Re: TiVo Network Security

[merlyn () stonehenge com (Randal L. Schwartz)]

> > > > > "S" == S f Stover <attica () stackheap org> writes:

S> Another thing to keep in mind is that if you are good about
S> rotating your WEP keys, you'll be much more secure against casual
S> sniffers.  Maybe run airsnort (or equivalent) at home and when it
S> cracks the key, drop in another one.

S> Unless there's a different way of cracking WEP than duplicate/weak IVs, this
S> should put you in reasonable shape.

Well, if you're running WEP for the sole purpose of hiding TiVo data,
and then you run strong crypto over that for your normal data traffic,
and the only result of breaking wep is that someone can connect to
204.176.49/24, I really don't see the point of worrying too hard about
rotating the WEP key.

Let'em crack it!

Plus, the user interface for changing the WEP key on the TiVo requires
far too many up-down-left-right pushes for me.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn () stonehenge com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html