Home page logo
/

dailydave logo Dailydave mailing list archives

Re: All Ur WiFi(WPA) R Belong 2 PacSec
From: wishi <brouce () gmx net>
Date: Tue, 11 Nov 2008 19:07:30 +0100

Cedric Blancher schrieb:
Le dimanche 09 novembre 2008 à 00:52 +0100, Raul Siles a écrit :
The associated whitepaper from the authors has been released on the
aircrack-ng links page:
http://dl.aircrack-ng.org/breakingwepandwpa.pdf

You can find a summary I posted earlier today about it:

http://sid.rstack.org/blog/index.php/305-des-fameuses-faiblesse-de-tkip

It is written in French, but English speaking readers can click on the
UK flag just beneath title and get a Google translated version :)



I think this a perfect example for two technologies, which aren't
vulnerable for themselves: on the one hand this attack only works on QoS
enabled Access Points, one the other hand these Access Points have to
use TKIP, too. Nevertheless of WPA I oder II, as long as no AES-CCMP is
used.
Thing is: TKIP without QoS won't allow any successful attacks, either.
But today there's a need for VoIP and other technologies which need a
good latency. Which lead me to another tought:

UCsniff has been released this week. It's a very advanced VoIP sniffer.
(http://ucsniff.sourceforge.net/)

Especially the combinations again are problematic. Now it's not just
application data, but even VoIP, which can leak. It's like a little
piece of dynamite added to the problem to make it explode.
- Because it'll take years for the mass of people to patch their
routers. Even great companies have to find a new common denominator to
apply more security without TKIP, because QoS most times is harder to
deactivate.

It seems things came together... and made a really nice explosion!
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault