I have heard before from security researchers that WEP could be broken much faster than current public estimates; this is another step towards what I believe some private organizations have available to them to break a WEP-protected network. The researchers note that their attacks are specific to WEP, but should work with dynamic WEP (802.1X with WEP keys), although each station gets a unique WEP key in that scenario that would increase the time to break.

The best you can say about WEP, along with MAC address restriction and closed networks, is that it's a "no trespassing" sign designed to alert people that your network isn't available for public use. Cracking a WEP key and then using a network would be a crime in many U.S. states and other jurisdictions.

The practical upshot is that anyone who has relied on WEP for even a shred of security, thinking that 15 to 30 minutes of active network data would need to be obtained (if they even knew that) should just give up any pretense. WEP was already dead. These researchers have dug it up, had a party with it as the guest of honor, and re-interred it even deeper.

You can download their very clearly written paper as a PDF. [link via Slashdot]

Read more at: http://wifinetnews.com/archives/007533.html.