[MLB-WIRELESS] RMIT City Campus Wireless Trials
Craig Sanders
cas at taz.net.au
Thu Dec 11 08:52:35 EST 2003
On Wed, Dec 10, 2003 at 02:58:51PM +1100, Gabrielle Harrison & Paul van den Bergen wrote:
> Swinburnes (Hawthorn) access is not encrypted... and they have no
> hassles... :-) because they use a secure network regime [1] for their
> whole network that requires all users to authenticate prior to having
> access. Just like anyone running any corporate network should do.
i hope the authentication process is securely encrypted. unencrypted (or
weakly encrypted) login means that anyone with a wireless sniffer (i.e. anyone
with a laptop and a wireless card and some free software) can easily gather
dozens or hundreds of passwords in an hour.
even if there's some reverse-engineering of the login protocol required, an
attacker can just capture the packets in real-time, then take it home and
analyse the protocol at their leisure. at worst, a few hours or possibly even
a few days work.
craig
To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message
More information about the Melbwireless
mailing list