lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 11 Oct 2008 05:50:03 +0200
From: Cedric Blancher <blancher@...tel-securite.fr>
To: Anshuman G <anshu.pg@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: WiFi is no longer a viable
	secure	connection

Le samedi 11 octobre 2008 à 09:08 +0530, Anshuman G a écrit :

> I have turned off SSID broadcast and its pretty obscure, the password
> is obscure too, its WPA personal, i think its impossible to crack/get
> in my router without knowing SSID :D .

But your SSID is very easy to retrieve, as it is leaked every time you
associate a legitimate box to your wlan... And guess what: the regular
process of cracking a WPA PSK implies disassociating a client to sniff
the 4-way handshake. Doing this, the attacker will also sniff SSID
cleartext in the air.

Which means: *do not* rely on SSID cloaking for your security.


-- 
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ