The wicked WEP of the WLAN is dead. Long live VPNs ...
The WEP (Wired Equivalent Privacy) crypto protocol of 802.11b utilises the RC4 cryptographic algorithm has been shown to hold serious weaknesses that just shine out in the way its used in WEP. The RC4 weaknesses outlined in a paper co-authored by Adi Shamir (the S in RSA) can be exploited by sniffing a seriously large amount of data that can be passively analysed. Combine that with previously known WEP flaws and WEP can be easily cracked.
Some attendants at HAL2001 - Hackers at Large in the Netherlands last week claimed that WEP sploit source should be out and about within a week. Passive key cracks should take from 15 minutes to 4 hours.
Update [2001-8-19 18:1:0 by vortex]: OK. It's out. Airsnort is a Linux wireless sniffer that can crack and decrypt WEP encoded packet streams of any key length. At the moment, it only supports 802.11b cards based on the Prism-2 chipset, but support for other cards (including Lucent/Orinoco cards) is likely to be only a matter of time. Currently supported cards include the: Addtron AWP-100, Bromax Freeport, Compaq WL100, D-Link DWL-650, GemTek (Taiwan) WL-211, Linksys WPC11, Samsung SWL2000-N, SMC 2632W, Z-Com XI300, and the Zoom Telephonics ZoomAir 4100.
SSL / TLS / HTTPS also (often by default) use the now-perceived-as-weaker RC4 algorithm. The consensus is that, regardless of key length, RC4 is probably still OK to use in short transactional bursts (such as communicating with a secure web server), but long continual data bursts present a higher likelyhood of data privacy compromise.
The paranoid should remain paranoid and consider switching crypto algorithms for their secure web stuff, but should also survey what all the browsers out there actually support.
.vortex