[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1223697003.15193.51.camel@anduril.intranet.cartel-securite.net>
Date: Sat, 11 Oct 2008 05:50:03 +0200
From: Cedric Blancher <blancher@...tel-securite.fr>
To: Anshuman G <anshu.pg@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: WiFi is no longer a viable
secure connection
Le samedi 11 octobre 2008 à 09:08 +0530, Anshuman G a écrit :
> I have turned off SSID broadcast and its pretty obscure, the password
> is obscure too, its WPA personal, i think its impossible to crack/get
> in my router without knowing SSID :D .
But your SSID is very easy to retrieve, as it is leaked every time you
associate a legitimate box to your wlan... And guess what: the regular
process of cracking a WPA PSK implies disassociating a client to sniff
the 4-way handshake. Doing this, the attacker will also sniff SSID
cleartext in the air.
Which means: *do not* rely on SSID cloaking for your security.
--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists