[srollyson]

Honestly, I use WEP encryption because I know that WiFi security is a house of cards in general. As you've said, it's enough to prevent the typical user from leeching bandwidth.

The nice thing about using WEP is that if someone does end up using my network for something nefarious and I end up holding the bag for it, I (or an expert witness) can point out that WEP is known to be vulnerable in court giving me an out.

[pyre]

- Until they link this post back to you, and argue that you knowingly weakened your security.

- Until they argue that the default encryption level on routers now is WPA/WPA2, so by enabling WEP you were actively lowering the security level.

- Until they argue that your technical background means that you should have known better that WEP is crackable.

[srollyson]

That's all well and good, but I have still not given authorization for the use of my network to the malicious user. An open network invites legal dispute as to whether the lack of encryption constitutes implicit permission to use the network [1]. By having encryption, even if easily cracked, I have let the malicious user that they are not welcome on my network and have absolved myself of any responsibility for their actions.

Following your reasoning, my background means that I should know that I shouldn't have a wireless network at all. There are vulnerabilities for just about any method I would use to secure a wireless network.

My important stuff is firewalled within the network. I use WEP because it's the easiest way to give network access to folks I've authorized to use my network while still letting unauthorized users know they're not welcome.

[1]: http://en.wikipedia.org/wiki/Legality_of_piggybacking

[pyre]

> Following your reasoning, my background means that I should know that I shouldn't have a wireless network at all.

It would be argued that you should have taken 'reasonable' measures to prevent unauthorized access. It could then be argued that using WEP is not reasonable, especially it you know it is easily crackable.

[jdbernard]

Should we lock our doors with bank-vault locks, since we know how easily most common door locks are picked? The fact that an attacker would have to actively bypass the security should be enough for legal purposes. It is not like an attacker could accidentally crack a WEP-protected network and not know they were doing it.

[valleyer]

No, nor should we uninstall the default deadbolt that comes with the house and replace it with a simple gate-style lock (you know, the kind you can reach over and unhook).

We should use the default standard method of locking our doors. And our Wi-Fi access points.

[rmserror]

Except he's enabled WEP because it's "more convenient" for him. It's still a strong signal that he doesn't want outsiders on the network.

A better door analogy is replacing the deadbolt with a slightly crappier one that unlocks whenever you're in bluetooth range (for "convenience"). Just because the system is "easily broken into" doesn't mean that you're not "breaking and entering" when you break the security and enter the house.

[srollyson]

Incidentally, most deadbolts are ridiculously easy to pick. I can get into my front door deadbolt in about a minute with a multitool and a safety pin bent into the shape of a pick with said multitool [1]. Unless you've upgraded your typical run-of-the-mill deadbolt to one with mushroom, spool, or serrated pins [2] it will take roughly the same effort. Those higher-security locks typically run over a hundred bucks and as such aren't what most house builders would put in a front door.

[1]: http://www.crypto.com/papers/notes/picking/

[2]: http://www.lockwiki.com/index.php/Security_pin

[singlow]

Unfortunately, I have had to enable WEP a few times for certain OS / network card / router configurations, so there are or can be compelling reasons to do this. Pretty sure it was XP though my wife's XP box is working fine with WPA2 on my current router.

However, I try to treat even my home WIFI as if it were a coffee shop. The password is there to keep leechers out, but I still vpn into a more secure location for some tasks, use SSL when connecting to sensitive services, and keep my ports locked down.

[srollyson]

You may find sshuttle interesting [1]. It's essentially VPN implemented via SSH tunnel.

[1]: https://github.com/apenwarr/sshuttle

[pyre]

The one annoying thing is that you can't do selectively do DNS over the VPN, but that's really only useful when you want to separate work / personal on the same machine at the same time.

[ZoFreX]

Buy a Nintendo DS Lite, some prefer the form factor to the newer models :)

[theGimp]

That does not make much sense. You're being paranoid and actively helpless.

WPA2 is in fact quite secure if you're careful about your passkey and who you give it to.