WPA / WPA2 … as insecure as I expected

Wireless encryption stinks. It always has. Generally, the way I secure my wireless is first to engage MAC filtering (not at all secure, but at least filters out the newbies), then I engage an SSH tunnel to a trusted box @ home with the dynamic application-level port forwarding which allows the SSH server to act as a SOCKS proxy (ssh -D 1655 validusername@ssh-server.com, where “1655” is any port #), allowing all traffic on the configured applications (Firefox, Pidgin, Mail Clients, etc) to be proxied through the tunneled SSH session, offering a secure and encrypted tunnel over a wireless signal. Here’s a cute summary on how to do this for those that need it.

One caveat: All your DNS lookups will be unencrypted, an easy way to correct this in Firefox is to go to the about:config page (just type about:config in Firefox’s address bar) and go down to network.proxy.socks_remote_dns = false and change “false” to “true”, which will force Firefox to use the SSH server (via the encrypted tunnel) for all DNS lookups.

A simple article on how easy it is to hack WPA / WPA2, also known as ROT-26 security.

Leave a Reply