2

Apple just removed the ethernet port from new MacBooks which means we have to use Wifi! But I think WEP encryption is broken, and WPA encryption which I can't see on Mac is also broken. So Wifi means no security, right?

Anders
  • 64,406
  • 24
  • 178
  • 215
pier
  • 107
  • 1
  • 6
  • 3
    You don't have to use wifi, you can buy a Thunderbolt to Ethernet adaptor. – Mike Scott Dec 22 '12 at 18:43
  • 1
    @Mike Scott dude i don't wanna pay for a new hardware to use internet which i already have (i'm a poor guy :D ). this macbook i got is a gift. i have no money to buy such things in my life – pier Dec 22 '12 at 18:47
  • 6
    Welcome to the world of being an Apple customer. Please place your wallet in the receptacle provided and bend over the examiner's table. – Polynomial Dec 23 '12 at 11:29
  • If you come across WPS for your WiFi, deactivate it, as it allows attacks on the authentication to the network. – SaAtomic Dec 13 '17 at 12:49

4 Answers4

8

WPA2 is the only secure method. WEP and WPA are "broken". Also, WEP is easier to crack than WPA. However, any security, even WEP, is better than no security as it will effectively prevent opportunistic connections to your network.

I just checked and indeed the new Mac Books Pro don't have an Ethernet port. All I can say is WTF?!?

Matrix
  • 3,988
  • 14
  • 25
  • yes WTF ! i think even WPA2 can broke same as WPA1 broken ! WIFI is really not a good idea, i don't wanna buy any new hardware to use internet and i can't use internet with my macbook securely, god dammit – pier Dec 22 '12 at 18:46
  • 2
    WPA2 is very much different from WEP/WPA and is not broken. Also, regardless of the security used on WLAN you can establish a secure VPN tunnel over WLAN and access the Internet that way. – Matrix Dec 22 '12 at 18:55
  • mac OS (snow leopard) don't even have WPA1 ... and VPN cost money and slow also down internet to watch youtube ... – pier Dec 22 '12 at 18:59
  • How can you have Snow leopard and the latest MacBook Pro? They come with Mountain lion. And both should support WEP/WPA/WPA2 out of the box. See if it works with a WLAN access point/router instead of a Windows laptop. – Matrix Dec 22 '12 at 19:05
  • some of my softwares don't work on lion so i installed snow leopard ... WLAN access point/routher is a free software or a paid hardware ? what's problem with windows laptop as hotspot ? – pier Dec 22 '12 at 19:15
  • also WPA2 i don't think so be secure : https://encrypted.google.com/search?q=WPA2+break – pier Dec 22 '12 at 19:16
  • It's WPA, not WPA1. And WPA2 is more secure (generally) because it uses the CCMP encryption method, based on AES. WPA on the other hand uses TKIP, which is far weaker, being based on RC4. WEP also uses RC4, but in an extremely bad way that enables very rapid key recovery. – forest Dec 13 '17 at 12:51
5

wpa2 is still the best choice currently.

watch out for wps brute force attempts against a pin, make sure you have a router that you can turn wps off.

http://code.google.com/p/reaver-wps/

Oscalation
  • 322
  • 2
  • 10
  • what is wps ? only WPA2 exist which looks not secure because of handshake ... (http://www.cloudcentrics.com/?p=2059) – pier Dec 22 '12 at 19:47
  • 1
    Nothing is secure if you use a weak password. Only weak passwords can be cracked. – Matrix Dec 22 '12 at 20:18
  • a strong password, over an open wifi connection while not ussing SSL doesnt do anyone any good. Nor does using a strong password on a website that stores the password in an unencrypted database or text file that is chmodded to 755 – Oscalation Dec 22 '12 at 20:28
  • 2
    @pier Wifi protected setup http://arstechnica.com/business/2012/01/hands-on-hacking-wifi-protected-setup-with-reaver/ – Oscalation Dec 22 '12 at 20:29
2

Use WPA2 and turn off WPS if ur router supports it since this is a major security flaw.

WPS: http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup

K1773R
  • 121
  • 2
0

802.11 until "802.11ad" uses unencrypted management packets no matter what encryption type you use, and will be vulnerable to DOS from a wristwatch that could throw De-authentication packets. Even enterprise grade RADIUS implementations have recently been proven to be vulnerable within 24 hours or less. Now, when your dealing with autonomous quadrotors, swiping your handshake, and using a distributed computing cluster to crack your personal/WPA2 using multi-instance Dictionary-Supplemented-bogosort-bruteforce, MAC spoofing your client, even a 63-Character(64 HEX) CCMP VLAN won't help you.

Now with cognitive Radio, it opens a new level of spoofy goodness. Now an attacker will have to implement a "brutespoof" of their MAC spoofing algorithm(similar to aireplay-ng) to attempt to resolve the victims MAC CR algorithm.

Perhaps a ghetto CR MAC implementation could be thrown together using Cron Jobs on a DDWRT/Openwrt router so that both the client, and the router are constantly spoofing their MAC at a mathematically synchronous rate. Unfortunately it then becomes a matter of hardware speed & luck.

Humphry
  • 9
  • 1