Skip to comments.Wi-Fi Security: Cracking WPA With CPUs, GPUs, And The Cloud
Posted on 08/15/2011 2:37:51 PM PDT by decimon
Is your network safe? Almost all of us prefer the convenience of Wi-Fi over the hassle of a wired connection. But what does that mean for security? Our tests tell the whole story. We go from password cracking on the desktop to hacking in the cloud.
We hear about security breaches with such increasing frequency that it's easy to assume the security world is losing its battle to protect our privacy. The idea that our information is safe is what enables so many online products and services; without it, life online would be so very different than it is today. And yet, there are plenty of examples where someone (or a group of someones) circumvents the security that even large companies put in place, compromising our identities and shaking our confidence to the core.
Understandably, then, we're interested in security, and how our behaviors and hardware can help improve it. It's not just the headache of replacing a credit card or choosing a new password when a breach happens that irks us. Rather, it's that feeling of violation when you log into your banking account and discover that someone spent funds out of it all day.
(Excerpt) Read more at tomshardware.com ...
I refuse to put my data in the “cloud”. I also don’t purposely give myself access to my home network from outside. I’m sure someone could break in if they were smart enough; I took some basic precautions but nothing serious.
I don’t do a computer budget, so my financial records aren’t really on my system, so they’d mostly be hacking my kids’ book reports and our extensive collection of family vacation photos and videos.
Anyone naive enough to think their personal data is safe in the “cloud” is technically illiterate enough to be a part of the West Wing Staff.
Anyone who accesses their bank account, brokerage account or uses a credit card over the Internet is also at risk.
One would be nuts to cloud sensitive data.
At work, I setup our wireless to use EAP/TLS. Any computer trying to access the wireless network must be a member of our domain, where it has been issued a certificate for authentication(via RADIUS Server), and they receive their wireless settings via Group Policy. All traffic is ‘invisible’ to outsiders. We DO have an open ‘guest’ network, but it’s on a separate network/VLAN, pointed out to the net with its own DMZ.
Where I find people and businesses screwing up the most is enabling WPA, and setting a weak, or easy to guess Pre-Shared Key.
"The Cloud"(God, I hate that term), is fine as long as it's YOUR 'Cloud', and you OWN it. Anyone farming out such things to a 3rd party is absolutely NUTS!
That is true; I’m especially nervous about online banking; I have one credit card I use for online stuff that I can cancel anytime I need to;
But those two things would be a risk no matter how secure I make my home network.
I got tired of clicking through advertising loaded pages after the first few.
But in case he didn’t mention it, WPA PSK (Pre Shared Key) is not all that secure either. It’s way better than WEP, etc, but if you want real security you need to use some flavor of EAP via 802.1x.
You probably have that at work. But you probably don’t at home.
To put the issue in perspective though, it still takes a determined effort to crack any encryption. And in fact most breaches are the result of “operator error” (phishing, etc.) rather than a failure of the technology.
Is it my term to point out that certain things have been “on the cloud” for years? IE, email? And that the old term for “cloud” is “co-located servers”?
And that IT professionals for 20 years have rejected putting their data on third-party offsite storage, for a lot of good reasons, none of which are going away just because a fading IT monopoly coins the term?
I use MAC address exclusion, am I screwed. (No personal financial info on internet connected computers)
The real trick is to never put unencrypted data "in the cloud". For instance, any remote backups should be encrypted _before_ they start streaming out onto some internet endpoint.
It's pretty worthless. MAC addresses are broadcast and easy to obtain.
Simplest thing to do is use a long, easy to remember, hard to guess, password phrase like "IHadADogNamedBingo".
And then don't tell that to anybody.