Starpoint

Saw this blurb on TheRegister WPA gone in 60 seconds

I use wpa 2 on mine atm

__________________
Against the run of the mill, static as it seems

We break the surface tension with our wild kinetic dreams
Curves and lines -- of grand designs...

Tonight's movie "Soylent Green" has been brought to you by our sponsor - Waste Management

My mind is like a Steel trap - Rusty and Illegal in most states

Thorn

<sigh> Not Really. It's WPA-TKIP only. WPA2 (aka WPA-AES) isn't affected, nor is WPA-RADIUS.

There has been a lot of hype over this particular attack in the last few days, and I want people to understand that this only another partial break in WPA.

Anyone who's using WPA should not panic over this. Yes, it's compromised, but this is just a faster version of the Tews-Beck attack. Tews-Beck, basically the WEP chopchop attack with a timer, came out last year. This is very a slight refinement that reduces the time to inject from about 15 minutes to about 1 minute by offloading the CRC checks to the attacker instead of using the AP failure messages to do the work.

This attack allows disclosure of the MIC key. That in turn allows for injection of limited number of packets but does not disclose the WPA encryption key. Now, packet injection is a bad thing, but the amount that can be injected is limited by several factors.

While switching to a stronger encryption method is always a good idea, this isn't going to allow wide attacks on WPA encrypted networks. It is just a refinement to an existing, limited attack. WPA was always known to be somewhat vulnerable since it was introduced, as WPA is based on WEP for backward compatibility reasons.

The mildly paranoid among us switched to WPA2 when it was first introduced. The moderately paranoid switched to WPA-RADIUS. The truly paranoid don't even use wireless.

The bottom line is that this is another warning shot to WPA, which as I stated, has been know to be somewhat weak since its very introduction. If people are still using WPA, they ought to be actively planning to a switch to WPA2 or better, as soon as is reasonably possible.

__________________
Thorn
"Read Altas Shrugged. Compare it to today. Repeat as necessary"

streaker69

In a few more years, I'm gonna switch back to WEP because no one would possibly suspect that it would still be used.. I'll be safe that way.

__________________
Treat your gun like your genitals, only whip it out when it's absolutely necessary.

Starpoint

And change your luggage combos back to 1 2 3 4 5?

__________________
Against the run of the mill, static as it seems

We break the surface tension with our wild kinetic dreams
Curves and lines -- of grand designs...

Tonight's movie "Soylent Green" has been brought to you by our sponsor - Waste Management

My mind is like a Steel trap - Rusty and Illegal in most states

streaker69

Back? I never changed them off of it.

__________________
Treat your gun like your genitals, only whip it out when it's absolutely necessary.

Starpoint

like hiding in plain site. People will overthink things and figure no one would use them but its not a bad way to fool them

__________________
Against the run of the mill, static as it seems

We break the surface tension with our wild kinetic dreams
Curves and lines -- of grand designs...

Tonight's movie "Soylent Green" has been brought to you by our sponsor - Waste Management

My mind is like a Steel trap - Rusty and Illegal in most states

streaker69

Yeah, it's this new method of security that I came up with. I call it "Security by Obscurity". It's virtually unbeatable.

__________________
Treat your gun like your genitals, only whip it out when it's absolutely necessary.

Scruge

LOL.. Being everyone now thinks outside the box, you need to think inside to be different.

__________________
KNSGEM
A wifi boundary plotter for Google Earth
Click Me