Girl Geekette

A few days ago, I found a great article on Techdirt that I really loved. "You’re Not As Secure As You Think… Except Maybe On Wireless Networks " does a great job of showing an example of how most people believe that wireless networks are insecure by nature, therefore, if the general population believes that, then they are in essence as secure as they believe they are. From all the work with wireless that I have done, I can fully agree with the way this article is presented.

Out of the box, wireless networks are extremely vulnerable and insecure. Through recent studies I have done, I can conclude that over 50% of Wireless Access Points (WAPs) are left with no security enabled - not even MAC address filtering or any type of encryption - WEP or WPA. WEP has been crackable now for a few years using programs like WEPcrack. MAC address spoofing is also easily done by using ifconfig in *nix and a simple registry change in Windows XP. Even WPA PSK has been cracked (WPA itself has not been cracked, but the PSK - private shared keys - is susceptible to brute force and has been cracked). So, when I read the article on Techdirt, I had to completely agree.

But, when I read the original article on Information Week that the Techdirt article referred to, I had to really stop and shake my head. In it, Matthew Friedman reports that Justin Peltier - a senior security consultant with Peltier Associates and leader of Web hacking seminars for the Computer Security Institute - goes on to say that "Properly configures, wireless is actually much more secure than wired networking" and that proper configuration using the WPA PSK has to be turned on to achieve this.

I do not agree with this at all. Although the WPA PSK takes a lot longer to crack than WEP, it is still crackable. No matter how you look at it, wired access is still less secure than a wired connection. Peltier also states, "So many people have been brainwashed to believe that wireless is insecure, though." People brainwashed? After all that is crackable and can be done with WPA PSK, WEP, MAC address spoofing, detecting the SSID and so on.. I do not see how a "Security expert" can believe that wireless is "more secured than a wired network".