Consumer Reports at it again (again)

Last month, I griped that Consumer Reports magazine posted a blog that suggested using WEP encryption for wireless networks. As every techie has known for years, this is very poor advice. 

Apparently, enough people complained to the magazine that they updated the blog posting. But, in so doing, the magazine just confirmed my long-held opinion that when it comes to computers, they are out of their element. 

The update reads

As several readers have pointed out, there are several different data encryption standards and options currently available to protect your WiFi router and wireless network connections. Here’s the bottom line: Even though it's better than nothing at all, WEP can be broken by a determined hacker, and it's especially vulnerable in a college environment. That's why we recommend the stronger WPA.

WPA? Could this be a joke?

If you're going to recommend a security protocol for wireless networks, it's WPA2. Or, to be more technically accurate, the best encryption security is offered by AES-CCMP (commonly referred to just as AES) in conjunction with WPA2. I think it's fair to say that this is common knowledge amongst techies and has been for a long time. 

Note: WPA2 also supports TKIP, but that merely offers the same level of security as WPA. 

It's not just the poor timing of their recommending WPA shortly before a second flaw with it was revealed (technically the flaw is with TKIP, not with WPA). The first flaw goes back to November 2008 at which time the technical press was flooded with stories about moving over to WPA2 with AES-CCMP for better security.

But, even before this first flaw became known, WPA2 with AES-CCMP was the obvious best choice.

Also, that Consumer Reports is taking advice from anonymous reader comments rather than running it by an in-house expert, tells me they don't have available experts. 

And, to repeat my point from a few days ago, even with WPA2 and AES-CCMP, if you don't chose a good password, you have no security. 

Copyright © 2009 IDG Communications, Inc.

  
Shop Tech Products at Amazon