lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 6 Apr 2007 15:44:23 -0700
From: "Mike Vasquez" <mike.vasquez@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: WEEPING FOR WEP

Nice, even better.  So that means a lot of the higher end APs that use
sophisticated techniques (smaller IV pools, dynamic, etc) are going to be
much less effective.  I know a few large entities that will be affected
negatively.  Time to seriously upgrade the wireless security!

People who don't think they need more than wep are fooling themselves.  Kids
will a) build that cool pringles can antenna to experiment... b) run kismet
to explore the wireless around them, and c) practice their wepcracking on
your network.  what's next?  Exploring your windows machines once they're
on.

They'll be destructive just b/c they can.  Keylogger on your home pc?
cake.  Do you patch every day?  All they need is one windows vulnerability
to get access to all your data.  Anything think that if they wait long
enough, a windows flaw will come around?  hrm?  and *then* your network will
be... their network.

It's really not that far fetched.



On 4/6/07, george_ou@...architect.net <george_ou@...architect.net> wrote:
>
> With the newest crack released earlier this week from the German
> researchers that reduces the number of packets by an order of magnitude,
> that's under 1 minute on average with ARP replay on an 802.11g network.
> About 20 seconds average if the network is going full blast on its own.
> http://blogs.techrepublic.com.com/Ou/?p=464
>
>
> George
>
> -------- Original Message --------
> Subject: Re: [Full-disclosure] WEEPING FOR WEP
> From: "Mike Vasquez" <mike.vasquez@...il.com>
> Date: Fri, April 06, 2007 1:22 pm
> To: full-disclosure@...ts.grok.org.uk
>
> And traffic rate shouldn't be in the discussion either, since arp-replay
> allows enough packets to be captured, on most home equipment, in about 20
> minutes if you're unlucky, and attacking 128-bit wep.  64 bit keys can be
> had in under 5 minutes, 128 in under 10, and all you have to do is be
> connected for that length of time.
>
>
>
> On 4/6/07, george_ou@...architect.net <george_ou@...architect.net > wrote:
> >
> >  But WPA-PSK mode is even easier to use than WEP.  Why would you use
> > WEP.  Distance isn't really a problem with a pringle can antenna.
> >
> >
> > George
> >
>
> ------------------------------
>
> _______________________________________________
>
> Full-Disclosure - We believe in it.
>
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>
> Hosted and sponsored by Secunia - http://secunia.com/ <http://secunia.com/%3C/pre>
>
> >
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ