[#wimp]: WIMP

A reference to using the common graphical user interface objects: specifically the acronym comes from the terms “windows, icons, mouse pointer”. The acronym is clearly meant to be derogatory (being similar to the English word “wimp”, meaning “weakling”).

(A similar abbrviation is used for Microsoft Windows Media Player.)

[#wimplayr]: WiMP

Microsoft Windows Media Player (with a similar derogatory implication to the acronym WIMP)

Microsoft WiMP was a fairly attractive choice until version 7, when the interface added support for a new interface. Although the View menu did support flipping from the new Library look to a more old-fashioned Skin, the software started taking up a notably higher amount of resources.

An alternative project called “Media Player Classic” demonstrated a superior product with a very similar interface familiar for people who used the older WiMP versions. The Media Player Classic home page identifies that the MPC project is “now part of the mpc-hc project.” (The hyperlink to the home page for “Media Player Classic - Home Cinema&Rdquo; was added to the quoted text.)

Other alternatives include VLCPlayer, MPlayer (for Unix), and Winamp.

[#wep]: “Wired Equivalent Privacy” (“WEP”)

The term “Wired Equivalent Privacy” is simply a name, and definitely not anywhere close to being a reality. “In 2004, with the ratification of the full 802.11i standard (i.e. WPA2), the IEEE declared that both WEP-40 and WEP-104” ... “have been deprecated, as all fail to meet their security goals, and all can be easily compromised with public domain tools downloaded freely from the Internet.” (The quotes come from Wikipedia's article for “Wired Equivalent Privacy” (citing version from February 5, 2013) states, and a document from IEEE. A bit of research located a related document available from IEEE: IEEE 802.11-02/222r0 commentary on wireless security (in the format of a Word document), with the updates from exactly 21:22 March 7, 2002 rejected, states, “All pre-RSN security mechanisms have been deprecated”.)

Elite Security Auditors article called “Wired Equivalent Privacy (WEP) - Super Insecure” notes, “By 2001 a paper was published describing how WEP encryption could be cracked in less than a minute. The FBI demonstrated how WEP could be compromised in less than 3 minutes using publicly available tools in 2003.” (Actually, the FBI demonstration is more widely quoted as being in 2005, and some more informative articles tend to cite “about three minutes”. Slashdot report of WEP, and Humphrey Cheung's writings on Smallnet Builder article from March 2005 and InformationWeek article on WEP about a week later. Buy hey, why should facts get in the way?)

Wikipedia's article on “Wired Equivalent Privacy”: “Flaws” section goes on to describe some other attacks. In 2006 a group demonstrated a method to get the WEP key in under a minute. In the following year another group demonstrated an improvement upon an even earlier method, successfully breaking in more than half of the time when using data capturable in under a minute, using just 3 seconds of calculation. Additional data (capturable in about another minute) could raise the success rate to over 95%.

To be clear: WEP may be crackable faster than it takes for a person, who has all the needed credentials memorized and is familiar with the wireless device, to be able to log into the device and let the device know what key to use. By the time the administrator also spends time updating relevant documentation, enough time has passed that skilled attackers could likely already have the key in their possession (even before the official documentation has the password noted). Perhaps that is a bit overly-dramatic. Perhaps.

WEP may often be even worse than open security, because people may be inclined to feel more secure when they see software tools portray some sort of security icon (like a key, or perhaps more frequently: a closed padlock). Such a security option may effectively communicate, to the end user, that the connection is secure, when in reality it is not. This may, in turn, comfort a user sufficiently enough for the user to trust the wireless connection.

IEEE 802.11i-2004 was ratified in the year 2004 (as unsurprising as that may be), in the first half of that year (on Thursday, June 24th of that year). Any modern day organization that is willing to pay money for a security/networking/technology expert should be willing to buy equipment that is less old than that. (One reason is simply for security. Another reason is that newer equipment is likely to have better performance in areas such as speed and range.) Any company that cites budgetary reasons to compromise security by clinging onto equipment older than that is unlikely to be paying IT staff members a decently high sum of money.

The only appropriate use for WEP is compatability with some older equipment when security is a non-issue, such as in a remote house where attackers are not likely to use the signal (because there are not likely to even be attackers in range).

[#wpa]: “Wireless Protected Access” (“WPA”)

Wikipedia's article on “Wired Equivalent Privacy”: citation note 14 on the Feburary 5, 2013 revision states, “TKIP (the basis of WPA) has reached the end of its designed lifetime, has been broken, and has been deprecated”. That may sound a bit harsh. The harshness is not because TKIP deserves less criticism.

However, WPA can be implemented with TKIP or AES. So, calling TKIP “the basis of WPA” is a bit over-broad.

For further details, see: Glossary entry for TKIP.

[#wifprset]: “Wi-Fi Protected Setup” (“WPS”)

Wi-Fi protected access provides multiple methods of being able to connect to a device failry easily. In theory, this was an optional way to get security enabled very easily, including a method involving pushing a button, rather than requiring an administrator to log in and enter settings. In practice, a flaw caused this to end up being a security nightmare. Wikipedia's article on “Wi-Fi Protected setup” states, “The PIN Method is the mandatory baseline mode; every Wi-Fi Protected Setup certified product must support it.” And this method was found to have a terrible flaw.

See: Wikipedia's article on “Wi-Fi Protected setup” (the intro section discusses the security ramifactions):

“A major security flaw was revealed in December 2011 that affects wireless routers with the WPS feature, which most recent models have enabled by default. The flaw allows a remote attacker to recover the WPS PIN in a few hours and, with it, the network's WPA/WPA2 pre-shared key. Users have been urged to turn off the WPS feature, although this may not be possible on some router models.”

(Citations removed from quoted text.)

SmallNetBuilder article: “Waiting for the WPS Fix” Ars Technica article on Reaver noted that disabling WPS via a device's web interface did not work. “While the Web interface has a radio button that allegedly turns off WPS configuration, "it's still on and still vulnerable."” The inner quote comes from Craig Heffner of Tactical Network Solutions, who “said that the inability to shut this vulnerability down is widespread.”

[#wrxorexc]: Write XOR Execute (“W^X^rdquo;)

Individual bits are marked as being either writable as data, or as instructions to be executed. Attempts to write to the memory storing instructions, or attempts to have writable memory be treated as instructions to be executed, may be blocked by DEP (data execution prevention) rules.

The OpenBSD team has been known to call this “W^X”. The notation is treating the carrot (“^”) symbol as an operator for the mathematical operation called XOR. (Using the carrot to represent XOR is done in some programming languages, such as C / C++.