Blog

• CWNP
• May 19, 2008
• 

Is the WLAN market finally settling down a bit?

When the powers that be call to see if there are any "latest-greatest" hacks, I've actually had to say, "nothing to speak of."  When I read the "latest" whitepaper on WLAN "speeds and feeds" or security (authentication/encryption) topics, it's the same old thing said a different way.  Infrastructure upgrades to 802.11n is currently the hottest topic, and though there are a number of challenging facets to it, it's not mind-bogglingly difficult.  Are we finally reaching a place where change is more of an "annual thing" rather than a "daily thing?"

• CWNP
• May 11, 2008
• 

A gap in the market and irritating licensing schemes

People are constantly asking me, "which 802.11n wireless access point or router should I buy for my home?"  After questioning them about their needs, they tell me that they want the "good stuff" - not the usual SOHO fare.  Of course, the "usual" is Linksys, DLink, NetGear, TrendNet, Belkin, and a few others.   There's nothing in particular wrong with equipment from any of these vendors, and most people are perfectly fine using it in their homes or small businesses.  But there's a few telecommuters and small business owners that don't mind paying a little extra for something more feature rich and reliable.  The problem is that there is no such thing.  I have a suggestion. Continue reading...

• CWNP
• April 27, 2008
• 

Random Thoughts...

I was just thinking that if AT&T can screw people by charging them 20 cents EACH for receiving text messages they don't even want (usually from people they don't even know), then I'm sure someone is going to figure out how to do this on Wi-Fi soon enough.  I can see it now, "ToWiFi" - holy crap.

This week, I was just reading an Aruba whitepaper that reiterates the need for a static site survey when legacy clients are participating in an 802.11n infrastructure.  I also had conversations with several people who reiterated the Vocera and SpectraLink (now part of Polycom) don't support installations of their products when the controller is configured for "automatic power and channel assignments."  Bottom line: static site surveys are here to stay for a good long time. 

• CWNP
• April 16, 2008
• 

Where are all of the 802.11n books?

Good grief.  How long must we wait for someone to write a decent book on 802.11n?  From the various architectures to deployment strategies, there are dozens of small topics that need addressing.  Many vendor whitepapers are proving to be so full of marketing that they aren't useful, and the market needs a "best practices" document for rolling out 802.11n.  It would even be useful to cover additional topics such as how 802.11n affects VoWLAN deployments.

• CWNP
• April 10, 2008
• 

High Throughput Hounds of Hell Unleashed

It has officially started.  Hacking 802.11n was inevitable of course, and now we have Denial of Service (DoS) and Service Degradation attacks aimed squarely at 802.11n networks.  Using normal functions of the High Throughput (HT) PHY/MAC such as Block ACKs and coexistance (protection) mechanisms is a perfect place for a hacker to start because those features are required for proper operation.

• CWNP
• April 03, 2008
• 

Mid Market Mania

How many times have you visited a small business where the owner or manager is trying to play "techie" due to the high costs of hiring consultants?  To make matters worse, this person also thinks he has a solid grasp on network fundamentals.  He calls you to come have a look at a 'seemingly random, but minor' network problem because he met you 10 years ago for 20 seconds at a seminar you don't even remember attending.

You oblige of course, and...

• CWNP
• March 20, 2008
• 

Hacking & Solutions: Cracking WEP and WPA2-PSK

This article is presented as part of hacking + solution track for Wireless Security Expo 2008.  Before reading the solutions article, make sure you have watched the hacking video.  Videos are available by registering here .

Cracking WEP is old-hat, but the newer WPA/WPA2-Personal can be cracked too.  See how its done and see how to secure against it.

• CWNP
• March 08, 2008
• 

Whitepaper Lies

OK, so a guy can only take so much before he has to say something...  I read just about every WLAN whitepaper that is released - and some that aren't.  One thing that is getting worse and worse is the fact that vendors are using the term "whitepaper" to disguise what the document really is - marketing propaganda.  Some vendors feel that it's necessary to make their whitepapers 30-40 pages long so that they can thoroughly explain their marketing propaganda - or perhaps overwhelm the reader with so much information that the reader just assumes everything that is said is true.  This practice has got to stop.  Obviously the vendors won't stop producing these kinds of misleading documents until customers, VARs, and potential customers provide some negative feedback. Continue reading...

• CWNP
• February 19, 2008
• 

Hacking & Solutions: 802.11 Protocol Attacks, Deauthentication

This article is presented as part of hacking + solution track for Wireless Security Expo 2008.

Deauthentication is the most common form of 802.11 protocol denial-of-service (DoS) attack.  After watching the Deauthentication video, you can see that performing this type of attack takes seconds using common and user-friendly software and hardware, can wreak havoc on a network, and can be used as part of other types of wireless network attacks.  Deauthentication frames are considered notifications, not requests, which means any associated station or AP that receives a deauthentication frame must comply.

• CWNP
• February 12, 2008
• 

Hacking & Solutions: Cracking Cisco LEAP Authentication

This article is presented as part of hacking + solution track for Wireless Security Expo 2008.

By watching the "Cracking Cisco LEAP" video, you will discover just how insecure LEAP is.  It takes only seconds to break using any reasonable dictionary file and commonly available and user-friendly software tools.