December 2, 2005 General 0

My responses to Security now! Episode 16:

I have some comments and I also must point out some huge flaws in Steve Gibson?s replies to some questions:

Storing stuff on a USB key really should be encrypted. Especially if the USB key is going onto a public computer. Otherwise that unencrypted file can be read by malicious software and your passwords are now compromised.

Traffic on a switch CAN be heard by other ports rather easily. A switch can be turned into a hub very easily by either putting an Ethernet card into promiscuous mode, which means it then effectively turns the whole switch into a hub for that nic. Some switches can guard against that..but those advanced switches can also have a port turned into promiscuous mode hence doing the same thing. Putting a nic into promiscuous is very very easy, especially under Linux. So by doing this you can still get the benefits of a switch for the other ports and you can sniff your traffic like you would be able to on a hub. Why steve would use a hub when a switch can do the same thing is a bit mystifying.

RC4 has been crakced via the RC4 DC project. It took a while but RC4 is not uncrackable..J

A switch is NOT going to protect your internal network from the unencrypted network traffic. If you want to run two wifi networks they need to be on their own lans. AKA Ipcop can support a 4 nic setup. One nic is green(for internal wired clients) then a blue network you can use for the encrypted wifi, then orange for the unencrypted wifi and then the RED inet interface. Traffic between gree,blue, and orange are totally iolated unless you specifically tell ipcop to pass traffic betweent he htree. To suggest that a switch will protect secured users from unsecured users is patently wrong and Steve needs to restate this.