Dailydave mailing list archives
Re: WPA attack improved to 1min, MITM
From: Dragos Ruiu <dr () kyx net>
Date: Wed, 26 Aug 2009 09:12:24 -0700
On 26-Aug-09, at 8:29 AM, Mike Patterson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dragos Ruiu wrote on 8/25/09 10:11 PM:The Beck/Tews WiFi WPA attack presented at PacSec has been improved (down to 1 min, MITM) by 2 .jp researchers (Ohigashi, Morii) http://bit.ly/clCpm Remember: avoid WPA/TKIP and force AES only encryption in WPA2 - don't let your access point automatically fall back automatically to the insecure TKIP/WPA mode, to be safe. (At least until any WPA2 attacks are published ;-P)At the risk of sounding like a troll, this paper looks suspiciously like one of those stuffy old useless academic style papers that Dave warned us about a month or so ago. I don't see any links to conference proceedings in the sidebar on the page, but that's about all that's missing. There's even a (useful!) abstract published. How academy is that? Could it be that perhaps the anti-academics with chips on shoulders about ivory towers aren't entirely correct? Or is this a spasm of the dieing[sic] brontosaurus?
Should have put in this link to the full paper from the conf proceedings page as someone already correctly pointed out: http://bit.ly/8qwQt The research team is scheduled to present an implementation of the attack at a conference on Sept. 25. (http://www.ieice.org/ken/paper/20090925faPH/eng/ ). (via YM Chen) The attack seems to have wider applicability than the original Beck/Tews variant it is based on as it uses chopchop during MITM without relying on 802.11e QoS extensions like Beck/Tews does, but does require interfering with AP and MITM which are additional complexity to execution. (Hat tip: Cedric Blancher) cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques Tokyo, Japan November 4/5 2009 http://pacsec.jp Vancouver, Canada March 22-26 http://cansecwest.com Amsterdam, Netherlands June http://eusecwest.com pgpkey http://dragos.com/ kyxpgp _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- WPA attack improved to 1min, MITM Dragos Ruiu (Aug 26)
- Re: WPA attack improved to 1min, MITM Mike Patterson (Aug 26)
- Re: WPA attack improved to 1min, MITM Dragos Ruiu (Aug 26)
- Re: WPA attack improved to 1min, MITM Joshua Wright (Aug 26)
- Re: WPA attack improved to 1min, MITM Cedric Blancher (Aug 27)
- Re: WPA attack improved to 1min, MITM Mike Kershaw (Aug 27)
- Re: WPA attack improved to 1min, MITM Cedric Blancher (Aug 27)
- Message not available
- Re: WPA attack improved to 1min, MITM Mike Kershaw (Aug 30)
- Re: WPA attack improved to 1min, MITM Dragos Ruiu (Aug 26)
- Re: WPA attack improved to 1min via MITM Dragos Ruiu (Aug 30)
- Re: WPA attack improved to 1min, MITM Mike Patterson (Aug 26)