New York County Hopes To Do For Online Safety What It Did For WiFi
from the i-know,-pass-another-law dept
Politicians in Westchester County began talking last year about passing a law requiring businesses that offer WiFi access to secure their network in various ways. The law passed last week, but it's typically misguided, written with little understanding of network security and doing nothing that would actually pose a problem for a hacker. But county politicos see themselves as trailblazers, and they've now set their sights on the safety of kids on the internet. They're hosting an "adults-only" meeting about it, and aren't ruling out drafting some sort of legislation dealing with the issue. If nothing else, it would be entertaining to see what kind of law they'd come up with, given the matter of some small things like the First Amendment, or a lack of local jurisdiction over the internet. It's also slightly amusing that the article emphasizes the meeting is adults-only, after all, it's probably far better just to listen to all the hype about the dangers of online services, rather than actually, you know, talk to kids about them.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
First one!
I wish I had known all I had to do to protect my network from "hackers" was to change the default SSID. And here I wasted all that two minutes of my time setting up WPA encryption with a random passphrase instead.
[ link to this | view in chronology ]
Re: First one!
[ link to this | view in chronology ]
Re: Re: First one!
WEP is inherently insecure. 128 bit WEP can be cracked inside of 3 minutes.
WPA DOES encrypt your data. Read the facts before you post http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
WPA was created by The Wi-Fi Alliance, an industry trade group, which owns the trademark to the Wi-Fi name and certifies devices that carry that name. Certifications for implementations of WPA started in April 2003 and became mandatory in November 2003. The full 802.11i was ratified in June 2004.
WPA is designed for use with an 802.1X authentication server, which distributes different keys to each user; however, it can also be used in a less secure "pre-shared key" (PSK) mode, where every user is given the same passphrase. The Wi-Fi Alliance calls the pre-shared key version WPA-Personal or WPA2-Personal and the 802.1X authentication version WPA-Enterprise or WPA2-Enterprise.
Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector (IV). One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used. When combined with the much larger IV, this defeats the well-known key recovery attacks on WEP.
In addition to authentication and encryption, WPA also provides vastly improved payload integrity. The cyclic redundancy check (CRC) used in WEP is inherently insecure; it is possible to alter the payload and update the message CRC without knowing the WEP key. A more secure message authentication code (usually known as a MAC, but here termed a MIC for "Message Integrity Code") is used in WPA, an algorithm named "Michael". The MIC used in WPA includes a frame counter, which prevents replay attacks being executed; this was another weakness in WEP.
WPA was formulated as an intermediate step towards improved 802.11 security for two reasons: first, 802.11i's work lasted far longer than originally anticipated, spanning four years, during a period of ever-increasing worries about wireless security; second, it encompasses as a subset of 802.11i only elements that were backwards compatible with WEP for even the earliest 802.11b adopters. WPA firmware upgrades have been provided for the vast majority of wireless network interface cards ever shipped; 802.11 access points sold before 2003 generally needed to be replaced.
By increasing the size of the keys and IVs, reducing the number of packets sent with related keys, and adding a secure message verification system, WPA makes breaking into a Wireless LAN far more difficult. The Michael algorithm was the strongest that WPA designers could come up with that would still work with most older network cards; however it is subject to a packet forgery attack. To limit this risk, WPA networks shut down for 60 seconds whenever an attempted attack is detected.
[ link to this | view in chronology ]
Re: Re: Re: First one!
[ link to this | view in chronology ]
Re: Re: Re: First one!
The only true way to keep intruders out is MAC address filtering, and no encryption is ever strong enough.
look in more places wikipedia for info
[ link to this | view in chronology ]
Re: Re: Re: Re: First one!
[ link to this | view in chronology ]
good joke..
[ link to this | view in chronology ]
RE:
also thats lame how they 'fixed' the 'problem' in new york, i heard it was basically free wifi for TONS of people, all living so close together your more than likely in range of someone with an open wireless network ;)
there are 2 people nearby me with free open wireless (default 'linksys' ssids) which i use if mine every goes down for any reason, and i live in a fairly nicely spread out neighborhood so they are probably both just a door or two down from me or across the street or something..
[ link to this | view in chronology ]
Re: RE:
besides if your neighbors aren’t secured you have nothing to worry about.
[ link to this | view in chronology ]
Dear Stan
[ link to this | view in chronology ]
Re: Dear Stan
[ link to this | view in chronology ]
Re: Re: RE:
[ link to this | view in chronology ]
Re: Re: Re: RE:
[ link to this | view in chronology ]
Re: Re: Re: RE:
[ link to this | view in chronology ]
the government can't use the internet
Everyone should just give up on trying to filter the internet from kids, lets face it unless the parents work in IT their kids probably are better with computers then them and can easily hack past a two dolor filter.
[ link to this | view in chronology ]
Re: the government can't use the internet
[ link to this | view in chronology ]
Re: the government can't use the internet
Everyone should just give up on trying to filter the internet from kids, lets face it unless the parents work in IT their kids probably are better with computers then them and can easily hack past a two dolor filter."
And you are about as illiterate as my 3 year old daughter. Talk about the pot and the kettle. Learn to spell prior to posting.
[ link to this | view in chronology ]
Re: Re: the government can't use the internet
[ link to this | view in chronology ]
Re: Re: the government can't use the internet
/
/ and you shouldn't make fun of my dyslexia it's really hurtful
[ link to this | view in chronology ]
good joke..
[ link to this | view in chronology ]
[ link to this | view in chronology ]
$2 Filters
Point: Not all filters are junk.
[ link to this | view in chronology ]
comment 20, from "A Kid who DOES work in IT", no filter is impossible to hack. For that situation, you could easily get backup copies of dll's either from the XP setup disk, downloaded to a floppy somewhere else, or simply snatched from another XP machine. And even disregarding that, most filters suck and will have holes that you can get through, usually with secure proxies and stuff. There's always some way.
And all filters ARE junk, either from being shitty at filtering the correct things, or from being insecure. Most are both.
[ link to this | view in chronology ]
You are wrong. You should look into TLS, TTLS, and PAP authentication methods. You need to learn more about server generated security certificates too. There are ways to connect to an encrypted network without anyone being able to intercept your password. In fact, I'd say passwords are rather weak compared to say -- a 256 bit security certificate.
And yes, WPA is better than WEP. WPA was made because WEP is so easy to hack. Of course, to be hacked, the hacker has to know what they are doing...and most people are too stupid to get airsnort or some other WEP cracker installed and working under Linux.
[ link to this | view in chronology ]
Does anyone know anything?
[ link to this | view in chronology ]
Does anyone know anything continued?
If you are just going to make something up then don't post it, nobody wants to read your opinion that you pass off as fact.
And further more, 128-bit encryption cracked in 3 minutes? Please tell me how that is done. I have a degree in computer science and i've studied crytography and if you could give me the algorithm that you must have created, that would help with my thesis.
Another great one, intercepting the key? Are you serious? Do you have a full understanding of how the encryption method you are talking about works? Go read about it, then make an intelligent post. Wouldn't it be a funny world if when i wanted to encrypt something all someone would have to do is intercept the key I send and bam they can decode all the data I transmit.
[ link to this | view in chronology ]
Needs to Be EASY for Consumers
What has the best chance to work for the mass market average user is something with a single button that says lock or unlock. It has to be that simple. It has to work with all devices in the network, including legacy ones. Importantly, it has to be simple enough to keep casual users of bandwidth & connections (who do so by mistake by the way thanks to Windows) off of someones network.
Solutions that start with the end user promise of simple & easy will win out every time over something that is so secure that the average person can't even use it.
[ link to this | view in chronology ]
Re: Needs to Be EASY for Consumers
Frankly, I have both set up wireless networks for people as well as having led them through the process over the telephone and it is one of the most simple systems that we have today. Connecting to the router in Windows is more difficult than actually setting up the router for MAC filtering(opinion).
The main issue is that we are not capable of making one button that is "locked" or "unlocked" and still having full legacy capacity and not making our security standards into something even my computer-illiterate mother would be capable of breaking (slight overstatement). The point, however, remains that attempting to make a reverse compatible encryption system that is "one click" is a fantasy. If you feel that I am in error in this, try writing one, or even thinking about the feasibility (or not) of it.
I understand the argument of things being hard to use, however, having the router generate a string of numbers that it tells you to write down and then tells you how to put into your xp machine is hardly rocket science. Possibly your router doesn't have features like this and I'd love to give you the benefit of the doubt in this case, however, it seems a bit more research into the topic before spouting off on impossibly simplistic methods without creating any sort of support for your argument seems at best far-fetched.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
WPA is more secure than WEP, and WEP has security issues. there are script kiddie tools to easily get into a WEP network.. but its really not something im that worried about
[ link to this | view in chronology ]