Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

(in)Security in 802.11 WEP Algorithm

From: Rich Corbett <RichC () LOEHMANNS COM>
Date: Wed, 14 Feb 2001 19:38:57 -0500
There has been much talk in the last week that I have read about in regard
to the insecurity behind the WEP (Wired Equivalent Privacy) algorithm, which
is part of the 802.11 standard.  I do not claim to be an expert on the
subject, however I am a bit alarmed in what I have found out.

This is good reading for anyone who already has or is thinking of deploying
a wireless LAN (WLAN) over using 802.11, 802.11b, etc.  From some poking
around, I found a few vendors that resell such technology which include, but
are not limited to:  Lucent, Compaq, Symbol, Toshiba, DLink, and 3Com.  Some
vendors do slightly a better job at keeping things tight from what I have
read in a few different articles, however - the whole 802.11, I feel cannot
be trusted.  If you do use it, treat it like the Net - firewall it, and VPN
all your comms to your servers, etc.  <My own opinion>


From what I understand, new laptops from Toshiba are going to be (or maybe

already are) equipped with 802.11 NIC's.  I would be careful in using the
laptop in public places, such as American Airlines' Admiral's Club's who is
reported as offering it to executives passing through some major airports!
(Ack!)


From another article, I read that corrections for 802.11 will not be

available to at best 2nd Quarter of 2002...  However, I couldn't find
anything from IEEE on the subject.  I feel that the best info can be found
in the following two links:

http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

The actual draft can be found here:

http://www.isaac.cs.berkeley.edu/isaac/wep-draft.pdf

My take on all of this is that unless you can utilize proven VPN
technologies, or compute in a RF shielded environment, forget about 802.11
and secure computing for now...  I feel for our colleagues who have already
rolled out this technology in widespread areas and am glad that I chose not
to despite the cost savings in cabling installations, ease of deployment,
and future maintenance involved.  I never want to be a 'gamma tester'.

Rich Corbett
Director of Network Services
Loehmann's Inc.
richc () loehmanns com
Previous By Date Next
Previous By Thread Next

Current thread: