Do you think that the wireless security standards were made weak on purpose? It's hard to imagine any group of engineers being so stupid by accident. Any thoughts?

It makes me wonder whether WEP was just the Clipper chip in disguise. In other words, was it made that way so the gov should easily eavesdrop? I tend to think not because they can't control who uses wireless and where, but it keeps me wondering.

I mean, I made dumb mistakes myself, but I just can't imagine anyone so incrediblely (sp?) stupid after working on it so "hard". Thoughts?

I can see two points of view in the wireless weakness

1. Is the company that develope the products so fast to win the market to the other company so they can sell more and also the idea of sell the "upgraded products" so the user have to buy new products so the can feel "secure"

2. The other point is the one you already mentioned, who want more than anybody to control the information that is in the user computers, of course the government, Why they autorize to sell products that obviously make networks insecure, why they dont make the manufacturers to have the WEP encryptation ON by default and not to be "optional" activated by the user??

Sorry for my english!! VIVA MEXICO!!

I always saw security flaws in Wireless as a way for companies to make more money easily as it was said just before me.

Yes they release their product faster, so they can get the new users faster, but there is also those that gain profit from those weakeness.....as the release protection for wireless and all....so they make more money out of it....

So instead of being a one time only buyer....you get a at-least-one time buyer....so more money out of a same product....

that's how I see this....

Perhaps it was done as a sacrifice to satisfy everyone...these things were probably done in this order:

1) Speed
2) Range
3) Security

You could argue that 1 and 2 are switched, but I don't think anyone can argue that security was their number one concern. But then again - the folks that developed TCP/IP didn't care about security either, and I think that is just it...new technologies generally care more about usability than security. Whether it is right or not.

I currently use 128-bit WEP but I have my wireless network DMZ'd and no Internet access is allowed unless you are connected to my proxy/AV server. Still not foolproof, but if you architecture around the insecurities you can make up for shortcomings.

However, remember than WEP was sanctioned by the IEEEEEEEE or whatever goofs govern the standards body. I think they should have name the WEP standard "WEAK".