NSAShow Podcast - E02 - Wi-Fi Protected Setup, Battered or Broken?

In episode 02 of the show, Andrew vonNagy hosts and welcomes guests Matthew Gast from Aerohive and Dan Cybulskie from Simply Wi-Fi to the show to talk about the recently announced Wi-Fi Protected Setup vulnerability. Matthew brings Wi-Fi expertise to the show through his work at Aerohive, participation in the IEEE 802.11 standard, and as acting task chair for Wi-Fi Alliance security task groups. Dan brings extensive Wi-Fi security knowledge and has performed quite a bit of research into the WPS vulnerability since the announcement.

Head on over the the NSAShow website to see the full show notes and listen to this episode!


NSAShow - A New Wi-Fi Podcast!

A new podcast for the New Year!

I'd like to point my readers' attention to a new Wi-Fi podcast, the No Strings Attached Show (NSAShow).

As Wi-Fi professionals, we felt the void left after the Wireless LAN Professionals podcast was concluded (big love to Keith for creating such an awesome resource for the community). A few of us even contributed to other networking focused podcasts, such as the highly successful Packet Pushers Podcast. But overall there is just a lack of relevant discussion on Wi-Fi topics available.

The NSAShow podcast is intended to fill that gap with high-quality, independent, wireless content by providing regular discussion on current Wi-Fi industry topics. Podcast content will be focused on a real-world look at technology and solutions without the marketing fluff. Our goal is to be honest and fair in evaluating the benefits and limitations of Wi-Fi technology, without vendor bashing. We will also cover emerging technologies so that Wi-Fi professionals are prepared to plan, design, and integrate new solutions based on these technologies.

With this in mind, we created the No Strings Attached Show.

Our hosts come from varying backgrounds within the industry, but two things are constant - we are all independent and each of us has a genuine passion for Wi-Fi. We love learning, designing, deploying, and supporting the technology and are not bound by devotion to any one vendor. This means a lot to us! It helps keeps us focused on Wi-Fi as a technology for the greater good, without vendor bias.

Our contributors come from various VARs, partners, and enterprise customers, providing the show and our listeners with insights on technology from various perspectives. We also bring our collective years of experience to the show, so we can cut through the proverbial fat and focus on the aspects that matter most in real-world deployments. We hope this translates into content that people care about and want to listen to.

Blake KroneDigital Lifestyle@BlakeKrone
Sam ClementsSC-WiFi@Samuel_Clements
Jennifer HuberWireless CCIE, here I come!@JenniferLucille
Andrew vonNagyRevolution Wi-Fi@RevolutionWiFi
George StefanickMy 802.11@wirelessguru
Chris LyttleWiFi Kiwi’s Blog@WiFiKiwi

Episode #1 - Tools to Become an RF Whisperer
In this episode we take a look at some of the software tools used by some of the top Wireless engineers on a day to day basis. We start of by looking at Ekahau Site Survey and AirMagnet Survey Pro. Each of these applications have their pros and cons as we explain their differences and how they work. Next we roll into RF analysis tools such as Cisco Spectrum ExpertMetageek Chanalyzer, and finallyAirMagnet SpectrumXT. Listen as the discussion goes from what’s the best software tool to use to a hot topic out there today: where is Cisco’s USB adapter to keep up with the ever changing form factors of laptops? Finally we end the show with a brief discussion regarding packet capture tools like WiresharkWildPackets, and AirMagnet WiFi Analyzer.

We hope you enjoy this first episode, we had a lot of fun recording it and are looking forward to your feedback for future episodes!

*Note - Episode 1 was originally published earlier today (4-Jan) for several hours until an error with the episode was brought to our attention and the episode was pulled temporarily. If you listened to the show at that time, then you likely missed the last topic segment and show closing (about 12 min). Please listen to the episode again at this time to hear the full show content. Our apologies as we work out the kinks (we're new to this after all).

Future Episodes
The team plans to release podcast episodes on a regular basis. Unlike the first episode, not all of us will be on every show. We will take turns hosting episodes as topics and expertise dictate, likely one or two of us per-show.

We have tons of ideas for shows already, but welcome ideas and submissions from the community! Additionally, we plan on bringing guests onto the show to discuss relevant topics and have a few lined up already.

The podcast team will be present at the upcoming Wi-Fi Mobility Symposium and Wireless Field Day 2 events in late January, so keep an eye out for coverage of those events.

How to Follow the Show
Simply stated, we have a passion for Wi-Fi and want to facilitate knowledge sharing within the industry. But we can't do it alone! After all, we don't know everything about Wi-Fi. That's where we bring in guests to share relevant information on the show with the broader community. Through the associated website and blog we will also incorporate listener feedback and input. If you're a vendor or Wi-Fi professional and would like to contribute to the podcast or blog, contact any one of us.

So head on over to the website, subscribe to the full-site RSS feed or the podcast-only RSS feed, follow @NSAShow on Twitter, and subscribe to the podcast in iTunes. Then leave us a comment if you have feedback or something to share!

Let us know what you think!


Wi-Fi Article Round-Up: 2012-Jan-04

A recap of interesting Wi-Fi and IT industry articles from around the interwebs.

Wi-Fi Articles:
Check out the brand new No Strings Attached Show (NSAShow) podcast for Wi-Fi professionals! It's an independent podcast created to focus on Wi-Fi industry topics. We  hope you enjoy it!
E01 – How to Become an RF Whisperer: "Welcome to episode 1 of the NSA Show Podcast! In this episode we take a look at some of the software tools used by some of the top Wireless engineers on a day to day basis."
WPS (Wi-Fi Protected Setup) is severely compromised due to weaknesses in protocol design.
Researchers publish open-source tool for hacking WiFi Protected Setup: "On December 27, the Department of Homeland Security's Computer Emergency Readiness Team issued a warning about a vulnerability in wireless routers that use WiFi Protected Setup (WPS) to allow new devices to be connected to them. Within a day of the discovery, researchers at a Maryland-based computer security firm developed a tool that exploits that vulnerability, and has made a version available as open source."
This impacts SOHO and consumer use and should not be of concern for most enterprises. I'm baffled why WPS would be used instead of a standard WPA Pre-Shared Key (PSK); the only reason I can conjure is that WPS doesn't require router setup of any kind by the user, which is probably simpler for some technically illiterate users. There is some raw data on the scope of potential impact (26.3% estimated) based on public wardriving data collected by Dan Kaminsky and WIGLE. An exploit tool is in the wild, having been quietly worked on by Tactical Network Solutions for over a year. WPS PINs can be cracked in 4-10 hours folks!
Also read the detailed paper submitted to CERTHome users should disable WPS if possible. A demo is available by Dan over at NCI.
White-space Wi-Fi, now approved (in one city, at least)!
Wireless CCIE, here I come!: White Spaces - new wireless space launched: "KTS Wireless is the first manufacturer of a wireless device to take advantage of the white spaces spectrum re-allocation for wireless communications. They have participated in city wide trials of white space usage in Claudeville, VA and Wilmington, NC."
More info is available over at Ars Technica and Engadget.
There are so many Wi-Fi predictions for 2012, but I like this one the best!
Ruckus Wireless Wi-Fi predictions for 2012: "Wi-Fi capacity will become just as important an issue as Wi-Fi coverage in 2012 and service providers will have to deploy Wi-Fi networks with the bandwidth to cope with highly populated and dense environments"
Also check out these Wi-Fi predictions by PC Magazine (consumer focused), and inversely a list of things in tech that won't change in 2012 by GigaOm (I personally like #10 - The MacBook Air is what you get, and you'll like it!).
Wi-Fi offload will be most successful with user-controlled Wi-Fi offload preferences (not carrier controlled)!
Kineto looks to broaden potential of Wi-Fi off-load: "The potentially more compelling new feature is Smart Offload,which allows carriers and end users to choose and prioritize traffic to be off-loaded to Wi-Fi according to the whether the hotspot they are off-loading to is public or private. That feature could help carriers and users avoid the off-loading of especially sensitive traffic to public hotspots where inconsistent performance may be encountered,while letting them automatically off-load all of their traffic when logged on to a reliable private hotspot."
Most of the discussion about carrier offload focuses on data traffic and so-called "seamless" offload which implies automatic connection control by the carrier. I think that is the wrong approach, as most Wi-Fi networks are private and connections should be visible and controlled by the end-user while maintaining ease of use through persistent preference settings in the device. Offload of voice, messaging, and RCS services could also provide a more compelling offload proposition for users, especially where cellular coverage is spotty even for voice calls.
DHCP has bigger implications on the performance and security of wireless LANs than you might expect. Find out why by reading this great blog post by Marcus Burton over at CWNP.
DHCP for Wireless LAN Clients: "poor DHCP planning for your network could have a significant impact on WLAN service availability. For that reason, and for troubleshooting problems that will inevitably arise, any WLAN engineer should know the three primary ways to manage DHCP in a WLAN: bridging, relay, and proxy. We spend a lot of time and energy improving our RF environments; it would be a real shame to let DHCP ruin client connectivity."
This has to be a first of some sort! Kuala-Lumpur is mandating Wi-Fi access in some city food courts. Operators must comply by April!
Eateries to offer Wi-Fi service in April: "THE requirement for restaurants and eateries in the city centre to be Wi-Fi ready will be enforced by City Hall as early as April."
Also in the "weird news" category, Japanese vending machines now offer free Wi-Fi hotspots. Japan always takes gadget-craze to a whole new level!
Japanese vending machine doubles as WiFi hotspot -- no purchase required: "Japanese company Asahi has just unveiled an advanced dispenser that's capable of doubling as a WiFi hotspot, so good luck getting through the mobs of leechers just to buy a soda. The machine sends out the internet waves free of charge and covers about 164 feet around it"
IT Industry Articles:
What should a healthy partnership between a vendor and a VAR look like? Here's one VAR perspective on the challenges and some potential solutions by Matthew Norwood.
You Never Mentioned Me To The Client: "How bad do you want people to sell your product? If you put all of the load on the partner or distributor, with minimal contribution from the vendor side, don’t expect to get mentioned to clients. That’s not a partnership. It’s a pyramid scheme."
A true look at spectrum holdings by the major U.S. cellular carriers is eye-opening! Verizon has a definitive advantage over AT&T. Clearwire is also in a good position if it can bring a solid solution to market.
Meet the spectrum bosses: "While AT&T was distracted trying to buy T-Mobile, Verizon Wireless quietly negotiated deals with the cable providers to buy up their unused SpectrumCo 4G licenses. The Yankee Group has prepared a nifty graphic that details the current spectrum holdings of the big boys in the top 10 markets as well as what Verizon could gain by buying up the cable operators licenses"
Michael Mace at Mobile Opportunity explains the real reason why WebOS failed: lack of a killer feature. Sure there were performance problems and some bugs, but that's normal for new operating system. It needed more time and patience to work out those bugs. But HP jumped ship too soon, and Palm never gave consumers enough reason to pick up the platform in the first place.
Mobile Opportunity: Why Web OS Really Failed, and What it Means for the Rest of Us: "Palm was not rich enough and HP was not patient enough to keep investing after the first versions showed a lot of flaws.  And more importantly, there was nothing compelling enough about either product to make people buy it despite those flaws."
Other Articles:
On the personal improvement, self-actualization front, read this list of 30 things you should STOP doing. There are so many good points in this article, that I won't call out any in particular. Just go read it!
30 Things to Stop Doing to Yourself: "As Maria Robinson once said, “Nobody can go back and start a new beginning, but anyone can start today and make a new ending.”  Nothing could be closer to the truth.  But before you can begin this process of transformation you have to stop doing the things that have been holding you back."
On the lighter side, I absolutely LOVE this!
John Lennon’s Imagine – WiFi Version
"Imagine there’s no interference
Clients with neg 60 RSSI
No wireless baby cameras
No end users with MiFi
Imagine all the mobile devices, supporting 11a"
Comic for the Week:
Siri strikes again!

Cheers (and happy reading)!