digg

Facebook Connect Join Digg About

How to keep your wi-fi network safe

news.bbc.co.uk Researchers can now break WEP security in less than a minute - and are strongly recomending that people switch their Wi-Fi over to WPA.

Who dugg this? Made popular May 1, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

85 Comments

show profanity settings
expand all
  • warrenwebber, on 10/12/2007, -0/+41I would use WPA instead of WEP if not for my Nintendo DS which requires WEP! Come on Nintendo!!!
  • Haphazardness, on 10/12/2007, -0/+26I always laugh when I see that quite a few of my neighbors have wide open networks with ssids showing "default."
  • hattriq27, on 10/12/2007, -0/+22MAC filtering will slow me down from stealing your bandwidth by about 30 seconds....spoofing MACs is a no-brainer.

    Granted, it may just keep Bob from next store off your router, but not Bob's teenage son.
  • kenvsryu, on 10/12/2007, -1/+23I'm already hogging the bandwidth even if they get in.
  • Draje, on 10/12/2007, -0/+17We really do need WPA for the DS. Thats the only thing holding me over from better encryption.
  • misterjangles, on 10/12/2007, -2/+18Hogging bandwidth = lots of juicy packets. Lots of packets = more data to sniff & extract keys! Mmmm... packets...
  • CraigCarlyle, on 10/12/2007, -8/+23I change my neighbors SSID's all the time just to screw around with them. Seeing as how their connection was open with SSID's such as "linksys" or "default", I knew they wouldn't mind when I changed it to "Encrypt your ***** network" and "This is... SPARTAAAAA"

    @evilesttoast: Or... you could just configure your router not to show an SSID.
  • hattriq27, on 10/12/2007, -4/+19What the? Did I just hitch a ride on the "Wayback" machine? I thought for sure this article was at least 3 years old. To my surprise it is only days old talking about WEP. Does the author live in a cave and still work on a Windows 98 machine or even Windows Bob?

    WPA and WPA2 have been out for ever in technology timelines. Who the hell uses WEP anymore so why keep talking about how easily it is broken? Paul Ruben needs to catch up, WEP has been broken in a minute.
  • Yez70, on 10/12/2007, -1/+12Your RIAA/MPAA defense was just eliminated by posting the fact here. Your post will never go away and it is tied to your IP address and username and likely stored in Google's db, plus your web history as well.

    Stating you intentionally leave it open as a defense is in fact proving you acknowledge you are doing wrong and further more you are doing so intentionally.
  • DontSayFanboy, on 10/12/2007, -0/+11I just bought a DS and lack of WPA support is really hindering me from playing online. I have found a few solutions.

    The easiest is to connect my laptop via ethernet to my router and then share the connection via wireless. This is cumbersome to set up every time I want to play a quick game of Mario Kart though.

    The new version of DD-WRT (v24) will supposedly have a feature that will allow you to have multiple SSIDs with different encryption settings. I have a linksys wireless router so I will probably try this and set up MAC filtering for the DS.

    Another option with DD-WRT is to set up one of the ports as a VLAN to segment it away from my home network. I could then take my beat up old Airport base station and set it up with WEP encryption and go online with that. The airport would connect to the internet via the wired VLAN port and not see any traffic from the home network. Then I could just disconnect the airport when I wasn't playing DS. Even if someone saw it when it was turned on and cracked the WEP they couldn't access my actual secured network.
  • JoeB4ever, on 10/12/2007, -0/+11I myself changed my ssid to "rapists anonymous"

    That should scare all the freeloaders away.
  • gubin09, on 10/12/2007, -0/+10If by "reasearchers" you mean a 12 year old with a $400 laptop and free software then yeah....
  • inactive, on 10/12/2007, -0/+9So... you're saying the BBC submitted its own story to digg?
  • HalFTW, on 10/12/2007, -0/+7Also MAC filtering does not prevent people sniffing the traffic.
  • geekchic, on 10/12/2007, -0/+6For the record - I do not work for the BBC.

    ...wanders off, muttering about libel and slander.
  • Hayl, on 10/12/2007, -0/+6Lame article, WEP has never been secure, which is why WPA has been around for years.
  • en7ropia, on 10/12/2007, -0/+6how about "tempting little honeypot"
  • UncleWhig, on 10/12/2007, -1/+6BTW, it's "Wired Equivalent Privacy," not "Wireless Equivalent Protection." If you can't even get your acronyms right, why should I grant you an audience?
  • AngelBunny, on 10/12/2007, -1/+6aircrack is nice because they have good tutorials for the beginner, but it does use the old method. on a 40bit wep encryption with wep you're looking at about 2 hours of injecting packets min to get a key (or you get lucky) not 40seconds like the new stuff.

    i've used simular software to aircrack to crack WPA and WPA2. it takes a long time but isn't to hard, and no it isn't bruteforcing. It is basicly the same process as wep but instead of 5mil packets you need like 50mil packets. That takes days. Running a bute force at the same time helps. Whatever one finds it first.
  • inactive, on 10/12/2007, -1/+6"Granted, it may just keep Bob from next store off your router, but not Bob's teenage son."

    Next store = next door?
  • sTiVo, on 10/12/2007, -1/+5Pee Wee Herman's career has really taken a turn.
  • felch, on 10/12/2007, -0/+4Researchers can crack your WEP key in a minute; I can crack it in a few.

    http://www.aircrack-ng.org
  • pauliem, on 10/12/2007, -1/+5I used to use WPA before I got tetris for the DS. Now I will run WEP until I can do something better with the DS. Tetris is just a brilliant game.

    I think the optional USB wireless adapters for the DS supports WPA though.
  • Toast1185, on 10/12/2007, -0/+3I checked out your page, and unfortunately your spam will only help me if I live in Hoover, AL. So I'm afraid its not very relevant :'(. However, if there is anyone on digg that doesn't know how to secure their wireless network and lives near Hoover, AL, I believe they might have just hit the jackpot.
  • muyuu, on 10/12/2007, -0/+3Who the hell uses WEP? Around 80% of the people who use any encryption at all. Just walk around with your lappie and let it listen a bit.
  • RaulMontana, on 10/12/2007, -1/+4We have WPA2 with MAC Address filtering...I think that's secure as hell...
  • tobster85, on 10/12/2007, -1/+4The issue is how fast you can crack WEP now. Before you needed a motive to crack WEP...about 5million packets.
    Now all you need is 40,000, which you can get in 53seconds by rapid ARP requests.
    Good info about it here: http://www.grc.com/securitynow.htm EP#89
  • grumpyrain, on 10/12/2007, -0/+3Why is it a bad idea only now?

    We knew it was broken back in 2001. It was theoretically possible to crack in a minute if there was enough traffic. People soonafter demonstrated a way of stimulating reply packets, speeding it up. Two years ago, the FBI demonstrated a 3 minute attack using off-the-shelf software only. The biggest thing to change with this new discovery is that you need even less packets to analyse.

    Wireless router and card manufacturers need to get their acts together. Stop listing it as the first choice other than unsecured. Put it down the bottom of the list with (bad choice) afterwards for compatibility, and if they select the option, make them tick a box to say they understand the encryption is provided for compatibility only, and that it can be cracked in minutes.
  • MrKite, on 10/12/2007, -0/+3I'm fortunate to have neighbors who have lives.... and more money than me.
  • monergism, on 10/12/2007, -5/+7How to get an article on Digg.

    1. Write the obvious
    2. Submit your story
    3. Get your 'friends' to digg
    4. See step 1.
  • grumpyrain, on 10/12/2007, -0/+2Actually, wireless equivalent protection is probably a more accurate description. It is pretty close to 'dont even bother' useless, certainly past the 'use something else' mark.
  • andysimmons, on 10/12/2007, -1/+3Read the article.

    "Amit Sinha, a wireless security expert at security consultants AirDefense, dismisses many of the security features - such as MAC address filtering and hiding the name of a home wireless network -offered by wireless routers, because these can be circumvented in seconds by anyone using tools such as Aircrack-ng"
  • AshTR, on 10/12/2007, -0/+2@warrenwebber:
    Dang it! Beat me to it.

    Anyway, at least the Wii uses WPA encryption. Why can't the DS?
  • grumpyrain, on 10/12/2007, -1/+3no it can't. It can of course listen for some traffic, work out the MAC address that is sending it, and spoof that one.

    Repeat after me: MAC address filtering does not provide any extra security.
  • tobster85, on 10/12/2007, -0/+2About the new method from the people who developed it:
    http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/

    Podcast about it: http://www.grc.com/securitynow.htm EP#89
  • guyver8400, on 10/12/2007, -0/+2You know whats funny, I do most of that at home, but im outside an apartment building on a dumb ssid LINKSYS reading this..... irony!
  • baldr, on 10/12/2007, -1/+3It is possible to spoof a MAC address, I've heard fairly easy (though I've never tried myself). The only way they could find out what MAC addresses are on the list is to sniff wireless traffic while one of the allowed computers is operating.
  • pyrates, on 10/12/2007, -0/+1From the article:

    "If we shipped them with WPA encryption turned on and unique passwords, our costs would go up dramatically. At the moment we can't see a cost-effective way of doing that."

    How about informing the customer that they NEED to be active about security, not passive. They know they need unique locks for their home instead of having the same key that can open anyone's home on the block, they can certainly do this too.
  • pyrates, on 10/12/2007, -0/+1There is no excuse for some wireless products to only support WEP and not WPA. WPA was designed to use the same hardware as wep and required only a software change. Plus it's been out for a long time now. There is no excuse.
  • Boondoggle, on 10/11/2007, -0/+1except that mabye he posed this from someone else's wifi.

    How do you like that, mr smarty lawyer?
  • sk545, on 10/12/2007, -0/+1dunno, i thought WPA/WPA2 were both "uncrackable" with the correct password. Not sure why people are saying WPA is, and WPA2 isn't.
  • mercnboy3, on 10/12/2007, -0/+1I have WPA2 and MAC Address filtering also
  • richbradshaw, on 10/12/2007, -1/+2Have you ever run kismet in a public area? It shows every hidden SSID, as well as the MAC addresses of every computer connecting to each one.

    You can easily spoof your MAC address - it's not some big secret of how to do it.
  • KayIslandDrunk, on 10/12/2007, -0/+1@Craig
    Not broadcasting a SSID can actually be more dangerous. As I said in the above post using WPA2 and broadcasting your SSID is the best way.
  • antny, on 10/12/2007, -3/+4Why is it that people interested in Security seem to think they're street is full of hackers? I just disable SSID broadcast and I've had no problems.

    I can't justify the need for WEP/WPA on my home network, I'm too lazy to type the key on clients..
  • mattlamb, on 10/12/2007, -0/+1aircrack may be able to find a code but can it remotely view a router approved MAC addresses list?
  • mechmike0034, on 10/12/2007, -1/+2Be sure to scan your City of Hoover and Jefferson County business licenses and post them on your site as well. I've sent links to your site and this thread to the Revenue offices in both places.
  • clearzen, on 10/12/2007, -1/+1Well, you would need an antenna for your wireless cards to fake association in most cases, unless you are extremely close. I don't think you could do it in under a minute unless you have more than one wireless card or maybe two people. But 5-10 is reasonable. WPA is the way to go, I thought everyone knew that by now though.
  • Amazeroth, on 10/12/2007, -0/+0For further information about cracking wep in 60 seconds, have a look on this paper from Tews, Pychkine and Weinmann.
    http://eprint.iacr.org/2007/120.pdf
  • walrusboy91, on 10/11/2007, -0/+0no matter what type on encryption they come up with, myself and my fellow hackers will find a way to get around it. We always have, and we always will.
  • Fetching more discussions...
    Show 51 - 85 of 85 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.