Hi Everyone,

I know it's an old subject, but if anyone is in the US, in the Jacksonville, FL area, come to the Jacksonville Linux Users Group tonight. I'm doing a presentation on the security flaws of the WEP protocol, and demonstrate how easy it is to subvert. Details and slides at the link below:

http://www.hacksonville.com/?p=134

Thanks! 

+1 rance
Unfortunately, I still see WEP networks all over the place.

My presentation went really well, I got a lot of positive feedback. This was my first presentation, by the way.

pseud0, I'm curious now. Do outside wifi networks affect a pentest at all? I know you would be looking for rogue APs internally, but I'm curious about outside networks. I also got to show off a homemade directional antenna at my presentation, pretty cool stuff.

rance, nobody would admit to still using WEP.

I was fighting this battle for awhile until we had another problem with our scan guns and I convinced my boss to upgrade the scan guns rather than just replacing them with used ones.

The only really significant problem we run into with the "outside" APs is proving that they are "outside".  If you're looking for rogue access points it can get really difficult to figure out what might actually be on the client network and what is actually sitting at the law firm the floor above or the hedge fund the floor below.  The secondary risk for finding open access points outside of the client network is that employees might connect to it so that they can visit internet sites that are blocked by the corporate network.  They can get infected and then reconnect to the corporate network and cause a breach.