eggboard - Slashdot User

NY Times Biffs Conference Wi-FAIL Story-> 0

Submitted by eggboard on Wednesday December 29 2010, @01:21AM

eggboard writes "The New York Times ran a strange story that tried to explain why Wi-Fi fails when thousands of people gathered a tech event try to use a network set up by organizers. The story says Wi-Fi wasn't designed for that kind of use. I disagree, and explain why at length. The 1999 IEEE 802.11b spec might not have been designed for it, but 802.11g could handle mass numbers, and 802.11n is designed to deal with interference and large user bases."
Link to Original Source

Wired Responds in Manning Chat Log Controversy 1

Submitted by

Hugh Pickens

on Wednesday December 29 2010, @12:14AM

Hugh Pickens writes "Earlier this week Glenn Greenwald wrote in Salon about the arrest of US Army PFC Bradley Manning for allegedly acting as WikiLeaks' source and criticized Wired's failure to disclose the full chat logs between Manning and FBI informant Adrian Lamo. Now Wired's editor-in-chief Evan Hansen and senior editor Kevin Poulsen have responded to criticisms of the site’s Wikileaks coverage stating that not one single fact has been brought to light suggesting Wired.com did anything wrong in pursuit of the story. "Our position has been and remains that the logs include sensitive personal information with no bearing on Wikileaks, and it would serve no purpose to publish them at this time," writes Hansen. "That doesn’t mean we’ll never publish them, but before taking an irrevocable action that could harm an individual’s privacy, we have to weigh that person’s privacy interest against news value and relevance." Poulsen adds that Wired has "led the coverage on this story, and we would gain nothing by letting another scoop simmer unreported on our hard drives" and that Greenwald's assertions the Wired has a journalistic obligation to publish the entirety of Manning’s communications is backwards — the truth is the opposite. "Greenwald’s piece is a breathtaking mix of sophistry, hypocrisy and journalistic laziness," concludes Poulsen. "In any event, if you can’t make an argument without resorting to misstatements, attacking the motives of an experienced and dedicated team of reporters, name-calling, bizarre conspiracy theories and ad hominem attacks, then perhaps you don’t have an argument.""

Wired defends its coverage of Manning -> 0

Submitted by johnlist on Tuesday December 28 2010, @11:09PM

johnlist writes "Wired.com editor-in-chief Evan Hansen and senior editor Kevin Poulsen respond to criticisms of Wired’s Wikileaks coverage by Glenn Greenwald in Salon."
Link to Original Source

December 2010

June 2010

Finland To Legalize Use of Unsecured Wi-Fi 151

Posted by Soulskill on Friday June 11 2010, @02:04PM
from the it-turns-out-not-to-be-a-swedish-trap dept.

Apotekaren writes "The Finnish Ministry of Justice has started preparing changes to a current law that criminalizes using unsecured wireless hot spots (Google translation; Finnish original). The reasoning includes the impossibility of tracking unlawful use, the ease of securing networks, and the lack of real damage done by this activity. It is also hard for a user to know if an unsecured network is intended for public use or not. The increased ubiquity of legal, open networks in parks, airports, and other public places has also influenced this move by the Ministry of Justice."

iPhone 4 May Have Wi-Fi Driver Fault-> 1

Submitted by eggboard on Friday June 11 2010, @10:11AM

eggboard writes "After examining the WWDC video and talking to two veteran Wi-Fi experts, it seems likely that the iPhone 4 has a Wi-Fi driver flaw that was part of the trouble in making a network connection during Steve Job's WWDC keynote. The other problem was the massive congestion caused by so many independent access points. (Congestion may have triggered the iPhone 4's troubles, too.) With mobile hotspots proliferating on phones and in portable devices like the MiFi, we're going to see more trouble in the future."
Link to Original Source

June 2010

February 2010

Comment: Re:TKIP and CCMP (Score 2, Informative) 77

by eggboard on Sunday February 28 2010, @12:05AM (#31302822) Attached to: A New Wi-Fi Exploit, Limited But Clever

1. If you're having trouble with WPA2, it's an implementation issue. There's no reason that WPA2 shouldn't work as well or better than WPA. In some silicon, AES-CCMP encryption can work faster than TKIP. Check for firmware upgrades on adapters and APs.

2. TKIP keys cannot be extracted by any known methods. Short TKIP and AES-CCMP passphrased-based keys are vulnerable to brute-force dictionary attacks, typically based on precomputed common SSIDs. A key of 10 or more characters is probably fine; 20 random characters is beyond computation in this universe. 63 is just silly.

3. The TKIP exploits are particular to AES-CCMP and don't recover the key, nor does any particular key length prevent the exploit. The exploits rely on a set of givens (such as 802.11e/WMM being available and enabled on a router), but this latest exploit that I link to uses the integrity checksum to extract a packet delivered to a client in the right circumstances.

4. This attack could be weaponized, but it's a proximity attack, so the yield is very very low in such attacks.

Comment: Re:TKIP and CCMP (Score 4, Interesting) 77

by eggboard on Saturday February 27 2010, @04:52PM (#31299900) Attached to: A New Wi-Fi Exploit, Limited But Clever

That comment is halfway between troll and truth.

That only works for short passwords using dictionary words and common alternatives--typically eight characters or fewer. Yes, you can get precomputed dictionaries for common SSIDs, and you can even use a new service to do some computation.

However, move to 9 characters of random text (&fa^g_!80) and a unique SSID ("My little pony's network"), and all bets are off to computing the result in anything like a usable period of time.

TKIP and AES-CCMP remain strong for long, strong passwords, long being 10 or more characters, but 12 to 20 is best.

Comment: Re:Very Limited (Score 2, Interesting) 77

by eggboard on Saturday February 27 2010, @04:21PM (#31299728) Attached to: A New Wi-Fi Exploit, Limited But Clever

That's not as limited as it sounds. There are perhaps hundreds of millions of routers running versions of embedded Linux, and WMM/802.11e may be enabled by default on many of those!

A New Wi-Fi Exploit, Limited But Clever 77

Posted by kdawson on Saturday February 27 2010, @02:32PM
from the out-of-thin-air dept.

eggboard writes "Martin Beck, who in 2008 co-wrote a paper describing a way to inject packets into a secured Wi-Fi system, is back with a more extensive exploit. His 'Enhanced TKIP Michael Attacks' still don't allow extraction of a key, and are limited to TKIP (not AES-CCMP) WPA-protected networks. Still, he's figured out how to put in large payloads, and to extract data sent from an access point to a client — all without cracking the network key. The attack requires proximity to sniff and inject data, but it's another crack in the older key standard (TKIP) that no one with serious security interests should still be using." Here is Beck's paper (PDF) describing the new attacks.

Another Limited but Wi-Fi Exploit-> 0

Submitted by eggboard on Saturday February 27 2010, @12:59PM

eggboard writes "Martin Beck, who in 2008 co-wrote a paper describing a way to inject packets into a secured Wi-Fi system, is back with a more extensive exploit. His "Enhanced TKIP Michael Attacks" still doesn't allow extraction of a key, and is limited to TKIP (not AES-CCMP) WPA-protected networks. Still, he's figured out how to put in large payloads, and to extract data sent from an access point to a client--all without cracking the network key. The attack requires proximity to sniff and inject data, but it's another crack in the older key standard (TKIP) that no one with serious security interests should still use."
Link to Original Source

eggboard (315140)

(email not shown publicly)
http://blog.glennf.com/
AOL IM: glennf@mac.com (Add Buddy, Send Message)
I'm a journalist who works as a columnist for The Seattle Times, an editor for TidBITS, and a regular contributor to The Economist and Macworld. I typically write about wireless networking and technology, my specialty, but also cover issues relating to Apple, ecommerce, and online marketing, among other areas. I edit the daily Web log Wi-Fi Networking News. In my spare time, I occasionally sleep.