible for what our connection is used for). If seen wireless networks left open and been able to access saved tax returns of strangers placed in the wrong file, which is a dangerous thing (that being one of many experiences). If I intended to do harm, I could have. I haven’t had my house robbed, but that doesn’t mean I leave my front door open when I’m sleeping. Locking up is the wise thing to do, even if the lock is not what you rely on for security. That said, I’ll never rely on my router’s protection for security, but I’m not going to leave it wide open and take the chance.
Now I know which house to park near when I search for underaged midget porn and post threats to elected officials.
Thanks, Scott Merril!
rely instead on strong encryption at the protocol level”
Someone have an explanation for what Scott is referring to here?
He should have said ‘application layer.’
He should also have not posted the second paragraph he wrote because a tech writer speaking in favor of leaving private access points unencrypted is staggeringly irresponsible.
Ok.. so now explain how an average Joe will now have to secure the rest of his data connections.. for all those cool consumer gadgets including, blu-ray players, tv’s, wifi cameras, dvr’s, PC’s etc with ssl, tls ..
BTW by protocol you should have been very clear.. 802.11 aka wi-fi uses various protocols
Wouldn’t MAC filtering do the same thing if you wish to protect your broadband with out having to use a encryption. that way you’d keep others off the net work but would have any performance hits from the encrypting?
What about MAC spoofing you might say, but really if some one wants on that badly THEY will get on.
MAC filtering only stops them from getting to the internet via your wireless router.
While your wireless computer is talking to your router without any encryption, people with the right software can read ANYTHING that is passing between the computer and the router, including and not limited to your sensitive informations.
* wishes there was an edit button after reading his post =/
Use HTTPS instead of HTTP whenever possible. Use TLS for protocols that support it (IMAP, POP3, etc), and SSL for the rest (IMAPS, POP3S, etc). Use ssh.
Dear sir,
I wanted to ask you if you would try this
http://www.internetuse.tk
& promote this open source wifi and internet use survey.
SEE: http://www.internetuse.tk
I notice that you are often commenting about opening wifi access and security issues. This survey is designed to explore how people are thinking about this issue, it’s an URTAK survey which means that anyone can see the results and any once can ask questions of their own. Unlike other polling it’s very democratic & open minded. I.e it’s not designed for selfish reasons but to educate anyone who takes part.
The tricky thing is that we need statistically relevant numbers, at least a couple of hundred to make data viable, so maybe anyone seeing this can try it out & help promote it?
Please HELP. Thanks