From owner-freebsd-chat@FreeBSD.ORG Tue Aug 12 16:23:53 2003 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA5E637B401 for ; Tue, 12 Aug 2003 16:23:53 -0700 (PDT) Received: from mta1.adelphia.net (mta1.mail.adelphia.net [64.8.50.175]) by mx1.FreeBSD.org (Postfix) with ESMTP id D9BC743FBD for ; Tue, 12 Aug 2003 16:23:52 -0700 (PDT) (envelope-from wmoran@potentialtech.com) Received: from potentialtech.com ([24.53.179.151]) by mta1.adelphia.net (InterMail vM.5.01.05.32 201-253-122-126-132-20030307) with ESMTP id <20030812232357.GZYR1347.mta1.adelphia.net@potentialtech.com>; Tue, 12 Aug 2003 19:23:57 -0400 Message-ID: <3F397708.7050803@potentialtech.com> Date: Tue, 12 Aug 2003 19:23:52 -0400 From: Bill Moran User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3) Gecko/20030429 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Lowell Gilbert References: <3F37D493.9050604@potentialtech.com> <44lltyij8s.fsf@be-well.ilk.org> In-Reply-To: <44lltyij8s.fsf@be-well.ilk.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: chat@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:09.signal X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Aug 2003 23:23:53 -0000 Lowell Gilbert wrote: > Bill Moran writes: > >>Robert Watson wrote: >> >>>On Mon, 11 Aug 2003, Bill Moran wrote: >>> >>>>You encorage me, Rob. Your story tells me that the "law of >>>>percentages" is in my favor. It's >>>>the same theory that has sold so many car "club"s. If I set up the >>>>wireless networks I install with any measure of security >>>>whatsoever, it's unlikely that they'll get attacked/cracked simply >>>>because there are so many other easy targets. >>> >>>Fear the world in which WEP is considered a effective deterrant :-). >> >>Fear then. For that is currently the world we live in! > > WEP is sufficiently insecure that if and when I get around to using > wireless at home, I'll need to firewall the wireless net heavily in > any case. I may just leave it without WEP for the convenience of > occasional visitors (as long as I don't notice strangers hopping onto > it much). It's a trade-off ... like most security situations. I currently know of no situations that are secured to my liking. The ridiculous rules I try to enforce always seem to go over the convenience threshold and get shot down. That's OK. I get paid to fix things after they're cracked. And if "I told them so", then I don't bother to feel bad about it. However, the number of users I know whose password is "password" is unnerving, to say the least. And ... as far as I'm concerned, WEP is _completly_ insecure, and totally worthless. -- Bill Moran Potential Technologies http://www.potentialtech.com