jbert - Slashdot User

Submission + - How does Apple hash passwords to WEP keys?

Submitted by simm1701 on Friday December 08, 2006 @06:22AM

simm1701 writes: Does anyone know the details of Apple's WEP password->key hashing algorithm?

My neighbour has gone on holiday but after talking to him via email and mentioning that my ADSL is dead he kindly offered me access to his wireless network which he left running.

Unfortunately his setup is apple and he only knows the password, not the hex key that Apple hashes this to. Sure Apple has a solution for this which is to log into the base station (which you have to be connected to, ie either by wire or be on a mac, or already know the key which you are trying to find out) and the base station will display the network equivalent key on request.

I always thought that showing a key/password on screen was a bad idea — so does anyone know of an application into which you can enter the password and it will hash it to the key in the same way that apple does? Or does anyone know of the algorithm used so I can code it myself?

Please no discussion on the benefits of moving to WPA — I agree with them all completely, unfortunatly some of the older apple hardware (which my neighbour has) will only work with WEP.

Submission + - Locating a server in your home

Submitted by on Friday December 08, 2006 @06:00AM

An anonymous reader writes: It's going to be 41 degrees C here tomorrow. At the moment my server (with 5 hard disks) is located temporarily in a room on it's own, mostly because no one wants to be in the same room as all those fans and disk motors. This is not a wise allocation of limited house space :-} (Yes — you guessed it — I am single) Q: Where do folks locate their servers in suburban homes? Q: Whats your best tricks and tips for making that server more house friendly? I am thinking about security, heat, noise, space, access...I guess in cooler climates any cupboard will do....

Submission + - DNS All Over the Place

Submitted by

Juha Holkkola

on Friday December 08, 2006 @04:53AM

Juha Holkkola writes: "On November 15, SANS published 2006 annual update of the Top-20 Internet Security Attack Targets (www.sans.org/top20/). Each year, some of the most security conscious organizations all over the world help SANS in compiling this list based on severe vulnerabilities that have been discovered during the last 12 months or so. If any network service or product that has made this list has been more or less safe for more than 12 months, it gets dropped out. What strikes me the most with SANS's Top-20 is that DNS and BIND have made the list every single year since SANS started publishing it in 2000. That's every year for seven years now. And so, one would imagine that the networking community would finally like to do something to address the associated security problems, DNS being one of the most critical TCP/IP services and all. As some information security experts have recently pointed out, network administrators often shun away from interfering DNS as that could potentially have dire implications on functioning networks. I guess what they mean by this is that as DNS is one of the few applications that dates back to the pre-firewall-era of Internet, managing and securing DNS is like having a pet dinosaur. It's really not that cute and you'd really prefer not to touch it at all. Pet talk aside, perhaps the time has come to take the bull by the horns? While DNS and plain BIND may be somewhat cumbersome to secure and to manage, there are also more advanced options out there that make protecting and managing DNS servers a walk in the park."

Slashdot Top Deals