[MLB-WIRELESS] RMIT City Campus Wireless Trials

Craig Sanders cas at taz.net.au
Thu Dec 11 08:52:35 EST 2003


On Wed, Dec 10, 2003 at 02:58:51PM +1100, Gabrielle Harrison & Paul van den Bergen wrote:
> Swinburnes (Hawthorn) access is not encrypted... and they have no 
> hassles... :-)  because they use a secure network regime [1] for their 
> whole network that requires all users to authenticate prior to having 
> access.  Just like anyone running any corporate network should do.

i hope the authentication process is securely encrypted.  unencrypted (or
weakly encrypted) login means that anyone with a wireless sniffer (i.e.  anyone
with a laptop and a wireless card and some free software) can easily gather
dozens or hundreds of passwords in an hour.

even if there's some reverse-engineering of the login protocol required, an
attacker can just capture the packets in real-time, then take it home and
analyse the protocol at their leisure.  at worst, a few hours or possibly even
a few days work.

craig

To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



More information about the Melbwireless mailing list