Sunday, November 9, 2008

Using wifi? Don't use WEP, careful with WPA!

If you use wi-fi at home for your computer or other wireless-enabled device, you probably have a router providing you with that signal. You also probably have a password to secure your router and prevent other people from getting into your access point and using your connection. You may be safe from casual bandwidth-stealers, but anyone who has a few minutes of spare time and the appropriate program installed can bypass your supposed security in mere moments. Then they can use your connection. It can be as innocuous as borrowing your wifi to check their mail, but it's likely that if they are sneaky and clever enough to get in in the first place, they probably have more malicious intentions for your network.

For those who don't want to know the details, just at least read this part. Whether you're tech-savvy or not, you need to pay attention because this affects you. Whoever is in charge of the network at your house or apartment must make the appropriate changes to your settings. Instructions for configuring your router vary between makes and models, so check your particular one and look online for instructions. Generally, though, your router can be accessed through any web browser (Safari, Firefox, Internet Explorer (shudder!)) at the address or some variation. You're on your own for the login and password.

The bottom line is that you want to get to the "Wireless" settings and change your security to "WPA2-PSK" if it's available. This is the most secure, and is (as yet) not susceptible to easy cracking. You may have to reconfigure your wireless devices as well, but it's for your own good.

Why? Well, WEP, which is what people most commonly use, was, frighteningly, NOT created by security experts. Those who designed it took a great security method and implemented it incorrectly, so it's never been secure. The method it uses relies on randomness to prevent bad guys from guessing the password. But the way WEP is implemented, there are occasional repetitions, and with repetitions come patterns. And with enough patterns and enough data to go by, the bad guys can solve the "puzzle" easily. It needs to be completely random, with no repetition!

I'm not too sure why WPA isn't safe anymore, but it's apparently been cracked in the past week or so.