lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <461A3B88.2080401@kennedyinfo.com>
Date: Mon, 09 Apr 2007 09:11:36 -0400
From: Troy Cregger <tcregger@...nedyinfo.com>
To: Mike Vasquez <mike.vasquez@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: WEEPING FOR WEP

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ahh those windows, drafty things, always letting the elements in, might
want to get some plastic up over em'... better yet, replace them altogether.


- -tlc

Mike Vasquez wrote:
> Nice, even better.  So that means a lot of the higher end APs that use
> sophisticated techniques (smaller IV pools, dynamic, etc) are going to
> be much less effective.  I know a few large entities that will be
> affected negatively.  Time to seriously upgrade the wireless security!
> 
> People who don't think they need more than wep are fooling themselves. 
> Kids will a) build that cool pringles can antenna to experiment... b)
> run kismet to explore the wireless around them, and c) practice their
> wepcracking on your network.  what's next?  Exploring your windows
> machines once they're on.
> 
> They'll be destructive just b/c they can.  Keylogger on your home pc? 
> cake.  Do you patch every day?  All they need is one windows
> vulnerability to get access to all your data.  Anything think that if
> they wait long enough, a windows flaw will come around?  hrm?  and
> *then* your network will be... their network.
> 
> It's really not that far fetched. 
> 
> 
> 
> On 4/6/07, *george_ou@...architect.net
> <mailto:george_ou@...architect.net>* < george_ou@...architect.net
> <mailto:george_ou@...architect.net>> wrote:
> 
>     With the newest crack released earlier this week from the German
>     researchers that reduces the number of packets by an order of
>     magnitude, that's under 1 minute on average with ARP replay on an
>     802.11g network.  About 20 seconds average if the network is going
>     full blast on its own.
>     http://blogs.techrepublic.com.com/Ou/?p=464
>      
>      
>     George
> 
>         -------- Original Message --------
>         Subject: Re: [Full-disclosure] WEEPING FOR WEP
>         From: "Mike Vasquez" <mike.vasquez@...il.com
>         <mailto:mike.vasquez@...il.com>>
>         Date: Fri, April 06, 2007 1:22 pm
>         To: full-disclosure@...ts.grok.org.uk
>         <mailto:full-disclosure@...ts.grok.org.uk>
> 
>         And traffic rate shouldn't be in the discussion either, since
>         arp-replay allows enough packets to be captured, on most home
>         equipment, in about 20 minutes if you're unlucky, and attacking
>         128-bit wep.  64 bit keys can be had in under 5 minutes, 128 in
>         under 10, and all you have to do is be connected for that length
>         of time.
> 
> 
> 
>         On 4/6/07, *george_ou@...architect.net
>         <mailto:george_ou@...architect.net>* <
>         george_ou@...architect.net <mailto:george_ou@...architect.net>>
>         wrote:
> 
>             But WPA-PSK mode is even easier to use than WEP.  Why would
>             you use WEP.  Distance isn't really a problem with a pringle
>             can antenna.
>              
> 
>             George
> 
> 
>         ------------------------------------------------------------------------
> 
>         _______________________________________________
> 
>         Full-Disclosure - We believe in it.
> 
>         Charter: 
>         http://lists.grok.org.uk/full-disclosure-charter.html
> 
>         Hosted and sponsored by Secunia - http://secunia.com/
>          <http://secunia.com/%3C/pre>
> 
>         > 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGGjuInBEWLrrYRl8RAtCzAJ9gnQ6Dhkop1UPKljj838IKdL62wwCeP8rY
3bdPwHcY5nJGOp6gRDl0JO4=
=NLCA
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ