Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Legality of WEP Cracking

From: "Nicholas Chapel" <nicholas.chapel () gmail com>
Date: Wed, 23 May 2007 15:10:05 -0400
On 5/23/07, Paul Dickens <paul.dickens () iop org> wrote:

Another point, who still uses WEP in business? Clearly some must in order
to get such a response from your posting. I thought WEP was flawed
technology!


Yes, WEP is deeply flawed, and has been for a very long time.  Recent
developments have made it even weaker than it already was, now that
it's become widespread news that packet re-injection and spoofed
deauthentication are able to generate sufficient traffic to crack the
key in only a few minutes.  The fact that WEP is profoundly broken is
old news.  But to answer your question, a *lot* of businesses are
using it.  I can't comment on larger firms with an established
information security infrastructure, but almost all of the smaller and
medium-sized businesses I've worked with have been running WEP.  This
includes medical offices and other companies that work with sensitive
data.  To make matters worse, many if not most of them are running on
older hardware and/or software that is incapable of supporting WPA,
never mind WPA2.  It's really quite terrifying.

Regards,
  --Nick

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: