the first thing anyone should do is change default passwords it's a no brainer the vendor during setup should give the option to change the defalut password but even then most home users would not even change it then

I keep trying to change my password but it keeps showing up as ******* also I can't find my ANY key. HELP!! I'm really really glad we have a "Symantec researcher" telling us about this or we would be SO SCREWED!!

dougau - Call your routers help line , They can reset the passwords..... :=)

I keep trying to change my password but it keeps showing up as ******* also I can't find my ANY key. HELP!! I'm really really glad we have a "Symantec researcher" telling us about this or we would be SO SCREWED!!

I have also tried talking into my mouse like in that Star Trek movie but like I can't get that to work either. Any ideas? Maybe that "Symantec researcher" knows?

99.99999 percent of home users with wireless routers don't even know what BetaNews is. They don't read the same blogs, web sites, listen to podcasts, etc. They're not techies. Techies already know this stuff. We're preaching to the choir here. The people this most relates to play solitaire, surf EBay, maybe Google and forward stupid chain-letter jokes to their grandchildren and every relative they can think of. Until this is played out in the mainstream media (network news) they will never know of it. Even when ABC news makes it frontpage news, the average user will call their friend/cousin/nephew/whatever and ask "Do I have a router? What do they look like?"

"99.99999 percent of home users with wireless routers don't even know what BetaNews is. They don't read the same blogs, web sites, listen to podcasts, etc"

Can I get some stats from you for an assignment I am doing? I'm sure they are all correct :D

kidding!

"They're not techies. Techies already know this stuff. We're preaching to the choir here. "

Read the rest of the thread! If only that were true!

And if you dare to make reference to a technology, make darn sure you use the marketing moniker known to the lowest common denominator by those "home users with wireless routers don't even know what BetaNews is." And make darn sure you do not use a proper industry term!!!

This site is like discussing directions from the Scarecrow in the Wizard of Oz!

(somewhat) agreed, but BN threads aren't the end-all cross-section of the tech world. I still maintain that more non-tech users have a router in their homes than tech users. By that I mean "tech" as people that work with/around/on computers as part of their regular job/career. Not necessarily IT or appdev people. I know doctors and lawyers that are techies (not enough though). Noun issues aside, until the "general public" is clued in they won't bother. Unless vendors build it in, it won't happen.

The bottom line is that if someone wants in bad enough they will get in. But we can do things to make it at least a bit harder so that mabey they'll hack someone else instead.

Turn on what ever encryption your router offers, change the passwords often, don't broadcast SSID, and enable MAC filtering.

Will all this guarantee my wifi wont get hacked? No.

If you want a guarantee turn off the PC and give it away.. now I guarantee you won't.

I changed mine to "password".......oh crap

Vendors have made huge improvements to the out-of-box configuration features of home-oriented routers. Still, I've yet to see one that specifically prompts the user (during initial setup) to disable SSID broadcast, or change the admin password, or query for client MAC addresses to build a filter list, etc. You have to go back and do this afterwards. Most "home" type users are scared to death of doing that. They view a router like an iPod: Plug it in and surf the net. Don't bother with all that messy stuff. That's for geeks. It's never going to change unless the vendors take control and force it.

DUH!

People wondering if AV company's are creating flaws to sell AV and all in one protection suite software may well see this as symantec creating there own market for software protection. Router protection bundled into there software to do it all for you becoming a reality maybe ?

Like most have said ... anyone leaving it default deserves all they get, but I guess there are many who dont get it setup first time, and while they may set it up secure initially, im sure the factory reset gets hit a few times until they crack it ... and im sure once the home page comes up, the old "Dont touch it ..." syndrome kicks in.

Here's a thought. Instead of playing with broken and fundamentally flawed WEP/WPA technologies, why not move up to 802.11i-AES that was approved in the spring of 2004.

What is really amazing is that all of the extremely astute erudite techno-geniuses on this site don't even seem to know this wireless standard exists!

Yeah...You guys worry about setting up WEP or WPA. And...? So what!
WPA takes at least 10 minutes longer than WEP for public domain tools to not only crack, but for them to also hand you the usernames and passwords.
Hell, you folks complain about moms and other techno-phobs not changing default passwords when my mom could use these tools to hack it! Duh!

But then we could go even further and say that the reasons far too many use wireless instead of a much more secure wired connection in the home are a bit specious at best anyway. And for that matter, one wonders why so many even bother to subscribe to DSL or cable when it is so easy to hop on a neighbors connection. Don't believe me, try it.

And on top of everything else, I suspect the majority of the folks decrying the fact that the proverbial 'they' haven't fixed the problem allowing others to hack their network are the same ones b!tching about DRM and the fact that they can't easily steal others' material!

So in that sense, I guess its just what they call "poetic justice".

"all of the extremely astute erudite techno-geniuses on this site"

Geez. A little high-and-mighty view of yourself, ay? All of us dumba$$es will need to call you for advice. What's your phone number?

Hey, I was informed a few threads ago that you geniuses knew nothing about the business of IT as you were all technoids.

Evidently you folks not only don't know about the business of IT, but you aren't even familiar with the current state of wireless protocols!

I would provide you with a phone number, but I doubt you wirelessly-challenged techno-weenies could figure out how to punch the little buttons.

And 802.11i-AES is NOT a wireless 'channel' like a/b/g! Look it up!

ROFLMAO!!!!

And when the topic is the new features in Vista, I guess we can count on you to enlighten us with the new features in Win95. LOL!!!

Yep, these are certainly technoids!

Oh dear lord...

He can say "802.11i-AES" instead of WPA2.

You sound amazingly like the stupid prick I worked with back When Zeos was still around. Couldn't be bothered with the standard terminology, he had to prove he was better than everyone else by saying, "Basic Input Output System" or "Copper Metal-Oxide Semiconductor" instead of BIOS and CMOS.

Nice to know childhood word games still entertain you. The rest of us have better things to do.

lol... i know what u mean man, i deal with those types often.. and find myself fantasizing about sticking knives in their necks. Yes their still out there, they dont die they multiply!

One is the protocol, the other a marketing gimmick for 'technoids' like you who don't have a clue what the hell they are talking about!

And if you work in the industry, I guess that you have no clue what 802.16 is either. I guess you need to have someone explain it to you in terms trendy marketing moniker they have assigned it for marketing purposes as well?

But deal with it Mr IT, 802,11i-AES is the protocol, WPA2 is a moniker created by the marketing association. Well, we certainly know where you live now.

Word games? Really? Considering the different configurations possible, and the fact that only several of the possibilities are sufficient for a secure environment, those childish word games assume a critical importance. But anyone who actually works with that KNOWS that! And its OBVIOUS that you haven't a clue.

Got any more info off the back of cereal boxes or PC Magazine?

The fact is that you are proof that thy are neither! Just a bunch of gamer wannabes spouting emotional baggage over DRM and MP3s.

And you were the one lamenting that folks here don't know the business aspects of IT as they were so immersed in the technology.

Consultant my @ss! For who? The Gap? BestBuys Geek Squad?

You have already admitted to being clueless about the business aspects of IT.

So Yeah, tell us more about 'teknologeee' Mr Wizard!

Maybe you should stick to what you might know, playing computer games.

ROFLMAO

"Consultant my @ss! For who? The Gap?"

Look, the fact is, a lot of us work for people who look at us like we are from outer space if we start throwing techie terms out to them, so we have adapted to using some terminology that is at least easier for them to grasp. Most people in this world don't have the time to sit around thinking about things like 802.11XXXX.XX.XX-XX, they just want crap to work and expect us to make it work. So we adapt, so that we can communicate better, and then just get things working so we don't have to listen to their crying. What's so bad about that?

Most folks if they actually work with and are familiar with what they are talking about don't have to think up strange acronyms!

THEY KNOW THEM INTIMATELY BECAUSE THEY EMPLOY THEM!

Those that don't deal with them don't know them!

I can just see a doctor saying, gee whiz, you confuse me with all of them kompleekated names, why not just say the shin bone or that head thing?

Communicate better?

What? You need ebonics or IM speak?

The fact is that you don't know what the protocols are, you don't employ them or you would know the applicable aspects of them, and you wouldn't be complaining that the proper names for these standards are so kompleekated for your little cereal box Best Buy minds.

Yes, and you must be erudite, because I was told this site is filled with advanced technoids who only worry about technology and not business applications, and you are worried on such a site that other technoids will look at you like you are from Mars? But I was told that you are all advanced technoids? And yet you cannot understand the proper terms, only the marketing association trademarks aimed at the lay market? Hahaha!

Its one thing to "adapt" terms while understanding the underlying basics and complexity.

Its another thing to not have a clue what the fundamental technology and the proper name for things are.

And you folks have demonstrated that you have NO clue as to the underlying technology! And you certainly don't know the real names of that which you claim the need to refer to in 'simple' terms. The only need, as has been demonstrated here to refer to things in simple marketing terms is that you and other so called technoids here haven't a clue as to what your simple terms refer!

Nice to know that YOU are all the idiots who don't know to what the protocols refer, and YOU are among those who YOU say look at those who do like they are from outer space!

Yep, "they just want crap to work and expect us to make it work. So we adapt, so that we can communicate better, and then just get things working so we don't have to listen to their crying. What's so bad about that?"

What's wrong?? The problem is that YOU are the ones crying who don't know to what the protocol refers, nor to its various aspects! And YOU are the ones crying as YOU don't have a clue as to the technology you claim to be so intimate, but which those common people don't understand, as you have assumed the role of the technophobes who don't have a clue as to what you are referring!

"Communicat(ing) better"? ROFLMAO! Hell, you claim to be a technoid and you haven't a clue - and all you do is assume the role of those idiots who whine and cry as they can't keep up with that kompleekated technology!

You are a parody of the very people you claim don't understand technology!

And its very evident that you are not only not engineers, but you are very poor and very ignorant techs.

So please, we are all waiting for you next tidbit of info about wireless technology! And tell us more about an topic that was of interest 4 years ago! Changing default passwords? DUH! If you are only worried about changing default passwords in routers, I would love to do PEN testing of your environment. But I guess no one really cares about security audits of 2 machine gaming networks.

Bottomline, whine all you like. You don't know what you are talking about.

seriously, you assume we don't know anything, just because we don't go bragging about it doesn't mean we don't. But if all this makes you feel intellectually superior, whatever helps you sleep at night man.

Hahahaha!
Go back and look at who responded to a reference to the actual protocol that is 802.11i-AES with 'it would be too complicated to to employ that standard. We use WPA with AES encryption'

And now who hasn't a clue what they are using!

Yep, he REALLY knew all along!
He, and everyone else who was so confused when I refered to the actual protocol instead of a trade name moniker don't know what you are talking about.

So tell us more about the current state of wireless! But now I understand why so many are complaining about the state of wireless as it existed 3+ years ago!!! Yeah, tell us all about WEP!

And while you are at it, tell us how they are going to start requiring radios to include BOTH AM AND FM on them!

Nobody bragged about it genious! I simply used the proper technical name and no one here knew what it was. And it was YOU geniuses who proved it by persisting in debating against it! And after I pointed out what it was, you object to the proper name - just like all those common folks you complain about! And All because of Your ignorance.

I simply made the grand mistake of assuming that such edumacated technoids knew about that which they spoke! I was wrong! You haven't a clue!

I didn't brag! I simply used the proper term of which you were ignorant!

Your ignorance doesn't make me stupid! But you have done a fine job demonstrating that all by Yourself! Take a bow!

Just think...after a few courses, you folks might be qualified to misinform potential buyers at Best Buy.

i applaud you for using proper technical names.

Here's a glucose saturated circle of calories for you to process through oral and gastrointestinal functions.

Seriously, you should be so happy, you are smarter then all of us, you're probably better looking and have way more money. If i was you, I mean why not brag, if you got it flaunt it.

Its one thing to debate which term you prefer.
Its another thing not to understand the meaning of either as you demonstrated!

Congrats! ROFLMAO!
Yep, and you were the one who said this site only had technoids who didn't understand the business side of IT. You gave yourself far too much credit.

Gee, I feel guilty that I understand to what you refer and only find it an awkward manner of expression.

I am not running amuck saying it is wrong and that I need a donut like the geniuses on this site did!

But what I said actually qualified what implementation of the standard was intended (as you can also configure 802.11i without AES encryption) - unlike your verbose description which did Not provide any useful information as to what type of donut was offered.

What I said could be implemented precisely as stated. Yours cannot. We still have to ask for qualification.

Sometimes words mean things.

Nice try. ;-)

And all of this just to avoid admitting that you were not familiar with the protocol's name.

If anyone had understood what they claim to know, they could have just said, yeah, while I forgot the formal name, that version and implementation of the protocol is considered secure and a solution to both WEP and WPAs security failings.

But all that would assume that one actually knows what they are talking about. I guess that we are past that!! Or I guess many have not gotten that far.

Yes but mine can be implemented without any costly gastrointestinal upgrade whether it is a dohnut or a cookie, yours cannot in many of our cases, and i think that's the overall point your missing.

Yes but you're assuming, just cause a couple of people don't know, that everyone who posts here doesn't know the difference. I know the difference between WEP and WPA and WPA2, 802.11a 802.11b (and i and n and so on) and so fourth. Others here i am sure do, but you just paint everyone with such a broad brush here on betanews, that it makes you come off as, you know, holier then thou. Ok maybe a couple of people don't know what their talking about but just cause no one wants to play the "prove i know it to you" game you just assume we don't know anything. That's a bit unwise don't you think?

I'll tell you what gets old here!
When I attempted to discuss the business and financial aspect of strategic planning in the enterprise IT market space, I got lectured by Tool that this is a site of, by and for technoids, and that it was not one for discussing the business as aspects of IT.

And when Tool demonstrates that he has no clue as to what I am speaking when I address the technical aspects, and he instead complains that I speak to the knowledgeable technical crowd and not to those who are ignorant of such topics.

So I replied to HIM and his previous assertions! And then more of you very 'astute'(sic), albeit clueless, folks piled on!

Well, geniuses on this site have now made the case that this site is neither for the business aspects of IT, and nor is it for the technical aspects of this site, and the net result is that the lot of you have demonstrated that the average user of this site is neither adept at the business aspects nor aware of the technical aspects of this site.

And the irony is that I have previously assumed that there were folks knowledgeable about both! ONLY to have lots of ignorant folks show up to complain in both areas.

So if you are So smart, the reference to the specific protocol that addresses all of the security issues of WEP and WPA and of an incomplete implementation of 802.11i (which is a SECURITY and authentication protocol, NOT a channel as so many seem to interpret it in their repeated references to 802.11n!!!) shouldn't have phased you at all! And if you were familiar with the protocol as you now claim, qualifying the standard by adding that it be implemented utilizing AES encryption should have been met with agreement - assuming your contention that one or two people here indeed knew what it was!

And if there are those here so adept in the business aspects of IT, references to those aspects shouldn't have bothered you!

But the fact is that you don't complain about the idiots who misinterpret those issues and don't know what they are talking about! Oh no! You complain if someone instead opts to use the proper term that a person familiar with the technology would know!

If you're so knowledgeable, go b!tch to those like Tool who haven't a clue and who misinterpret accurate statements and who denigrate those who do know instead of finding out WTF they are talking about!

But perhaps that comes too dangerously close to making sense!

My initial statements were correct! If you or someone else aren't familiar with them they can either ask for an explanation, clarification. or they can look them up!

I simply made a correct statement that rendered what is literally a 4-6 year old debate over old technology moot. And that fact was not in any way addressed, nor was the more current and secure option addressed in ANY manner.

But if you or anyone else instead chooses to bash me for using the proper reference in a correct manner, you ARE indeed an idiot. "Don't you think?"

So .... does this mean were all agreed admin:admin is a bad idea :P

yep i think that's one thing we can all agree on, at least here on BN

Ok well, just some misunderstandings, no big deal.

Lets not argue, and just be thankful we are more secure then 90% of home users :) And hopefully try to get more of them secure too. Well that's a part of my job anyway. Someone's gotta do it :/

snob

I believe I said they knew about them, and simply chose not to discus them here. Apparently, you can't read, or have simply chosen to rewrite history.

Good for you.

Yes, we all know you are a techno-business God.

*shakes head*

Tell yourself whatever you need to in order to make it through the day, man.

Actually what gets old here is people that pontificate so damned much that they loose the battle becuse they would rather be elitist than teach those that perhaps dont know. If your were not so worried about being better than others perhaps you would have a better chance of elivating the people you decry to a level that they maybe you would be more acceptable to you... I've never heard that this site is ful of Technoids... Some here are, many are not, but most don't claim to be god like either. If you are not happy with the claiber or persons here.. Go elsewhere... PLEASE.

I don't need to read your Article on how stupid everyone is except you to know that you have emotional bagage. Get a therapist. You are definately IT. all technical jargon and no common sense. Employing protocols does not mean you are an A$$ hole but we get the point. You do, and you are.

"I've never heard that this site is full of Technoids..."

Then Your ignorance makes you very qualified to comment!

Here is a portion of what the person to whom I was originally commenting (PC Drool) who jumped up and down and then demonstrated that he did not know what the technology was that I and he were talking about BEFORE those of you who did NOT know to what I was referring jumped in with YOUR bruised egos!

================

"While I think we all realize, at least to some degree, the economic play between the two, this is *not* forbes-online. this is a beta site, visted not by business/econ majors, but technophiles.

Sure, some of us may have *taken* some business/econ, but when it comes down to it, when we visit Betanews, we're a bunch of kids looking for the scoop on the latest toys.

…this is a tech forum. Not a business forum. We like to talk abotu the gadgetry and technological aspects of the newest tech here.

If we want to talk about the business aspects, we'll, rightly, take it elsewhere.

… that this is not the place where most of us would consider discussing the applied business aspects of technology.

by PC Drool
============

Oh! Gee whiz, I didn't know to what he was referring, but that doesn't stop me from bashing him for actually using the proper name for a given technology!

Oh, so he wasn't making it up!
DUH!

But not one of you folks have reacted to his claim that you are all "a bunch of kids looking for the scoop on the latest toys."

Rather fascinating isn't it?

And my response was a sarcastic reaction to this particular response which said that responding to the business of IT was inappropriate on this site, despite most of the articles posted being about market developments and strategic planning of various companies.

So I responded to him in a manner assuming what he said: that this site is filled with "technophiles". Yep, and then he proved that he did not know what the various competing generations of wireless protocols are. Nor that the article refers to older, fundamentally insecure technologies that are easily corrected for, even as he further demonstrated his ignorance of that which he claimed knowledge as he incorrectly maintained that the new generation of wireless is "too expensive".

But WHY bother to actually follow the debate when you have your panties in a wad as you feel insulted.

After all, You never heard that this site was full of technoids! Indeed! Bragging about your ignorance makes you even More enlightened!

Hahaha! And as far as someone that "would rather be elitist than teach..."

ROFLMAO! If there was a conversation or if ANYONE had said, "could you explain or elaborate on that aspect a bit more as I am not familiar with it", there might be an opportunity!

Instead, this site full of folks, many of whom know little more about the technology except what they read in PC Magazine, would rather complain that someone used the proper term most frequently employed in the industry segment in which I actually work.

Here's a bit of news! For some, IT isn't just something we talk about in some high school cafeteria. Some are actually involved on a level greater than on the PC level.

So if you don't know something, or are unaware of the reference, maybe it Might make more sense to ask to what it refers in the future. You just Might learn something.

But you can scan to your hearts content and never find anyone asking for more info or for an explanation on this site!

So the point about someone asking for more information or clarification is fascinating, but it is also, unfortunately, a fantasy.

I know that your sole purpose here is simply to make Dumb @ss comments and to denigrate others as you demonstrate your utter lack of technical understanding, just as you did above!

And we cited your infamous quotes below for others who don't remember another of your objections to various topics.

Go ahead and make what I said sound like an insult. I have no problem with that. Anyone who knows me, and quite a few folks do, knows that was not how it was intended.

You took offense, which is fine. I don't mind offending you. Or anyone else for that matter.

I just want you to know that you're wasting your time. You do know that, right?

While you're wasting all this time trying to make me look like some idiot, what you're really doing is coming off like a complete and total ponce.

Like I said when you started this rant; Get off your high-horse. Every post you made since I tried to pry you off your soap-box has only made you look more and more like an arrogant techno-snob.

Very clever on the PC Drool bit, btw. Shows your level of maturity dropping the more you rant. I suppose for your next trick you'll call me a doo-doo head and run off giggling like a school-girl?

I denigrate others?

And your condescending, arrogant foolishness here doesn't?

Blinded by your own arrogance. Nice.

As to my infamous quote....

If it's so infamous, why are you the only one b****ing about it?

Oh yeah, you were on a rant and you only heard what you wanted to hear.

Regardless, you seem to have fixated on it. No-one cares. Really. Get over it.

I stand by my last comment... Go elsewhere PLEASE!

Why do you feel the need prove that you are erudite? You seem ill suited for any discourse with people. Your style speaks of nothing but simple bullying tactics. It's pretty common from many Techies that have had to work with people of lesser degrees of training or innate abilities. Your disgust and anger toward people in general show in every word you utter.

When I said that I had not heard the the site was suppose to be full of Technoids, could you not understand teh sarcasm?

As for ignorance... Well, I'll admit to some. Eveyone has some as you have shown. You maybe well versed in Tech, but you have your ignorance in how to handle people to contend with.

Wow - where did that comment come from? Totally left-field. You really need to calm down. This is a discussion forum. That's all. It's not a performance evaluation system. If your employer watches your threads to judge your worth, I feel for you man.

This lengthy back-and-forth mudslinging is looking pretty dumb. The basis of this article was on a known vulnerability that was essentially created by the vendors not thinking ahead enough to plug the holes before handing their wares to unknowing consumers, and unconcerned techies (as you surmised). It still gets back to a flaw in the basic design: a standard password. Linksys, NetGear, Belkin, Dlink, etc. etc. could have easily built in a setup routine that stops and forces you to change the default password. But they didn't. That's pretty much it.

WEP, WPA, etc. etc. are only interim solutions. WPA2 will be cracked eventually (if not already), so new schemes will be invented and refined. We'll look back at this in 20 years and laugh. We live in ancient times.

LOL!!! Whatever you say Drool.

Anyone who knows you knows that you like to make smart @ss comments but when it comes to substance, you are an idiot.

Tell us again how implementing 802.11i-AES is too expensive! Heck, you even attempted to cite specifics as to why it is not feasible.

You argued against something that which you have no knowledge or understanding! Now that takes brains!

Why do I need to waste my time "trying to make (you) look like some idiot", all that is required is to sit back and let you open your mouth yet again! You do a superb job of acting the fool all by yourself!

Congrats! You exceed our expectations in that regard!

ROFLMAO!

I wish I gave a d@mn what you think.

You missed my sarcasm and hyperbole and yet you demand others respect and acknowledge yours?

Poor baby!

I have no interest nor intent to address you in any way other than with the same contempt you ignorantly offered your comments.

Some ignorance? You afford yourself far less credit than you deserve.

*shrug*

Whatever.

I'm not going to get into why we don't desperately need WPA2 here. It's just not necessary with our current configuration. I'm really not going to bother to explain it to you. You seem to think WPA2 is the be-all end all of security and that there is nothing one can do outside of WPA2 to secure a wireless network.

*shrug*

Think what you will. I really don't care that much.

you mean nobody cared enough to respond to your post on it?

the application of a wireless network sould be as a convinience, not something essential. every corperation or business i know that is worth their weight in tar can turn off their wireless network with little or no impact on productivity at any point.

from our side of things we use a cisco access controller and use the mac addresses of machines that are already on our domain for access, and the key changes for each machine every few minutes, so im really not worried about my network getting hacked. i doubt foxfyre could even touch our network with his ego. and its not like i couldn't turn our network off at only the cost of user convinience.

well its not bad for a universal reset, but make them change it after....

Wireless is definitely not essential here. Most users find using their laptops more of a hassle than their desktops.

The wireless network here is not directly connected to our corporate network. We're using secure VPN over wireless. We did it that way so we wouldn't have to worry too much about wireless access security. I suppose, when we begin the next cycle of hardware replacement, the laptops will likely come with WPA2 and we may be able to drop VPN, but then again, I don't even want to speculate on that now.

What we have works.

With your earlier posts you demonstrated that you don't understand 802.11i-AES (which is a particular configuration of 802.11i), and you maintained that it was too costly, and now you cite security.

The technology costs the same and it is more secure.

And currently it is the 'be-all and end-all" of wireless connectivity. But anyone who would posit ANY single point as sufficient, as you suggested, in an overall information assurance plan is truly clueless regarding network security.

And what determines the real value of the technology is the value of the resources and the liability they expose.

The means necessary to hack WEP and WPA are minimal and the task easily done. 802.11i-AES is not easily hacked.

Your installations are obviously not subject to SOX, HIPPA or ISO17799 guidelines.

Oh oh! More big names that will confuse you!

"Whatever" indeed. It must be frustrating to be a mere tech and not understand the planning and design that results in the utilization of technology and functionaries such as yourself.

But then, who would want to hack your system to gain access to your games. To you, security is simply turning off your big bad PC. To bad that doesn't work in a larger enterprise.

Yup, its simple in your environments.

Try just turning such a network off in a hospital where the doctors and staff employ tablet PCs for patient records and data access, and where HIPAA (and depending where it is located, SOX and possibly ISO17799) requires compliance and security audits.

Obviously you have not experienced such an audit nor are you familiar with the requirements of the standards.

But then some assume that security is fundamental to an installation and that wireless plays a fundamental functional role. And they have discovered that it is just as easy, actually easier and cheaper in the long run, to do it correctly instead of playing with band-aids and insignificant wireless networks that can be turned off on a whim after it has been hacked.

The technology costs the same and it is more secure.

Costs the same != free to replace existing. It's not a simple software upgrade. If I were building out a new infrastructure, sure, no problem.

Yup, its simple in your environments.


Sorry, I didn't realize we were discussing enviornments we *don't* work within.

Look, Our existing wireless network is used to access a network that is *not* part of our corporate network. VPN clients are used to build the tunnel to our corporate network. Neither the VPN clients, nor the clients used while connected to our corporate network will allow devices or connection made from outside the corporate network access.

We could leave our wireless network wide open and not have to worry about any security risks.

Why do we have it set up this way? Because when we implemented our wireless network, WPA2 was not available. Am I willing, and should I be, to upgrade our existing hardware (access points and laptops/wireless desktops) to move to a standard *we* don't need in our current setup?

As I said, when we hit our next hardware cycle, we'll think about it some more. Until then, it's pretty damned pointless. Almost as pointless as this entire thread.

Hikers who rub their bodies with raw meat *may* be at risk for bear attack.

sheesh.

Liar.

We all know the Bears haven't successfully attacked anyone in ages...

Maybe he meant to say mountain lions...?

Maybe he meant to say "Da Bears"...?

In other news, people who leave the keys in their car may be at risk for auto theft.

That would explain why my car keeps moving whenever I leave for more than a few minutes.

I knew something was up with that.

Not only do a lot of users not change the default passwords, they do not even set up their wireless router's WEP/WPA security.

I'll go much further than this!

Anyone still using WEP or WPA is asking to be hacked!

If you are running wireless and aren't using 802.11i-AES you are a fool!

So how many of you geniuses qualify? Why do I suspect its the majority of those here who fancy themselves 'in the know'!?

Because it would require a massive hardware upgrade?

We're using WPA-AES with a non-broadcasting SSID and we change the network key monthly.

We're good until we upgrade to "N", if we decide to do so. I have yet to see the need to make that specific decision yet.

I keep a close eye on the usage of our wireless network and to date there have been no incidents that would cause me to blink an eye regarding our current security.

A massive hardware upgrade? ROFLMAO!!!!!!

Oh yeah, your wireless card and router.

And you might want to do a bit more research!
802.11i-AES IS also commonly referred to as "WPA2".

Sound familiar? ;-)

It's a bit more than (a) wireless card and (a) router, genius.

WPA2 is not a capability our current hardware is capable of.

We have about 16 access points at our largest facility. Each of our systems has a wireless adapter. There are several hundred of them.

If you consider this cost to be a trifle, please feel free to donate. Otherwise, drop the "holier than thou" shtick you've been on. It's getting old.

You know, its obvious you don't work in Info Assurance nor with SOX, HIPAA, COSO, COBIT, or ISO17799 certification, policy and procedures or security audits.

Of course I am sure those acronyms and standards will confuse you as well.

The fact is, anyone who ACTUALLY works with them knows all of them, and 802.11i-AES VERY well!

Why? Because, properly configured, it is Finally considered sufficiently secure to satisfy the security requirements!

And tell me about cost. The cost of wireless cards and 16 routers is more expensive than a data breach? Right!!!! Haha! That may be true in Your Slurpee stand, but in a real business, data security and the potential cost of not only a breach but in data integrity and potential loss, not to mention strategic business concerns and the legal exposure and liability far outweigh the cost of a breach. Not to mention the problems associated with not passing a security audit.

But if you actually had ANYTHING to do with any of them you would already know this and would not be running around with your head up your @ss confused as to the 802.11i-AES standard - as there are several levels of implementation GENIUS!

And I guess if I mention a RADIUS authentication server that is simply a gimmick to you as well. And it would be to someone as clueless as you who obviously does not work with it!

Yeah, you are a VERY erudite consultant. Configure any printers lately????

Okay, you got me. I work at a 7-11.

You're obviously far more intelligent and technically astute than I.

Happy now? I hope I've sufficiently stroked your ego now so you can get off your high-horse.

We'll worry about our security and deal with it as we see fit. But feel free to go ahead and tell me how I am obviously not certified in any security and privacy / information handling standards. Really, it's quite amusing.

You have to remember that the "majority" of computer users are not as computer savvy as you people. They are your Grandma's, sisters, uncles, and non-computer industry folk. They see their computers as mysterious, even today. So get off your high perch and realize that most users only know how to turn on their computer and check the inbox.

Asking them to change their Router password is just more money for the retards at "Insert GeekSquad, CompUSA, Fry's, or any other retailer acting like they know what a Router actually does" -- the same people who probably just set-up the Router with the default settings in the first place.

You have to remember that the "majority" of computer users are not as computer savvy as you people.

Great!

But this article is posted to Betanews. Not well known as a hangout for the computer illiterati.

Note: "illiterati" is a new word I just made up because I made a typo and it looked cool, so I decided to run with it. Well, okay...I didn't like, print it out and go for a jog or anything, it's an expression. Like "Jumping jesus on a pogo stick". No-one actually thinks Jesus was jumping around on a pogo stick, so no-one should think I was actually running with that word. I mean, they didn't even *have* pogo sticks back in biblical times, though I'm sure, had he wanted one badly enough, and being a carpenter, he probably could have fashioned one. Perhaps he did. They say there is a hint of truth behind every expression, so perhaps someday, eons form now, we'll run across the "Pogo-Stick of Turin". Of course, we probably won't actually run across it. I mean, that would be sacrilegious. Running across a sacred artifact... I mean, who do you people think you are? You're heathens, that what you are. A raving artifact destroying, bunch of Heathens. What did that pogo stick ever do to you? Do you think that just because it was buried for thousands of years that no-one cares about it anymore? What about all of the stories that have been told to the children down the generations of Jesus and His Amazing Technicolor Pogo Stick?

WON'T ANYONE PLEASE THINK OF THE CHILDREN??!?!?

Roll me one of those please ...

Judging from the responses, they are the same swooft folks posting here.

DUDE, there is a pictogram in every router I ever bought/setup. if you cannot follow pictures and simple instructions, you do not belong on) pick one
1)the Internet
2)a computer
3)This site
4)a camp and rubbing meat on your body? WTF?!!
5)all of the above

lmao...

There were no drugs involved in the creation of the above post. Well, other than copious amounts of caffeine. Perhaps I should have specified "illicit" drugs. :p

Jumping Jes...ah, forget it.

I take no responsibility for my previous posts in this thread. I blame caffeine for these outbursts and intend to hold them fully responsible for my actions. PepsiCo (The makers of the beverage loaded with caffeine in question, Mt. Dew) shall be receiving a full summons as I drag them into court for a long and expensive drawn-out proceeding to the cost of Pepsi drinkers everywhere, not to mention the taxpayers paying the judge and jury.

I mean...that's the way we do things here, right?

/sarcasm (for those of you who have missed my numerous posts concerning personal responsibility and accountability)

I'd like to join this "illiterati" what are the requirements? If I'm already a member of MENSA, is this OK?

Wow, this is news? I thought everyone knew this by now. Computer security is like a pair of pants, if you leave it down you're just asking to get raped.

SHHHHH!!!! how else am i supposed to get free internet from idiots who set them up in hotels when i go to one? Keep your big secrets, secrets mmmkay?

If the idiots installing their routers do not change the password they deserve what they get. People think it's too easy to do what we do and then they get all upset when their stuff gets hacked or busted.

Morons.

Boy, this is news!

And the idiots who have not done so DESERVE what they get!

Next we'll be reading about some calendar issue regarding some year 2000 bug...

Nah, the only calendar issues currently regard the DST changes...

Oh, wait...

I get it.

No... really??

Those who have not changed the default passwords on their home routers may be putting themselves at risk of attack

OMGNOES!!>!!11hr23oneoenoene

uh...

Ya think?

Also, he recommended that users do not visit sites that "aren't known to be at least reasonably trustworthy."

Uh, gee. Thanks. I can't imagine why no-one ever thought of that one before.

many consumers just plug in their routers without changing the password, leaving the default settings intact.

Many users are completely incapable of reading the warnings and the instructions for setting up their routers. I can drive through damn near any neighborhood in any town in the state and find at *least* 2 unprotected networks that are broadcasting the default "linksys" SSID.

Is any of this news to *anyone* here?

well i just came out from living under a rock for 20 years and....

wait...

no i knew that too.

Agreed.

People are idiots.

lmao...

See, even the lowliest cave-dwellers knew this. :p

I agree. I did a test. Brought my laptop in the car and found at least 5 unsecured networks. Linksys, netgeat, 2wire and some other goofy a$$ names lol. They were all so close to one another that thses ppl could share the net or borrow it from someone and cancel their own service lol. 192.168.1.1 anyone? lol Unreal. Ah well.

now if only the lowliest of cave dwellers bought routers. or better yet, got rich changing peoples router passwords for them....

Heh..

Now there's a plan.