Comments on: Another one bites the dust, first WEP, now WPA and GSM http://www.nycresistor.com/2009/08/30/another-one-bites-the-dust-first-wep-now-wpa/ We learn, share, and make things Wed, 08 Feb 2012 21:30:00 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: GlennF http://www.nycresistor.com/2009/08/30/another-one-bites-the-dust-first-wep-now-wpa/comment-page-1/#comment-6020 GlennF Sun, 13 Sep 2009 06:40:08 +0000 http://www.nycresistor.com/?p=2064#comment-6020 "Now the next ‘uncrackable’ standard, WPA, can be cracked in 60 seconds"<br><br>Except that's incorrect. The exploit that was reported on doesn't crack WPA. It's a quite specific, clever, and interesting approach that requires man-in-the-middle physical interposition between an AP and client, only works on very short packets (currently only ARP), and works only on the per-packet MIC keys. “Now the next ‘uncrackable’ standard, WPA, can be cracked in 60 seconds”

Except that's incorrect. The exploit that was reported on doesn't crack WPA. It's a quite specific, clever, and interesting approach that requires man-in-the-middle physical interposition between an AP and client, only works on very short packets (currently only ARP), and works only on the per-packet MIC keys.

]]> By: GlennF http://www.nycresistor.com/2009/08/30/another-one-bites-the-dust-first-wep-now-wpa/comment-page-1/#comment-5733 GlennF Sun, 13 Sep 2009 02:40:08 +0000 http://www.nycresistor.com/?p=2064#comment-5733 "Now the next ‘uncrackable’ standard, WPA, can be cracked in 60 seconds"<br><br>Except that's incorrect. The exploit that was reported on doesn't crack WPA. It's a quite specific, clever, and interesting approach that requires man-in-the-middle physical interposition between an AP and client, only works on very short packets (currently only ARP), and works only on the per-packet MIC keys. “Now the next ‘uncrackable’ standard, WPA, can be cracked in 60 seconds”

Except that's incorrect. The exploit that was reported on doesn't crack WPA. It's a quite specific, clever, and interesting approach that requires man-in-the-middle physical interposition between an AP and client, only works on very short packets (currently only ARP), and works only on the per-packet MIC keys.

]]> By: openfly http://www.nycresistor.com/2009/08/30/another-one-bites-the-dust-first-wep-now-wpa/comment-page-1/#comment-5730 openfly Tue, 08 Sep 2009 18:00:20 +0000 http://www.nycresistor.com/?p=2064#comment-5730 There's networks... and then there's networks. >=P There's networks… and then there's networks. >=P

]]> By: Wangateur http://www.nycresistor.com/2009/08/30/another-one-bites-the-dust-first-wep-now-wpa/comment-page-1/#comment-5725 Wangateur Thu, 03 Sep 2009 21:56:36 +0000 http://www.nycresistor.com/?p=2064#comment-5725 The only secure computer is locked in a bank vault with no power source and a guard with a gun out front ... and even he can be bribed with a bottle of booze!!!!! The only secure computer is locked in a bank vault with no power source and a guard with a gun out front … and even he can be bribed with a bottle of booze!!!!!

]]> By: ericskiff http://www.nycresistor.com/2009/08/30/another-one-bites-the-dust-first-wep-now-wpa/comment-page-1/#comment-5724 ericskiff Thu, 03 Sep 2009 04:39:02 +0000 http://www.nycresistor.com/?p=2064#comment-5724 Yarr - we're brazen with our connectivity, matey.<br><br>That, and we're also boring. The general populace at Resistor has nothing of<br>note in their open shares, and isn't that worried about you reading their<br>gmail. They walk right away from their laptops, partially in trust that the<br>other folks we invite in aren't jerks.<br><br>I'm not saying it's 100% right, but those of us that need better security<br>layer that on top of the open web with SSH, VPNs, and HTTPS.<br><br>That said, a guest course along the lines of "Don't get hacked! - basic<br>guidelines for keeping your laptop safe" might be a good thing to have :)<br><br>-E Yarr – we're brazen with our connectivity, matey.

That, and we're also boring. The general populace at Resistor has nothing of
note in their open shares, and isn't that worried about you reading their
gmail. They walk right away from their laptops, partially in trust that the
other folks we invite in aren't jerks.

I'm not saying it's 100% right, but those of us that need better security
layer that on top of the open web with SSH, VPNs, and HTTPS.

That said, a guest course along the lines of “Don't get hacked! – basic
guidelines for keeping your laptop safe” might be a good thing to have :)

-E

]]> By: Foxx http://www.nycresistor.com/2009/08/30/another-one-bites-the-dust-first-wep-now-wpa/comment-page-1/#comment-5722 Foxx Thu, 03 Sep 2009 03:45:48 +0000 http://www.nycresistor.com/?p=2064#comment-5722 Its sad to see how many people ay NYC Resistor have open shares with no passwords or logins on their laptops, bluetooth running, and wifi auto connect to an insecure access point. People dont even take care to deactivate the bluetooth for their cell phones. Iv'e been very disappointed. People need to think a little harder about where, when, and how their wireless technology in put into use. Its sad to see how many people ay NYC Resistor have open shares with no passwords or logins on their laptops, bluetooth running, and wifi auto connect to an insecure access point. People dont even take care to deactivate the bluetooth for their cell phones. Iv'e been very disappointed. People need to think a little harder about where, when, and how their wireless technology in put into use.

]]> By: Hans-Christoph Steiner http://www.nycresistor.com/2009/08/30/another-one-bites-the-dust-first-wep-now-wpa/comment-page-1/#comment-5714 Hans-Christoph Steiner Mon, 31 Aug 2009 22:58:53 +0000 http://www.nycresistor.com/?p=2064#comment-5714 Wow, and now Skype too:<br><br><a href="http://tech.slashdot.org/story/09/08/30/238249/Skype-Trojan-Can-Log-VoIP-Conversations" rel="nofollow">http://tech.slashdot.org/story/09/08/30/238249/...</a> Wow, and now Skype too:

http://tech.slashdot.org/story/09/08/30/238249/…

]]>