Re: wi-fi security?

To: debian-user@lists.debian.org
Subject: Re: wi-fi security?
From: Celejar <celejar@gmail.com>
Date: Mon, 31 Aug 2009 17:52:38 -0400
Message-id: <[🔎] 20090831175238.1978f91d.celejar@gmail.com>
In-reply-to: <[🔎] 200908311255.50859.bss@iguanasuicide.net>
References: <[🔎] ecfa260c0908050445l7c843b7qe4aef3263254741f@mail.gmail.com> <[🔎] 200908051227.31515.bss@iguanasuicide.net> <[🔎] 20090831020457.c4bb517b.celejar@gmail.com> <[🔎] 200908311255.50859.bss@iguanasuicide.net>

On Mon, 31 Aug 2009 12:55:46 -0500
"Boyd Stephen Smith Jr." <bss@iguanasuicide.net> wrote:

...

> Actually, I think I was referring to the earlier 12 to 15 minute attack, 
> although I didn't get either from slashdot.

http://www.itworld.com/security/57285/once-thought-safe-wpa-wi-fi-encryption-cracked

http://it.slashdot.org/article.pl?sid=08/11/06/1546245&tid=76

> In any case, it would appear that I was mis-remembering the severity of the 
> attack.  Breaking the TKIP would let the attacker on the network, but it 
> wouldn't necessarily let them sniff your packets.

The article actually claims that inbound packets from the AP *are*
readable with the attack, although outbound packets aren't:

"There, researcher Erik Tews will show how he was able to crack WPA
encryption, in order to read data being sent from a router to a laptop
computer.

To do this, Tews and his co-researcher Martin Beck found a way to break
the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a
relatively short amount of time: 12 to 15 minutes, according to Dragos
Ruiu, the PacSec conference's organizer.

They have not, however, managed to crack the encryption keys used to
secure data that goes from the PC to the router in this particular
attack"

The article on the new attack also claims that packets can be read:

http://www.networkworld.com/news/2009/082709-new-attack-cracks-common-wi-fi.html

http://hardware.slashdot.org/story/09/08/27/180249/WPA-Encryption-Cracked-In-60-Seconds

"Computer scientists in Japan say they've developed a way to break the
WPA encryption system used in wireless routers in about one minute.

The attack gives hackers a way to read encrypted traffic sent between
computers and certain types of routers that use the WPA (Wi-Fi
Protected Access) encryption system. The attack was developed by
Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe
University, who plan to discuss further details at a technical
conference set for Sept. 25 in Hiroshima."

Celejar
-- 
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

Reply to:

References:
- wi-fi security?
  - From: Zachary Uram <netrek@gmail.com>
- Re: wi-fi security?
  - From: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>
- Re: wi-fi security?
  - From: Celejar <celejar@gmail.com>
- Re: wi-fi security?
  - From: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>

Prev by Date: Re: avoid debian net installerto fetch security and volatile
Next by Date: Re: wi-fi security?
Previous by thread: Re: wi-fi security?
Next by thread: Re: wi-fi security?
Index(es):
- Date
- Thread