I just got my WiFi network setup, just had my 1st Hotsync, I don't know why I waieted this long, this beats BT, I dont have to be tethered to 2 rooms in the house to be able to stream music from the internet of Hotsync , or surf from the UX. I think my only concern is the fat my data is being broadcast during a Hotsync using WiFi. I demonstrated to a friend printing from my UX directly to a printer connected to my home network, he was very impressed.
Can somone give me the quick & dirty about the security issues of 802.11b or should I cross post in wireless?

use WEP .. at least 128bit and change the keys often ..

and of course wifi is faster and has longer range ..

its all about the standards :-)

wifi is 11mbps vs 0,7mbps of bluetooth

100+ meters vs 10 meters of bluetooth ..

but wifi needs over 10 times more power ..

I think the government should force manufacturers to remove WEP from all wireless hardware, issue a public apology, and try again.

http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

Depending on the volume of data you move, you'd need to change your keys daily or hourly to even have a loose chance of staying secure. Some guy walking around with a Zaurus and Netstumbler can own WEP networks easier than beating my high score at tetris.

Bluetooth is theoretically better, but is hardly perfect either.

Originally posted by tsark
I think the government should force manufacturers to remove WEP from all wireless hardware, issue a public apology, and try again.

http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

Depending on the volume of data you move, you'd need to change your keys daily or hourly to even have a loose chance of staying secure. Some guy walking around with a Zaurus and Netstumbler can own WEP networks easier than beating my high score at tetris.

Bluetooth is theoretically better, but is hardly perfect either.

The Zaurus, like most WiFi equipment, doesn't allow promiscuous WiFi -- it will simply drop any packets it doesn't have the WEP key for, which means they can't be intercepted for analysis to find the WEP key. In addition, almost all newer WiFi equipment now has weak IV avoidance routines, which defeats the main hacking technique outlined in the above document.

No, WiFi isn't secure, WEP or not, but using WEP (preferably with multiple keys) is a heck of a lot safer than not using it. Combined with limiting on MAC, it should stop all but the most determined hackers who also have cards where they can both listen in promiscuous mode and set the MAC manually.

As for Bluetooth security, it's mostly turned off, due to the fact that people will find it tedious to have to enter two pins every time they hook up two devices. Gone Bluejacking lately? :)

Regards,
--
*Art

Originally posted by tsark
I think the government should force manufacturers to remove WEP from all wireless hardware, issue a public apology, and try again.

http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

Depending on the volume of data you move, you'd need to change your keys daily or hourly to even have a loose chance of staying secure. Some guy walking around with a Zaurus and Netstumbler can own WEP networks easier than beating my high score at tetris.

Bluetooth is theoretically better, but is hardly perfect either.

regular internet isn't any safer .. so it should be banned ? :-)

Originally posted by arth1

The Zaurus, like most WiFi equipment, doesn't allow promiscuous WiFi -- it will simply drop any packets it doesn't have the WEP key for, which means they can't be intercepted for analysis to find the WEP key. In addition, almost all newer WiFi equipment now has weak IV avoidance routines, which defeats the main hacking technique outlined in the above document.

No, WiFi isn't secure, WEP or not, but using WEP (preferably with multiple keys) is a heck of a lot safer than not using it. Combined with limiting on MAC, it should stop all but the most determined hackers who also have cards where they can both listen in promiscuous mode and set the MAC manually.


Check out this URL for an idea of what I mean re: zaurus. (http://www.irongeek.com/i.php?submenu=zaurusheader&page=zaurusmain)

I don't know how widely deployed "weak IV avoidance" is, but in my experience - not that widely. And it's simply not that difficult or expensive to get a portable, MACable Wifi setup. Software that automates most of the hard stuff is available.

The fact of the matter is, people turn on WEP, and never change their keys again. They're not told about the shortcomings of the system; instead, their spun with marketing lies about "wireless security." It's inexcusable.

Nothing there that tells how to break WEP with a Zaurus -- only how to wardrive and snoop open networks. In which case WEP is a whole lot better than nothing. :)

I use the best WiFi protection there is -- a clueless neighbour who runs her network completely open, announcing itself as "linksys".

Regards,
--
*Art

My goodness. It's pretty obvious - you run linux on the zaurus, the relevant tools (capture, decrypting) are generally linux-based...