[Full-disclosure] WEEPING FOR WEP

James (njan) Eaton-Lee james.mailing at gmail.com
Fri Apr 6 22:40:08 BST 2007 

Gary Warner wrote:

> I'm going through this one at work right now myself.  My team convinced
> me that we should use "WPA2" with TKIP for our new wireless service.
> Guess what?  Most Windows-controlled wireless laptops don't have an
> option to select WPA2 as their authentication protocol!  My team says
> "No problem, we can just have them download a more recent version of
> their driver and use the software that comes with their wireless card to
> manage their wireless instead of the windows client."
> 
> ARRRGH!  *NOT* a valid answer!

I suspect whether this is a "most" or not depends a lot on your hardware 
refresh cycle and what sort of kit you buy - if you've been buying Intel 
Centrino kit, it all supports WPA (the ipw2100 may not, but everything 
since then certainly does) so long as you've got the latest drivers and 
the WPA2 Hotfix for XP.

I've implemented WPA2 Infrastructures recently, and the number of 
laptops which haven't supported WPA2 is somewhere in the 10-15% range. 
Oddly enough, we have two ipw2200-equipped Toshiba laptops which (even 
after a full reinstall, and using identical drivers/firmware to machines 
that do work) refuse to talk WPA2...

If you have older prism kit, or a chipset like atheros which is commonly 
rebadged/resold, you may not have WPA2-compatible drivers/firmware for 
the card even if the same chipset in other vendors' devices (or in 
linux) supports WPA2.

Thankfully, at the current point in time, sporting the Wifi logo 
requires WPA2 support so far as I'm aware, so anything you buy now 
*should* support WPA2. I'm not sure when this requirement came into 
effect, though..

  - James.

-- 
   James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org

    "All at sea again / And now my hurricanes
    Have brought down this ocean rain / To bathe me again"

  https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3
-- 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3521 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070406/a5e18a45/attachment.bin

Full-Disclosure is hosted and sponsored by Secunia.