Since my article on WPA security and Elcomsoft’s cracking software, I’ve received a
few e-mails asking me to explain wireless security in greater detail. While I can
easily do that, I have a feeling that what most people want is not more details, but
for it to be presented in an understandable manner. So, without further ado, here’s
The Tech Mango’s WiFi Security Analogies that will make you groan!

Having a wireless network is sort of like having a house. In the default “Open”
mode, your house has a 100-meter tall sign saying “party over here!” Anybody can
walk in and start talking… And hear other people’s conversations. Not a good thing
if you frequently discuss sensitive information. There are many ways to keep this
information hidden.

Disabling SSID broadcast. This is perhaps the simplest method and first step towards
a little security. This takes down that 100 meter sign, but everyone driving by can
still see that there’s a house at 123 Main Street. This is because your router or
access point broadcasts what’s known as a beacon… And that includes it’s physical
address. It provides little real security, as any time someone comes to your house,
they ask “Is this Rob’s Party?” Loud enough for all to hear. Not very secretive at
all.

Mac Address filtering. Another method of security is having a guest list for the
party. And while this may seem secure at first, all tech-savvy hackers know this is
little more than a temporary inconvenience. The “bouncer” (router or access point)
relies on stickers saying “Hi, My Name is…”. Hackers can quickly take a magic
marker to these stickers to change their name to someone on the guest list.

While these two methods are generally sufficient to deter those looking for free
internet, it’s little more than a bump in the road for more knowledgeable or
dedicated hackers.

WEP Security. The best way to describe this is a house party where every guest has
to use a secret knock every time they speak. After listening to a few thousand
conversations (which is rather quick on computers), a hacker generally has the knock
figured out and can communicate with everyone else.

WPA security. This security is definitely more thorough… We’ll cover the WPA
Pre-shared key. This is like having a key to the party… And once you’re in the
vestibule taking off your coat, the bouncer demands to have the secret handshake.
Inside, you speak in a language based on the handshakes you’ve done. But this is
where the recognizable analogy ends, as the intricacies of WPA are such that the
main security is the 4-way handshake. And while this can be observed, it will still
take the hacker a while to figure out what the handshake is and how to do it,
practicing in front of a mirror until her gets it. With sufficient password length,
he will never get the handshake down unless it’s a poor choice of password
(specifically, dictionary words).

WPA Enterprise. This the the top level of security you can have. Not only are you
asked for a key and secret handshake, the bouncer asks for your drivers license and
runs it against the DMV database to make sure you really are who you say you are…
And that you’re allowed in. These “credentials” can be revoked at any time… Like
say when you fire an employee. Hence, WPA enterprise is useful in large business, or
enterprise, application. See how the name fits? There are currently no known methods
of hacking this type of network from the outside. You can duplicate someone’s
credentials if you get a hold of them (or specifically, their laptop), but once the
breach is discovered, the fix is as simple as cancelling your credit cards.

VPN. Many security experts theorize that the future of wireless security will go
towards DATA security and de-emphasize LINK security. If the data going over your
network is sufficiently encrypted, it won’t matter what form of security you use.
It’d be like having a guest walking into your open house party, only to discover
that everyone else is speaking in a made-up language that only they know. This is
what a VPN does. It sends the data to another computer in an encrypted manner…
like having your own virtual private network. In fact, this is what it stands for!

There are other ways to make your wireless network more secure…AP Client
Isolation, etc. But for the sake of sparing you my never ending torrent of bad
analogies, I won’t hit upon those here.

The long and short of it is, a WPA Pre-shared Key (especially AES-based WPA2) with a
sufficiently complex and long key is UNHACKABLE with current technology, and will be
for quite the foreseeable future. It’s a never-ending game of cat and mouse with
hackers and security professional, but for now… The cat’s got the edge. Upcoming
technologies, such as 5 Ghz wireless, will keep the trend going. As of right now,
there are no known hacking tools or devices that support the 5-Ghz wireless band.

Many have probably heard of the Internet Watch Foundation…

Most probably heard of it for the first time when the new story broke that they effectively blocked Wikipedia in almost all of the UK. Now, the Wikipedia has had it’s share of criticism — but endorsing child porn is not one of them.  However, the Internet Watch Foundation thought otherwise.

The Internet Watch Foundation, having missed it’s true calling to protest the Scorpion’s 1976 release of their Virgin Killer record, decided to wage an Internet crusade against Wikipedia for displaying the album art cover (which featured a nude girl with a glass crack obscuring her genitals). This is despite the album (with it’s associated cover art) being available for sale at amazon.co.uk, as well as in stores in England.

All this media attention has made the image more popular than ever before. Quite the opposite of what they wanted, no?

So how does the Internet Watch Foundation work?

The IWF maintains a blacklist to which the UK ISPs can voluntarily subscribe… “voluntary” being the key term, as ISPs feel a good deal of public pressure to subscribe to the list. No one wants to have the stigma of allowing “hardcore child porn” on their ISP. In addition, this “voluntary” compliance helped to stave off burdensome government regulation of the internet industry that may have been even more onerous.

However, as critics of the great Aussie firewall are quick to point out, ISP filtering can easily be bypassed with the simplest of proxies. In short, it simply doesn’t work. Everyday consumers and surfers are inconvenienced and pirates and child pornographers are unimpeded.

One can only wonder what we will face in the US if RIAA and it’s allies succeed in their objective of getting US service providers of filtering internet content on a widespread basis.

The truth of the matter is that the Internet Watch Foundation has overstretched it’s bounds. And while they may have wisely reversed their decision on the Wikipedia blacklist, their folley has caused even their champions to question their operations.

A few weeks ago, Elcomsoft reported that is had developed a software to harness the power of a GPU to brute-force WPA/WPA2. What that could mean is that, for a scant $1,000 in hardware, one could break the encryption used on wireless networks. While this price may sound prohibitively high, two top GPUs in SLI is fairly common in high end gaming. People dedicated enough to break into corporate networks now have a means to do so.

That’s the theory, atleast.

As one keen commenter pointed out, the reality and sheer mathematics behind it is mind boggling. WPA2 can be 63 characters using lower case, upper case, numbers, symbols, provides 94 choices for each character. If I use a 63 character password, that 63 character password could be one of 1.9 * 10 ^126 possible choices.

If you want to have a 100% chance of brute forcing this key in one year one would still need to execute 6*10^118 trys a second.

It would be faster to attack the 256 bit hash as this only has 1.1*10^77 permutations.

So if one could issue 3.6 *10^69 commands per second one could guarantee a break in one year. Lets assume that it takes 10 flops (floating point operations) to test one key. As of August SETI@HOME is executing an average of 150 terra-flops (150*10^12). Therefore one would still need ~ 2.5 *10^56 SETI@HOME projects to break one key in one year.

The most efficient computer uses 2.8 watts per GFLOP. Therefore it would take 2.5*10^59 watts to break one key. Since the average usages of power for all people on the planet is 15 TW we would need 1.5*10^46 times the current power output of the planet to break one key.

Unless someone is using a weak password, like “aaaaaaaa”, it’s rather unlikely someone would be able to successfully crack WPA2.

Why am I taking the time to point this out? The short explanation is that I’m tired of lesser admins and specialists preaching to me that WPA2-PSKs are insufficient safeguards for wireless security, especially in a business/enterprise setting. This is simply not the case. While it may be optimal to use WPA2 Enterprise set ups in corporate environments, the reality is the many IT departments are run on a shoestring budget. The mark of a good IT consultant is not how fast, powerful, or secure they can make something with an unlimited budget… but how well they can make do on a budget resembling the McDonald’s dollar menu.

Some theorist suggest that link security, such as WEP and WPA, may eventually take a backseat to data security, such as VPNs.

So, for the time being, you can sleep soundly knowing that your WPA2 networks are secure… secure as you make them.

PC gaming has been in a steady state of decline over the past several years. But what could be causing this?

Consoles have been elevated from a niche gaming market for Nintendo and Sega games to perhaps THE foremost platforms to release new games. I vividly recall scoffing at anyone who wanted to be taken “seriously” as a gamer whose primary game system was a console. However, it’s become obvious that console are no joke.

The biggest problem, it seems, is the ease of use that the console systems enjoy. There’s no updating your drivers, installing DirectX, waiting 30 minutes for your game to install, worrying about background applications, compatability issues… nothing. You just put the game in the drive and play.

Why can’t PC games be made that easy?

Software support. Simply put, the console runs on software that’s already loaded with drivers, libraries, and programs required for games designed for that platform. The problem with PCs is also it’s biggest virtue: utility. PCs are useful for other things besides gaming, and as such they can’t be crammed full of gaming libraries because that would limit their functionality. As such, all the information needs to be loaded into memory. With such a mix of different hardware, it’s difficult for programmers to anticipate what consumers will have at their disposal.

Gaming companies are always quick to blame piracy for the flagging sales of PC games. While their complaints are somewhat justified, it is often used as an excuse for the poor sales of their games for the media and their investors. Tech savvy computer users have almost no difficulty pirating games, in contrast to console systems that require physical modification in order to achieve the same ends.

The industry’s solution?

DRM. This is perhaps the dirties three letter word of all time. Companies like EA, looking to safeguard their investment, have turned to draconian DRM and copy-protection schemes that only hurt the consumer. For instance, Electronics Arts turned to the failed SecuROM technology to protect Spore. The end result? EA faced a massive consumer backlash over SecuROM — Spore gets low reviews from consumers and sets records for amount of pirated copies downloaded in a 24-hour period.

Meanwhile, EA Execs blame the low reviews on “disgruntled pirates”, further proof that they just don’t get it. Pirates aren’t worried about DRM… they just get the hacked DRM-free versions anyways. It’s the end consumer that has to suffer through having it… and trying to get rid of it.

The long and short of it is, if PC gaming were as simple and hassle free as console gaming, then PC gaming would probably once again be the premiere platform for gaming.

Being the inaugural first entry into the brand new Tech Mango blog, this is probably the perfect opportunity to explain what this is and why a Mango has anything to do with technology?

In truth, mangoes and technology have very little in common. They do, however, make for an interesting oxymoron. The titles came to me in a lucid dream — perhaps after reading an article on the “high-tech mango farmer from Bulacan.”

So aside from an oxymoron, what can you expect to see here? Good question. I’d like to see The Tech Mango be a sanctuary for those looking for interesting little tidbits of tech news and commentary. Being the first entry, there’s little so far to go on — but there is some in the works. Keep your eyes peeled!