Penetration Testing mailing list archives
Wireless Pen Test
From: christopher.riley () r-it at
Date: Thu, 27 Nov 2008 10:27:01 +0100
Recently there has been some research released on attacks against WPA using TKIP. From my understanding this flaw is in the TKIP implementation and is also something that needs to be taken into consideration for WPA2. Joshua Wright have a SANS webcast on it last week I believe. You can view the presentatio here --> https://www.sans.org/webcasts/show.php?webcastid=92188. WPA2 is also open to brute force attacks as well. After all the encryption is only as good as the encryption key used (unless it's using Radius authentication). If the WPA2 Key is set to the name of the company, then it's pretty insecure. Another consideration is the Rainbow tables created by the Church of Wifi --> http://www.renderlab.net/projects/WPA-tables/ These are limited to a set list of SSID's, so unless your WPA2 install is using a default SSID like netgear, then these won't really help. Still worth a look though. Hope this helps, Chris John Riley pen-test-return-1078487520 () securityfocus com Gesendet von: listbounce () securityfocus com 26.11.2008 21:25 An pen-test () securityfocus com Kopie Thema Wireless Pen Test Hi All, Is there any tool available to break WAP2 encryption (I searched a lot but was not able to find any). I know using Aircrack (Airodump and Aireplay), WEP and WPA key can be breaked. But if the encyption is WPA2 can we give a reasonable assurance to the client that the Wifi network is secure from outside. Thanks and Regards Anshuman ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------ ---------------------------------------- Raiffeisen Informatik GmbH, Firmenbuchnr. 88239p, Handelsgericht Wien, DVR 0486809, UID ATU 16351908 Der Austausch von Nachrichten mit oben angefuehrtem Absender via E-Mail dient ausschliesslich Informationszwecken. Rechtsgeschaeftliche Erklaerungen duerfen ueber dieses Medium nicht ausgetauscht werden. Correspondence with above mentioned sender via e-mail is only for information purposes. This medium may not be used for exchange of legally-binding communications. ---------------------------------------- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- RE: Wireless Pen Test, (continued)
- RE: Wireless Pen Test Harit, Saurabh (IE10) (Nov 28)
- Re: Wireless Pen Test m0rebel (Nov 28)
- RE: Wireless Pen Test Rui Pereira (WCG) (Nov 28)
- RE: Wireless Pen Test Cedric Blancher (Nov 28)
- Re: Wireless Pen Test Paul Melson (Nov 28)
- RE: Wireless Pen Test Rui Pereira (WCG) (Nov 28)
- Re: Wireless Pen Test Samuel Korpi (Nov 28)
- Re: Wireless Pen Test Joshua Wright (Nov 28)
- Message not available
- Re: Wireless Pen Test anshuman sharma (Nov 28)
- Re: Wireless Pen Test Kevin Horvath (Nov 28)
- Re: Wireless Pen Test Kevin Horvath (Nov 30)
- Re: Wireless Pen Test anshuman sharma (Nov 28)
- Wireless Pen Test christopher . riley (Nov 28)