cute fuzzy bunny
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Oh dear, this is starting to sound like one of those conversations I have with someone who thinks their brand of operating system is virus proof.
WEP and WPA have both been broken. WPA takes longer. WPA2 is one I havent heard about being broken. Yet.
SSL v1/v2 were both broken some time ago. SSLv3 can be subverted or broken in roughly 80% of implemented instances due to misconfiguration of equipment, known plaintexts, replay attacks, and key exchange rollbacks and the remaining can be broken with sufficient brute force over sufficient time, particularly with availability of unencrypted versions of the content.
Whether its a brute force break or a bunch of misconfigured gear, the net result is pretty much the same.
Winding this all back to where it started before we wander too far askew, I doubt Khans neighbor looking for free internet service has the technical acumen to effectively protect him or herself while executing any sensitive or financial transactions utilizing an unknown access point thats been left open for use. And I doubt that most of the people reading this stuff would either, especially in relation to latching onto some anonymous open AP and using it as their default internet connection.
Which is why I recommend not using public or anonymous clients or access points to access any important information. And using a minimum of WPA on your local wireless network. WEP is less than worthless.
A fair number of products exist that will identify local AP's, kick out their WEP keys in moments, and some even create handy geographic maps of the information for someone walking/driving around with a laptop.
WEP and WPA have both been broken. WPA takes longer. WPA2 is one I havent heard about being broken. Yet.
SSL v1/v2 were both broken some time ago. SSLv3 can be subverted or broken in roughly 80% of implemented instances due to misconfiguration of equipment, known plaintexts, replay attacks, and key exchange rollbacks and the remaining can be broken with sufficient brute force over sufficient time, particularly with availability of unencrypted versions of the content.
Whether its a brute force break or a bunch of misconfigured gear, the net result is pretty much the same.
Winding this all back to where it started before we wander too far askew, I doubt Khans neighbor looking for free internet service has the technical acumen to effectively protect him or herself while executing any sensitive or financial transactions utilizing an unknown access point thats been left open for use. And I doubt that most of the people reading this stuff would either, especially in relation to latching onto some anonymous open AP and using it as their default internet connection.
Which is why I recommend not using public or anonymous clients or access points to access any important information. And using a minimum of WPA on your local wireless network. WEP is less than worthless.
A fair number of products exist that will identify local AP's, kick out their WEP keys in moments, and some even create handy geographic maps of the information for someone walking/driving around with a laptop.
