Horrible, horrible short answer to a question on Wi-Fi security in the Village Voice: An insanely uninformed, erratic, error-filled response from someone writing as Mr. Roboto.
Should I take the robot apart into its components? Logic dictates that I do.
The big problem with WEP isn't its frailty but the fact that hardware manufacturers rarely turn it on by default. WEP can't be turned on by default, but has to be set up since the user needs to install the same password everywhere. Microsoft, as I understand it, is the only manufacturer to have a process that sort of forces you to set up WEP.
...it's imperative that you change the system identifier (SSID), or network name, which often comes installed as an easy-to-guess factory default like, well, "default." Some networks will grant access to anyone who can type in the SSID, which means some very bad dudes could commandeer your machine as you obliviously soak up the rays.
Mr. Roboto, you don't need to know the SSID to connect to a network. Most software, including Microsoft and Apple's built-in clients, automatically display a list of all networks that are available.
If you're buying something online, for instance, make sure the bar at the bottom of the page is showing a padlock, the sign of its being encrypted. Good advice, but then: Internet Explorer users should check to see that the SSL 3.0 box is checked under the "Advanced" tab of "Internet Options." Huh? SSL is a basic option in browsers for years -- I've never even heard of this option, as no one needs to set it.
More accomplished users should download the latest Secure Sockets Layer tool kit from openssl.org. Whew. And...do what with it? OpenSSH is a kit for building secure tools or using SSH-based connections, like port forwarding. But on its own, it's not helpful.
Mr. Roboto ably explains VPNs, their utility and difficulty, but then: The good news is that the Wi-Fi industry's about to mothball WEP in favor of Wi-Fi Protected Access (WPA), which'll supposedly be simpatico with public hot spots, too. The hardware's supposed to start hitting store shelves in the fall...
WPA doesn't actually help public hot spots at all. First, all devices need to support WPA for WPA to be enabled. Second, how can public hot spots use WPA? They'd have to distribute a shared password (the pre-shared key, as it's known). Third, WPA only protects the local link, so even if it were enabled, it doesn't protect a system from your machine all the way out to the Internet. Fourth, WPA is already appearing in firmware upgrades now, and most current devices (like 802.11g equipment) should have WPA enabled soon.
Mr. Roboto needs some new positronic circuits.
(I've been reminded after posting this story that Mr. Roboto is the same fellow who wrote the cover story on Sky Dayton in Wired magazine that I eviscerated.)