John Bartley K7AAY telcom admin, Portland OR wrote:
>>> I too-strongly opined:
>>>> Roy, you're full of it.
>>Laurent Bugnion replied:
>>> Is that really needed?
> Laurent is correct. I apologize for the strong language. However:
Apology accepted. *smile*
> WEP is only token security, as these three Slashdot headlined articles
Since you like citing Slashdot, have you read the latest related story?
(Injecting Audio Into Insecure Bluetooth Handsets)
>>Your typical hacker or 'script kiddie' would probably not hang around the
>>OP's office or cluster anyway, so it's fairly safe.
> Not required with a directional high-gain antenna, such as these
> inexpensive models:
Yes, but would anybody wish to go /that/ far? And for what purpose? Spying
amongst competitors is the only case I can think of.
>>I think the worry in many people's mind is that a nearby co-worker would
>>pick up the wrong packets and interpret them properly, in particular if
>>the same PDA gets distributed among the staff.
> Doesn't require using the same kind of hardware. Packets are packets, and
> any hardware that can sniff will reveal data.
Yes, of course. I was talking about the illusion -- the perception in the
user's mind. One would be more inclined that if the device looks identical,
it behaves identically and also receives the same traffic.
That would also be the case with cheaper or older device like remote
controlled cars where identical circuits are mass-produced. In our
University network, some students have the same MAC address. Far east
manufacturers assume the merchandise will not reach the same subnets, or
perhaps they do not care. In principal, shops do not stock diverse types of
hardware, especially if it is cheap.
>>>> Palm does not have WPA encryption, which *would* protect the user.
>>> Actually, the LifeDrive supports WPA encryption as well as WEP.
> But, the TKIP crypto of WPA is weak.. and Palm doesn't have WPA2 which
> uses the
> stronger AES. With WPA and PSK, make darned sure to use a long and
> difficult passphrase.
...if the data is at all sensitive in the first place.
Roy S. Schestowitz