Re: All Ur WiFi(WPA) R Belong 2 PacSec

[n3td3v <xploitable () gmail com>]

we're still not buying a ticket for pacsec and making you money
through spam techniques where you buy a security researcher with some
0day and then spam fuck out of mailing lists about it and expect
people to come flooding to your security conference and make you a
millionaire. no we will be sitting on the mailing lists and watching
cnet news about the discovery and won't be giving one cent to you.
cheers very much for your spam that you do per security conference
that you organise, the internet hates you.

On Fri, Nov 7, 2008 at 6:57 AM, Dragos Ruiu <dr () kyx net> wrote:
> Just as a heads up, one of the author(s) of the first practical crypto
> attack against WPA secured wireless networks, besides
> launching a dictionary attack when a weak pre-shared keys(PSK)
> are used, Erik Tews, will be speaking at PacSec in Tokyo, on
> Thursday next week. More specifically, his attack uses a
> combination of protocol weaknesses and cryptographic
> weaknesses to compromise TKIP encryption. The attack
> lets the attacker inject seven packets into the network,
> per decrypt window. It's an interesting attack, because it
> also hints at other attack forms, so it is rather open
> ended research.
>
> You should discontinue use of TKIP is my recommendation.
>
> The problem with this is that most AP implementations that
> I have seen will automatically drop back to TKIP from CCMP(AES)
> to support older clients. You should disable this if you are
> given the option on your AP or WiFi router configuration.
> Unfortunately how to do this varies on each router's
> configuration systems, and some routers do not
> provide facilities to do this.
>
> If you aren't given the option to disable this, you might want
> to think about getting a different Access Point or WiFi Router. :-)
>
> You should seriously consider using some higher level
> encryption facilities such as a VPN, IPsec, or SSH
> to secure your communications over wireless.
> Look at ssh -D <port> (or equivalent putty options)
> to a wired host and the socks proxy options on
> your browser to use that port on localhost, when
> surfing over wireless.
>
> On some equipment CCMP is called WPA2 and TKIP is WPA.
> The WPA spec leaves support of CCMP(AES) optional
> while the WPA2 spec mandates both TKIP and AES
> capability.
>
> Important WPA/WPA2 Recommendations:
>
> -Use only CCMP(AES).
> -Disable Negotiations to TKIP from CCMP(AES).
> -If you must use TKIP, rekey every 120 seconds.
>
> Quote:
> To prevent this attack, we suggest using a very short rekeying time,
> for example 120 seconds or less. ... The best solution would be
> disabling TKIP and using a CCMP only network.
>
> Oh, P.S. AFAIK some of the code to do this attack is out :).
>
> If you want to find out more, you have to come to PacSec. :-)
> The details are fairly intricate but the bottom line is above.
> Consider yourselves duly warned.
>
> cheers,
> --dr
>
> --
> World Security Pros. Cutting Edge Training, Tools, and Techniques
> Buenos Aires, Argentina   Sept. 30 / Oct. 1 - 2008    http://ba-con.com.ar
> Tokyo, Japan  November 12/13 2008  http://pacsec.jp
> Vancouver, Canada  March 16-20 2009  http://cansecwest.com
> pgpkey http://dragos.com/ kyxpgp

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/