WEP security flaw update.
Several papers were published last week detailing how to attack 802.11b security. I email'd ISIL tech support for a response and this is their reply:
Suggested Solution
---------------------------------------------------------------
At 08/13/2001 09:03 AM we wrote - We are preparing a firmware patch which will filter out the weak keys (initialization vectors) identifed in this paper. That is the short term solution. We are still investigating longer term solutions. The issue with longer term solutions is that they all appear to have interoperability implications and as such we are trying not to do things completely on our own and are working with other vendors. The firmware patch will address the weakness identified and a new firmware build should be available in 30-60 days.
**********************************************
Also, extracting from the article:
Representatives from the Wireless Ethernet Compatibility Alliance (WECA), a promotional body for WLAN advocates, align with Bellovin's point of view. "We perceive this as serious and different from the previous attacks, and we're not going to say 'Don't worry about it,' " said Phil Belanger, past chairman and current marketing director of WECA. "However, we've always said that if privacy is a concern, you need to be using end-to-end security mechanisms, like virtual private networks [VPNs, based on IPsec], along with the WLAN. Even if WEP wasn't compromised, you ought to be doing that."
"The good thing is that Wi-Fi integrates very well with these and other technologies; VPN, Radius [a network authentication scheme] or whatever the enterprise wants to use," said WECA chairman David Cohen. |
