Become a fan of Slashdot on Facebook


Forgot your password?

Submission + - NY Times Biffs Conference Wi-FAIL Story (

eggboard writes: The New York Times ran a strange story that tried to explain why Wi-Fi fails when thousands of people gathered a tech event try to use a network set up by organizers. The story says Wi-Fi wasn't designed for that kind of use. I disagree, and explain why at length. The 1999 IEEE 802.11b spec might not have been designed for it, but 802.11g could handle mass numbers, and 802.11n is designed to deal with interference and large user bases.
The Media

Submission + - Wired Responds in Manning Chat Log Controversy 1

Hugh Pickens writes: "Earlier this week Glenn Greenwald wrote in Salon about the arrest of US Army PFC Bradley Manning for allegedly acting as WikiLeaks' source and criticized Wired's failure to disclose the full chat logs between Manning and FBI informant Adrian Lamo. Now Wired's editor-in-chief Evan Hansen and senior editor Kevin Poulsen have responded to criticisms of the site’s Wikileaks coverage stating that not one single fact has been brought to light suggesting did anything wrong in pursuit of the story. "Our position has been and remains that the logs include sensitive personal information with no bearing on Wikileaks, and it would serve no purpose to publish them at this time," writes Hansen. "That doesn’t mean we’ll never publish them, but before taking an irrevocable action that could harm an individual’s privacy, we have to weigh that person’s privacy interest against news value and relevance." Poulsen adds that Wired has "led the coverage on this story, and we would gain nothing by letting another scoop simmer unreported on our hard drives" and that Greenwald's assertions the Wired has a journalistic obligation to publish the entirety of Manning’s communications is backwards — the truth is the opposite. "Greenwald’s piece is a breathtaking mix of sophistry, hypocrisy and journalistic laziness," concludes Poulsen. "In any event, if you can’t make an argument without resorting to misstatements, attacking the motives of an experienced and dedicated team of reporters, name-calling, bizarre conspiracy theories and ad hominem attacks, then perhaps you don’t have an argument.""
Wireless Networking

Finland To Legalize Use of Unsecured Wi-Fi 151

Apotekaren writes "The Finnish Ministry of Justice has started preparing changes to a current law that criminalizes using unsecured wireless hot spots (Google translation; Finnish original). The reasoning includes the impossibility of tracking unlawful use, the ease of securing networks, and the lack of real damage done by this activity. It is also hard for a user to know if an unsecured network is intended for public use or not. The increased ubiquity of legal, open networks in parks, airports, and other public places has also influenced this move by the Ministry of Justice."

Submission + - iPhone 4 May Have Wi-Fi Driver Fault ( 1

eggboard writes: After examining the WWDC video and talking to two veteran Wi-Fi experts, it seems likely that the iPhone 4 has a Wi-Fi driver flaw that was part of the trouble in making a network connection during Steve Job's WWDC keynote. The other problem was the massive congestion caused by so many independent access points. (Congestion may have triggered the iPhone 4's troubles, too.) With mobile hotspots proliferating on phones and in portable devices like the MiFi, we're going to see more trouble in the future.

Comment Re:TKIP and CCMP (Score 2, Informative) 77

1. If you're having trouble with WPA2, it's an implementation issue. There's no reason that WPA2 shouldn't work as well or better than WPA. In some silicon, AES-CCMP encryption can work faster than TKIP. Check for firmware upgrades on adapters and APs.

2. TKIP keys cannot be extracted by any known methods. Short TKIP and AES-CCMP passphrased-based keys are vulnerable to brute-force dictionary attacks, typically based on precomputed common SSIDs. A key of 10 or more characters is probably fine; 20 random characters is beyond computation in this universe. 63 is just silly.

3. The TKIP exploits are particular to AES-CCMP and don't recover the key, nor does any particular key length prevent the exploit. The exploits rely on a set of givens (such as 802.11e/WMM being available and enabled on a router), but this latest exploit that I link to uses the integrity checksum to extract a packet delivered to a client in the right circumstances.

4. This attack could be weaponized, but it's a proximity attack, so the yield is very very low in such attacks.

Comment Re:TKIP and CCMP (Score 4, Interesting) 77

That comment is halfway between troll and truth.

That only works for short passwords using dictionary words and common alternatives--typically eight characters or fewer. Yes, you can get precomputed dictionaries for common SSIDs, and you can even use a new service to do some computation.

However, move to 9 characters of random text (&fa^g_!80) and a unique SSID ("My little pony's network"), and all bets are off to computing the result in anything like a usable period of time.

TKIP and AES-CCMP remain strong for long, strong passwords, long being 10 or more characters, but 12 to 20 is best.


A New Wi-Fi Exploit, Limited But Clever 77

eggboard writes "Martin Beck, who in 2008 co-wrote a paper describing a way to inject packets into a secured Wi-Fi system, is back with a more extensive exploit. His 'Enhanced TKIP Michael Attacks' still don't allow extraction of a key, and are limited to TKIP (not AES-CCMP) WPA-protected networks. Still, he's figured out how to put in large payloads, and to extract data sent from an access point to a client — all without cracking the network key. The attack requires proximity to sniff and inject data, but it's another crack in the older key standard (TKIP) that no one with serious security interests should still be using." Here is Beck's paper (PDF) describing the new attacks.

Submission + - Another Limited but Wi-Fi Exploit (

eggboard writes: Martin Beck, who in 2008 co-wrote a paper describing a way to inject packets into a secured Wi-Fi system, is back with a more extensive exploit. His "Enhanced TKIP Michael Attacks" still doesn't allow extraction of a key, and is limited to TKIP (not AES-CCMP) WPA-protected networks. Still, he's figured out how to put in large payloads, and to extract data sent from an access point to a client--all without cracking the network key. The attack requires proximity to sniff and inject data, but it's another crack in the older key standard (TKIP) that no one with serious security interests should still use.
Wireless Networking

Submission + - Apple Slips in 450 Mbps Wi-Fi in Its Base Station (

eggboard writes: Apple told a few reporters in briefings yesterday to look for significant changes in its two top-line base station models, which are noted in passing as "new" on the product pages: 50 percent throughput improvement and 25 percent distance bump. How did they do this? With Engadget's FCC tip about "3x3" models, I've determined that Apple now offers what seems to be the first mass-market 450 Mbps, three radio-chain Wi-Fi router. Virtually all other consumer routers max out at 300 Mbps.

Metasploit Project Sold To Rapid7 70

ancientribe writes "The wildly popular, open-source Metasploit penetration testing tool project has been sold to Rapid7, a vulnerability management vendor, paving the way for a commercial version of Metasploit to eventually hit the market. HD Moore, creator of Metasploit, was hired by Rapid7 and will continue heading up the project. This is big news for the indie Metasploit Project, which now gets full-time resources. Moore says this will translate into faster turnaround for new features. Just what a commercial Metasploit product will look like is still in the works, but Rapid7 expects to keep the Metasploit penetration testing tool as a separate product with 'high integration' into Rapid7's vulnerability management products."

Apple Blurs the Server Line With Mac Mini Server 557

Toe, The writes "Today Apple announced several new hardware offerings, including a new Mac mini, their (almost-literally) pint-sized desktop computer. In a bizarre twist, they are now also offering a Mac mini with Mac OS X Server bundled in, along with a two hard drives somehow stuffed into the tiny package. Undoubtedly, many in the IT community will scoff at the thought of calling such a device a 'server.' However, with the robust capabilities of Snow Leopard Server (a true, if highly GUI-fied, UNIX server), it seems likely to find a niche in small businesses and even enthusiasts' homes. The almost completely guided setup process means that people can set up relatively sophisticated services without the assistance of someone who actually knows what they are doing. What the results will be in terms of security, etc. will be... interesting to watch as they develop." El Reg has a good roundup article of the many announcements; the multi-touch Magic Mouse is right up there on the techno-lust-inspiration scale.

The Kindle Killer Arrives 542

GeekZilla sends coverage from Wired's Gadget Lab on the Nook, Barnes & Noble's first e-book reader. "Sleek, stylish and runs the Android OS. What's not to like about Barnes and Noble's new e-book reader? Despite the odd name, the Nook looks like an eBook reader that would actually be a worthwhile investment. Best feature? The ability to loan e-books you have downloaded to other Nook owners. The reader, named the 'Nook,' looks a lot like Amazon's white plastic e-book, only instead of the chiclet-keyboard there is a color multi-touch screen, to be used as both a keyboard or to browse books, cover-flow style. The machine runs Google's Android OS, will have wireless capability from an unspecified carrier, and comes in at the same $260 as the now rather old-fashioned-looking Kindle." Here is the B&N Nook site, which is still not visible on their front page and has a few non-working links. ( isn't set up yet.) Their comparison page takes dead aim at the Kindle. Among the advantages in the Nook's column: Wi-Fi, expandable memory via microSD, MP3 player, and PDF compatibility. (But remember the cautionary note B&N struck six years back when they got out of the e-book business.)

Comment Year-old Ars Technica piece covers similar ground (Score 2, Informative) 259

I wrote a long article for Ars Technica nearly a year ago that looked at the past, present, and future. The reality hasn't changed much since then.

Most so-called municipal Wi-Fi projects involved a handful of companies absorbing all the initial network cost in exchange for some to no city business and access to citizens for coverage. EarthLink, MetroFi, Kite, and AT&T were the most prominent. EarthLink got out of the business; AT&T still does some metro-scale networking (Riverside), and MetroFi and Kite shut down.

There are a ton of networks run entirely or nearly so for public safety and/or municipal purposes that have been very successfully in Oklahoma City and elsewhere.

Slashdot Top Deals

Murphy's Law, that brash proletarian restatement of Godel's Theorem. -- Thomas Pynchon, "Gravity's Rainbow"