How wireless security should NOT be done.

CTI shares the building with two other business, one of which recently decided to install a wireless network. Given that we have a wireless networking module, that can only mean Bad News. And sure enough, on Thursday I learned that our students had successfully gained access to their network. When I went to investigate, this is what they told me:

“I noticed their network in the network selection page, and noticed that they were running WEP security. I then thought – what’s the stupidest key that I can put in? Let’s see… 12345 seems to be stupid enough. So I tried it… and it connected. I was so dumbfounded, I did it again just to be sure.”

Well, $company has made two fundamental errors here. Firstly, they’re using static WEP, and anyone who knows anything about wireless networks will know just how insecure WEP is. Secondly, if you make your wireless key “12345” or something just as easy to guess, you’re really asking for it. Particularly if a college of IT students is just up the stairs from you.

Our network administrator, once she was done laughing at $company’s stupidity, attempted to notify them of their errant ways. They put the phone down on her. So, we’ve decided that if anything happens to them, that’s their own dumb fault. Not ours.

We’ve got another LAN happening this weekend, so $company is probably going to be in for a hard time. Conveniently, my new computer is finished and working perfectly. I would have taken some photos but someone in my family seems to have conveniently misplaced the digital camera. Anyway, if you’re a gamer in the Durban area reading this and you want to come, here’s the details: it’s happening at CTI (36 Essex Terrace, Westville) from Friday evening until Sunday morning. R40 gets you playing. If Chris and Steven can procure a Gigabit switch, then it will cost you an extra R10 to get on the Gigabit portion of the network (and places on that network will be strictly first-come, first-serve). If you clean up your litter when you leave, you get R10 refunded to you. Expect the usual games: Counter-Strike (ugh!), WarCraft 3 (that includes DotA – ugh again), Natural Selection (if I can get enough people playing that), Call Of Duty, and the like.

I’ll be using this as a practise session for the rAge LAN. I’ve organised tickets, transport and friends for that. Now I just have to wait for the date to arrive.

I’ve found something worth talking about for BarCamp Durban – the IRC server to server protocol. I know that the_5th_wheel is interested in that topic: if there’s anyone else interested that’s going then let me know. The last thing I want to do is give a talk on something that doesn’t interest anyone.

I’ve been asked to learn C++, as CTI wants to offer it next year. Of course, I said yes straight away, as it gives me the chance to learn a very substantial and capable programming language. Don’t get me wrong, I have nothing against C#… it’s just that I’d far rather be hacking with C++ code than with C# code. Besides, I’m told that the language is quite challenging, and there’s nothing I like more than a good programming challenge. At the moment, I can do not much besides use loops and write simple programs of the “Hello World” variety, but it’s a start, and there’s some pretty nifty things that I’ll soon be learning about.

Meh, I think I’ve said enough for one post.

Bookmark the permalink.

3 Responses to How wireless security should NOT be done.

  1. jerith says:

    C++, ugh. It’s powerful, but it’s also messy and dangerous. There are several “standards”, some of which (the earlier ones, mostly) cannot even be formally specified.

    Why I don’t like C++:

    1. You have to manage memory yourself. Sure, this means you don’t have the performance hit of a VM and/or GC, but the cost is in tracking down memory leaks and bad pointers.

    2. Too complex. There are way too many language constructs and templates are a full language in their own right. Sure this leads to power, but at the expense of even grizzled professionals turning to their references on a somewhat regular basis.

    3. Too verbose. Perhaps not quite as verbose as Java, but when there’s nearly half as much boilerplate ans meaningful code on my screen, I start having problems following things.

    All that said, it’s probably not a bad language to know. It’s not actively destructive (like VB and PHP) and it teaches you a lot about why higher level languages are good. As long as you’re not writing production code with it…

  2. Edd says:

    btw, since you’re involved at cti, why dont you inform them of BarCamp?
    The more the merrier.
    and do you have any other means of contact other than irc?(its a tad hard to keep people up to date without email or somesuch)
    (sorry for the last ot part, I have no other means of contact 🙂 )



  3. Ron2K says:

    I’m quite happy to advertise for you. If someone is designing posters, so much the better.

    E-mail: ron2k|DOT|za|AT|gmail|DOT|com