On Mon, 21 Nov 2005, Niels Bakker wrote:
* steve@telecomplete.co.uk (Stephen J. Wilcox) [Mon 21 Nov 2005, 16:07 CET]:
heres some fun, next time you're at nanog or your favourite geek conference, just run 'tcpdump -w - -s1500 -nn|strings|grep -i password' and be prepared to hit scroll lock ;)
I've visited conferences where the wireless LAN was deemed "secure" by the organisation because they had outlawed sniffers.
yes, there are stupid people everywhere... Perhaps asking the question in another way is in order: "Given a large and widely available wireless network solution for 'consumers', how would you propose to raise the 'security' for users of that network?' Would you force WEP? Would you force WPA/WPA-2? Would you force ipsec? Would you skip transport level encryption in favor of application level security? Would you do widespread and widescale education efforts for the users? -chris