Comments on: 250,000 eircom modems can have their password guessed - How will eircom react?

By: Evert Bopp

Evert Bopp — Tue, 02 Oct 2007 11:42:02 +0000

This is a completly overhyped issue.
WEP encryption was “crack-able” from day 1. It can be cracked within minutes using tools that have been available for years.
Some smart-ass tool that uses the SSID rather than sniffing & analysing packets does not increase the risk.
What should be addressed is the question if these networks should be secured at all and if so who should be responsible for this.

By: Olivier

Olivier — Mon, 01 Oct 2007 17:29:45 +0000

WEP is utterly broken. It can be cracked from scratch in less than a minute. If you are serious about security, use WPA with a strong password.

Less than a minute means that it is actually faster to crack your own WEP key than to type the hex code correctly in a text field.

See http://www.theregister.co.uk/2007/04/04/wireless_code_cracking/ or http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/

By: Rahood

Rahood — Mon, 01 Oct 2007 16:28:31 +0000

@knuth
Has Linksys ever hardcoded sNTP servers that it did not own into its firmware.
D-Link has and so have Netgear. Can you buy Netopia gear from PCworld or Elara where the average Joe shops. Notice I said average Joe and not ‘chimps’ btw.
So yes I could be called a fan in that regard but if you want ‘fanboyism’ as you call it.. my friends and family all sit behind a Linksys WRT54GL if they need wireless because the firmware is GPL’d and I can also add NAS and voip from the router itself should they wish
Is it logical to use a cd to set up a router because thats where the problems start. Better to have printed instructions in the box because as we all know only too well Windows users will click on anything autorun.inf when told to do so (my fanboyism is sneaking out again)

“Please do not blame the routers lack of enforced security measures due to chimps that are unable to select the WPA/2 encryption method.”

WEP by default is the problem, not the average Joe who has been shafted by a lack of decent info on a product supplied at a tight pricepoint.

Between those little sperm tailed wireless devices advertised on the TV and now this, Is it any wonder I often cry myself to sleep over the state of net access in Ireland.

By: Sinéad

Sinéad — Mon, 01 Oct 2007 14:19:31 +0000

I don’t even need a WEP key to access my neighbour’s eircom broadband, they simply don’t have one.

By: knuth

knuth — Mon, 01 Oct 2007 13:57:45 +0000

Rahood: A fantastic display of fanboyism, great work chief!

The Netopia router is an excellent router. There is no logical reason to shell out extra money for a more ‘branded’ router.

Please do not blame the routers lack of enforced security measures due to chimps that are unable to select the WPA/2 encryption method.

Thanks.

By: Rahood

Rahood — Mon, 01 Oct 2007 11:59:38 +0000

This is why you should buy your own gateway/modem/router/switch/port or what ever the marketing droids are calling them these days.
Read the netopia manual for a simple fix.

http://www.netopia.com/support/intl/eircom/technotes/IEWG_110.html

Linksys with openDNS would be by my choice at home and as for the office I dont see this as an issue because nobody in their right mind is using the free modem provided by Eircom to face the world and if they are well then your sys0p should be out of a job.

By: 73man

73man — Mon, 01 Oct 2007 10:43:55 +0000

Blog giant in code cracking plot shocker.

By: Damien B

Damien B — Mon, 01 Oct 2007 10:35:20 +0000

Surely the issue here isn’t just stealing someones broadband/bandwidth, but getting access to their network as well?

By: Damien

Damien — Mon, 01 Oct 2007 10:20:58 +0000

Exactly Colm.

By: Colm Doyle

Colm Doyle — Mon, 01 Oct 2007 10:19:52 +0000

In a hypothetical scenario, where this was not illegal, I would more than likely have tested it and confirmed that it does indeed work.

But of course I haven’t in reality, because as Damien rightly points out, that’s a no no

*cough* *cough*