WEP and door locks

conolan

I know the thread is locked, but I wanted to make a point about security overkill.
I have a lock on my door. It works. But if somebody wants to get in they will get in.
Despite knowing this, I'm not putting security cameras, triple deadlocks and security shutters on my house.

Would any of the security-obsessed propellerheads like to tell us what level of security they have on their houses if they don't use WEP?

The point being that levels of security relate not to theoretical levels of threat, but realistic assessments of threat combined with the individuals comfort with risk.

FruitLover

I'm not really sure what your point is. A burgler can't remotely break into your home. Someone could break into your wireless network, reconfigure your router to use a malicious DNS server, install a trojan to capture credit card numbers and passwords, sniff your email and web traffic, download kiddy porn on your connection, etc etc. For a wireless network cracker, these are all possible remotely, many without leaving a trace.

I don't use wireless at home (not arsed setting up a VPN or PEAP-TLS server).

conolan

A burgler can break into my home, steal my credit cards, grab my laptop, kill my family. However it's unlikely.
Equally it's as unlikely or even more unlikely that someone will sit outside my house and hack into my wireless network. Nobody would be bothered.
Therefore no armed guards or advanced wireless security. Neither is required. Doorlock and WEP are just fine.

bushy...

conolan wrote: »

A burgler can break into my home, steal my credit cards, grab my laptop, kill my family. However it's unlikely.
Equally it's as unlikely or even more unlikely that someone will sit outside my house and hack into my wireless network. Nobody would be bothered.
Therefore no armed guards or advanced wireless security. Neither is required. Doorlock and WEP are just fine.

Are you trying to "launch " a service/product that can only use WEP or something ?



Is it really so difficult to at least click

[ ] WEP [*] WPAxx

when setting up a wireless router/ap etc ?

aidan_walsh

it's as unlikely or even more unlikely that someone will sit outside my house and hack into my wireless network. Nobody would be bothered.

People sitting outside in the car mightn't (thought some do). You'd be far more likely to be breached by technically inclined neighbours though. If you want to let them in, fair ****s to you and away you go. Just don't bother complaining if it gets abused.

JTD.Vapour

conolan wrote: »

Would any of the security-obsessed propellerheads like to tell us what level of security they have on their houses if they don't use WEP?

In my eyes, each type of encryption you use, leaves loopholes for certin people.

Wep - Anyone who can google(probably no malicious attempt, but skiddys might have a go at it.

Wpa - Anyone who understands wep cracking and networking. Takes a short amout of time to have knowledge to crack some networks.

A black hat network expert, would get into your network even if "you think your safe" And he will probably get his job done.

Your only as safe as your level of protection.

sidenote - standard eircoms keys are very much the same to open networks, for half assed techies.

FruitLover

conolan wrote: »

Equally it's as unlikely or even more unlikely that someone will sit outside my house and hack into my wireless network. Nobody would be bothered

That's where you're wrong. Any time I bring my laptop out and about with me (e.g. to the park on a weekend, in a café, etc) I casually break into business and residential networks, and I can guarantee you I'm not the only one who does this. Luckily for people like you, my crime is only that of curiosity, but there are plenty of people out there who would crack networks with malicious intent.

As mentioned by Aidan above, most modern APs/routers allow you to use a far more secure encryption method simply by ticking a box. When you weigh that against the extra protection it gives, it would be laughable to advise continuing to use WEP.

conolan

My question still stands. What security do you have on your house?

Not launching anything with wireless. Just thinking about the majority of wireless users who wouldn't know how to change settings. They are the same people who don't know how to set up email accounts or other tasks that we techies find simple.

Techies who scream "you stupid idiot why are you using WEP" are the same as home security salespeople who scream "you stupid idiot why don't you have an alarm and shutters".

eddhorse

I think Conolan is an actual burgular and the next question is "What is your address"?
These thieves are getting crafty, asking about WEP when slyly hinting about what sort of locks are on your door.
The recession is making you think on your feet.

I agree with everyone who says , click on wpa and stop clowning around. Im one of the technically inclined neighbours who will have a crack at your WEP.
I enjoy it , its fun. Deauthenticate you, get some ARP requests when you reconnect and reinject them, 2-3 minutes. And i havent got around to sniffing your house network for passwords credit cards numbers etc YET.
Just because you have a firewall doesnt mean i cant grab a packet on its way out to cyberspace !

P.S. i have adequate locks, alarms on house and cars. And a mad barking dog, come get some !

FruitLover

conolan wrote: »

My question still stands. What security do you have on your house?

Enough to make it very unlikely that it'll be broken into.

Using WEP is the wireless networking equivalent of painting a lock on the door. It looks secure to the layman, until you actually try to break into it.

eddhorse wrote: »

And i havent got around to sniffing your house network for passwords credit cards numbers etc YET

I've found out some interesting things about my neighbours' browsing habits. I've also found out that I'm not the only one who's broken into their network!

Capt'n Midnight

layers, security is done in layers

with a house you have smoke detectors, and windows that can only be opened from the inside and door locks and latches and viewers and alarms , all of which contribute to the safety of the house, you also have insurance and neighbour hood watch

in theory you only need a little more security than your neighbours so they will be targeted ahead of you , but you can't tell what tools an intruder will have or prefer so you should have as many layers as are practicable

WEP has been breakable in 3 minutes for several years now. Script kiddies can do it so it has NO real security from a determined attacker. Your main security is from people who can't google or if your neighbour has a open AP or is using the default password on a router, especially if it's one of the Eircon Netopia ones.

conolan

Capt'n Midnight wrote: »

Your main security is from people who can't google or if your neighbour has a open AP or is using the default password on a router, especially if it's one of the Eircon Netopia ones.

Disagree. My main security in not living near any propellerheads.
If I lived in a city and especially in an apartment block, I'd use lots of security on wireless. Not sure about the door though.

Also, WEP is effective against 99% of computer users. This is, they don't know what security is, they can't crack it, wouldn't know where to start, would need to call tech support to find out how to use the software or have better things to do with their time.

bushy...

conolan wrote: »

Also, WEP is effective against 99% of computer users. This is, they don't know what security is, they can't crack it, wouldn't know where to start, would need to call tech support to find out how to use the software or have better things to do with their time.

Again , why the big fascination with WEP ?

conolan wrote: »

Techies who scream "you stupid idiot why are you using WEP" are the same as home security salespeople who scream "you stupid idiot why don't you have an alarm and shutters".

Daft analogy , salespeople ? clicking the WPAxx box doesn't cost anything.

Unless of course what somebody owns/is selling WON'T do anything else other than WEP

WPA might not be the last word in it but its there ( in most cases) so tis free

Capt'n Midnight

conolan wrote:

Also, WEP is effective against 99% of computer users. This is, they don't know what security is, they can't crack it, wouldn't know where to start, would need to call tech support to find out how to use the software or have better things to do with their time.

*sigh*
a closed but unlocked door is effective against 99% of the population simply because they won't try to crack it
most of that 99% know about jimmying doors or more importantly will know someone into DIY that they can enquire further about.

In computer terms if your neighbour for whatever reasons decides to hack you,
they may not know how,
they may not know anyone who knows,
but the chances that there won't be a friend of a friend that is clued enough to knowledgeable google it and find a working attack are minimal.

With WEP the security exists mainly because your neighbours haven't bothered or aren't interested in jimmying your door. But they could find out very easily if bothered.

eddhorse

This is a never ending "Chicken and the Egg" scenario.

Heres another :
If you have to travel between Dublin and Galway and you own a car and a bike, which do you use to get there?
If you use the bike then stick with wep and get hacked eventually !
Or take the Car, its easier and WPA is more secure.

Sooner or later it will be a lot easier to do this from Windows. And then your deliquent neighbour (Wherever you live) will hack you and sniff your personal data in seconds.
Sure i know you can do this now from Windows but its not that well known, drivers etc as well.

FruitLover

conolan wrote: »

Also, WEP is effective against 99% of computer users.

If you're trying to claim that 99% of computer users are incapable of typing "hack wireless" or something along those lines into google, then I don't see how you can expect to be taken seriously here. Your comments about "propellorheads" imply that you aren't clued in to the fact that wireless cracking tools are now within the grasp of the average, casual computer user. There are even video tutorials on cracking on YouTube now.

godskitchen

FruitLover wrote: »

If you're trying to claim that 99% of computer users are incapable of typing "hack wireless" or something along those lines into google, then I don't see how you can expect to be taken seriously here. Your comments about "propellorheads" imply that you aren't clued in to the fact that wireless cracking tools are now within the grasp of the average, casual computer user. There are even video tutorials on cracking on YouTube now.

You have to want to do this sort of thing in the first place. You have to have a reason. Most of the time I get into networks because I can, not to do anything illegal or malicious but because often when I am out and about wifi is better than 3G for surfing.

99% of people can type "hack wireless"............I would argue that maybe 5% would want to and of that 5% only a handful of people would have the knoledge level/commitment to do it.

People are lazy, they do not want to do something that is not as simple as clicking on a shiny icon. If they did we would all speak 5 different languages, my point being the information is out there for free if you know where/want to look. People just dont want to. As I say people are lazy.

Lazarus2.0

godskitchen wrote: »

You have to want to do this sort of thing in the first place. You have to have a reason. Most of the time I get into networks because I can, not to do anything illegal or malicious but because often when I am out and about wifi is better than 3G for surfing.

99% of people can type "hack wireless"............I would argue that maybe 5% would want to and of that 5% only a handful of people would have the knoledge level/commitment to do it.

People are lazy, they do not want to do something that is not as simple as clicking on a shiny icon. If they did we would all speak 5 different languages, my point being the information is out there for free if you know where/want to look. People just dont want to. As I say people are lazy.

You say you have to have a reason but in the next sentence you say you do it because you can .

It doesnt really matter how many people want to do it . It only takes one to want to do it , whether it's getting into your network or your house . Using WEP is the equivalent of pinning a note on your door saying ' I'm out for the day , darling . The key is under the flowerpot . '

Capt'n Midnight

nessyguin wrote: »

Using WEP is the equivalent of pinning a note on your door saying ' I'm out for the day , darling . The key is under the flowerpot . '

It's more like saying I'm out for the day , darling . The key is in the usual place. '
ie. the key is not immediately obvious but is available if you want to look for it.

/Pedant

Lazarus2.0

Capt'n Midnight wrote: »

It's more like saying I'm out for the day , darling . The key is in the usual place. '
ie. the key is not immediately obvious but is available if you want to look for it.

/Pedant

Lol !

You are right , of course

ironclaw

conolan wrote: »

Nobody would be bothered.
Therefore no armed guards or advanced wireless security. Neither is required. Doorlock and WEP are just fine.

Simple really...

1) What car is parked outside e.g. Merc / BMW?

2) What year is it?

3) Guess from the car what piece and level the plastic in the wallet has

4) Hack.

If you could get thousands in minutes because someone decided not to check a box, would you be bothered? This is such a defunct arguement. Just tick the box and be that little bit safer. It takes two mins and to be honest in the set up menus of most modern routers its simply a drop down box. I doubt there is any wifi card on the market now that can't support WPA.

And techies don't scream at people for no reason. Its like car mechanic argueing with a doctor. Each has a different profession and expertise. Listen to them in equal measure on the topics they have spent, in some cases, years perfecting. Most are only trying to help. I'd be more concern if someone said to me "Oh, use WEP, it's grand sure..."

bushy...

Only reasons I can think of for the OP to come up with such a daft argument in favour of WEP when alternatives are free and just as easy to implement are :

Should this thread "go in his favour" , if he is selling/providing/going to sell cheapo webcams ( see sig) that ONLY support WEP , then when customer complains " isn't WEP out of date / daft " this thread will be a ready made reference he can point them at.

OP is being clever :

Often threads on boards.ie get ranked up in Google etc very highly almost straight away ( almost scary-ish sometimes ) .

Then :

Start daft argument with picture of boat n nice place in sig

People google WEP or something mentioned in this thread

People get bored reading thread about daft argument and click on nice happy boat pic and link

etc etc

ironclaw

bushy... wrote: »

Only reasons I can think of for the OP to come up with such a daft argument in favour of WEP when alternatives are free and just as easy to implement are :

Should this thread "go in his favour" , if he is selling/providing/going to sell cheapo webcams ( see sig) that ONLY support WEP , then when customer complains " isn't WEP out of date / daft " this thread will be a ready made reference he can point them at.

OP is being clever :

Often threads on boards.ie get ranked up in Google etc very highly almost straight away ( almost scary-ish sometimes ) .

Then :

Start daft argument with picture of boat n nice place in sig

People google WEP or something mentioned in this thread

People get bored reading thread about daft argument and click on nice happy boat pic and link

etc etc

Bingo. I've had that net pop up before in the harbour.... If there WEP (I can't remember if they are) you are in for some fun once someone gets in...

bushy...

ironclaw wrote: »

Bingo. I've had that net pop up before in the harbour.... If there WEP (I can't remember if they are) you are in for some fun once someone gets in...

Sharp thinking from you

Is it a "hotspot " type network thing ?

ironclaw

bushy... wrote: »

Sharp thinking from you

Is it a "hotspot " type network thing ?

Well, my presumption is that its a small POP3 or SMTP server that emails a JPEG every so often. So with the right sniffing etc its most likely to be possible.

Frankly, I wouldn't be ar*ed as I love that neck of the woods and its a nice project. And would personally condemn any attempt. Just poor secuirty if its the source of this thread.

conolan

I'm not selling anything.
The webcams are on other peoples networks and have varying degrees of security.

I'm not promoting WEP. I'm trying to get techies to understand that most wireless users aren't techies, would be too frightened to try changing anything on their router (what's a router, some woodwork gadget?), and don't need techies shouting at them. Their chances of having their wireless hacked is probably less than the chances of someone breaking and entering their home.

To all of you who are annoyed by my comments, relax. Sailing season starting and I'll be too busy on the water.

conolan

ironclaw wrote: »

Well, my presumption is that its a small POP3 or SMTP server that emails a JPEG every so often.

Y-cam IP camera. Simple and cheap. FTPs a JPEG.
I don't sell them. It's a pro bono project in my village.

bushy...

conolan wrote: »

I'm not promoting WEP. I'm trying to get techies to understand that most wireless users aren't techies, would be too frightened to try changing anything on their router (what's a router, some woodwork gadget?), and don't need techies shouting at them. Their chances of having their wireless hacked is probably less than the chances of someone breaking and entering their home.

To all of you who are annoyed by my comments, relax. Sailing season starting and I'll be too busy on the water.

Any "techie" that "shouts" at someone for using WEP needs to be drowned (nah.. water pollution). Keelhauled maybe.

If the "techie" is running into this

conolan wrote: »

(what's a router, some woodwork gadget?)

and getting excited , the need to get what they yearn for , put away from humans in a server room somewhere

bushy...

bushy... wrote: »

Again , why the big fascination with WEP ?

DS user maybe?

Anyway, the difference between house security and wireless security could be summarised as follows. If someone breaks in to your house you'll know all about it, your belongings are gone. On the other hand, if someone breaks in to your wireless network you may never know (not all routers have a blinking activity LED). You haven't physically lost anything but might get a nasty surprise somewhere down the line. I'd agree that the risk is quite low in some areas though.