Full Disclosure mailing list archives
Re: TiVo Network Security
From: merlyn () stonehenge com (Randal L. Schwartz)
Date: 04 Jan 2004 00:25:48 -0800
"S" == S f Stover <attica () stackheap org> writes:
S> Another thing to keep in mind is that if you are good about S> rotating your WEP keys, you'll be much more secure against casual S> sniffers. Maybe run airsnort (or equivalent) at home and when it S> cracks the key, drop in another one. S> Unless there's a different way of cracking WEP than duplicate/weak IVs, this S> should put you in reasonable shape. Well, if you're running WEP for the sole purpose of hiding TiVo data, and then you run strong crypto over that for your normal data traffic, and the only result of breaking wep is that someone can connect to 204.176.49/24, I really don't see the point of worrying too hard about rotating the WEP key. Let'em crack it! Plus, the user interface for changing the WEP key on the TiVo requires far too many up-down-left-right pushes for me. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <merlyn () stonehenge com> <URL:http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- TiVo Network Security Crist J. Clark (Jan 03)
- Re: TiVo Network Security Randal L. Schwartz (Jan 03)
- Re: TiVo Network Security S . f . Stover (Jan 03)
- Re: TiVo Network Security Randal L. Schwartz (Jan 04)
- Re: TiVo Network Security S . f . Stover (Jan 04)
- Re: TiVo Network Security S . f . Stover (Jan 03)
- Re: TiVo Network Security Randal L. Schwartz (Jan 03)