Politech mailing list archives

Previous By Date Next
Previous By Thread Next

FC: Researchers find flaws in 802.11 wireless security standard

From: Declan McCullagh <declan () well com>
Date: Tue, 07 Aug 2001 07:26:26 -0400
Also see:

Risks of Microsoft Passport
We all know the risks of trusting DNS and the fact that users click OK when
presented with certificate warnings in their browser. So what happens when
you build a single sign-on model for e-commerce that leverages these
technologies? You end up with some risks that users might not expect.
Microsoft's ambitious Passport service uses these common Internet
standards. Avi Rubin and Dave Kormann from AT&T Research Labs document the
risks of the Passport system in their research report, "Risks of the
Passport Single Signon Protocol".
http://avirubin.com/passport.html

----

Date: Tue, 07 Aug 2001 07:04:09 -0400
From: Avi Rubin <rubin () research att com>
Organization: AT&T Labs - Research
To: Declan McCullagh <declan () well com>
Subject: You may find this interesting - we broke WEP

We have a new paper:

Using the Fluhrer, Mantin, and Shamir Attack to Break WEP
by
Adam Stubblefield, John Ioannidis, and Aviel D. Rubin

Abstract

We implemented an attack against WEP, the link-layer security protocol
for 802.11 networks. The attack was described in a recent paper by
Fluhrer, Mantin, and Shamir. With our implementation, and permission of
the network administrator, we were able to recover the secret key used
in a production network, with a passive attack. The WEP standard uses
RC4 IVs improperly, and the attack exploits this design failure. This
paper describes the attack, how we implemented it, and some
optimizations to make the attack more efficient. We conclude that 802.11
WEP is totally insecure, and we provide some recommendations.
        
The paper is available at http://www.cs.rice.edu/~astubble/wep/


Take care,
Avi


---------------------------------------
Avi Rubin, AT&T Labs - Research
http://avirubin.com/

* New Book * White-Hat Security Arsenal
http://white-hat.org/
---------------------------------------




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: