Security's Everyman

Security's Everyman

Thursday, April 05, 2007

I'm confused

What is the big deal about WEP being even easier to crack? It has been cracked since 2001 and we've know that it isn't secure. When it first was cracked it was still a very involved process that took lots of time to accomplish. For many it wasn't worth it. The as it got faster and easier it became a bigger problem and most corporations began to move away from it to WPA and WPA2.

Now that some German researchers have found a way to crack it in under a minute the whole world seems to be in a panic. Technology news sites are reporting this like it's a breaking story that is earth shattering news. Bloggers are talking about it like it's something we've never seen. Maybe I'm way off base, but I think we are wasting our time talking about it and even researching it.

What I think we need to focus on in not how to crack what is already broken but how can we protect what is using it. I'd love to see WEP go away but it won't happen anytime soon. There are too many implementations in small companies and by legacy and low processing power devices. It's here for a while and we need to figure out how to make it work in as safe a manner as possible.

Now, I'm not a wireless security expert and I may be off base here, but I like to keep things positive. We have to look at the negative so we can see what is wrong, but then we have to look at how to fix it. Look for the positive and move in that direction. Network World has an example of what I'm talking about. This article about a WEP cloaking technology is what we need to be focusing on. I have no idea if this will really work or not, but it's a step in the right direction.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.