[ale] wireless sanity/security check

Pat Regan thehead at patshead.com
Wed Jan 6 12:42:31 EST 2010


I haven't concerned myself over whether WPA and/or WPA2 are both 
vulnerable to the TKIP vulnerability.  My routers all have a checkbox 
for AES and TKIP, and I am pretty sure they're both available for WPA 
and WPA2.

The important thing is making sure TKIP is disabled.

http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access#Weakness_in_TKIP

On 01/06/2010 11:56 AM, Jeff Lightner wrote:
> I was referring to this story from August and also misspoke - I said
> less than an hour and the story was about less than a minute:
>
> http://www.networkworld.com/news/2009/082709-new-attack-cracks-common-wi
> -fi.html
>
> It suggests that WPA with AES and WPA2 aren't quite so easy to hack.
> Also other reading suggests the link you've sent relates to getting
> access to the wireless router to use free ISP service but doesn't allow
> you to see the encrypted traffic of other users on that router.
>
> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Jeff
> Hubbs
> Sent: Wednesday, January 06, 2010 11:06 AM
> To: Atlanta Linux Enthusiasts - Yes! We run Linux!
> Subject: Re: [ale] wireless sanity/security check
>
> Just to at least partially answer my own question - I found this at
> http://forum.codecall.net/security-tutorials/13997-cracking-wpa-wpa2-net
> works.html
> that would seem to suggest an implication of a notion that WPA2 isn't
> much better than WPA w.r.t. crackability...true?
>
> - Jeff
>
> On 1/6/10 10:51 AM, Jeff Hubbs wrote:
>>  Can someone elaborate on this WPA/WPA2 vulnerability issue?
>>
>>  - Jeff
>>
>>  On 1/5/10 9:41 AM, Jeff Lightner wrote:
>>
>>>  By the way - WPA can be cracked in less than an hour as demonstrated
> a
>>>  couple of months ago.  WPA2 is the way to go.
>>>
>>>  -----Original Message-----
>>>  From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
> Pat
>>>  Regan
>>>  Sent: Monday, January 04, 2010 11:24 PM
>>>  To: Atlanta Linux Enthusiasts - Yes! We run Linux!
>>>  Subject: Re: [ale] wireless sanity/security check
>>>
>>>  On 01/04/2010 05:17 PM, Mark Wright wrote:
>>>
>>>
>>>>  I didn't ask the question about wireless security because I thought
>>>>  wifi could be intrusion proof.  I just wanted to confirm that giving
>>>>  my friends advice to use MAC filtering wasn't real bad advice.
> They
>>>>  had failed to get WPA working and there were Christmas presents that
>>>>  were not being played with.
>>>>
>>>>
>>>>
>>>  MAC filtering will not keep very many people out if they are actively
>>>  trying to "steal" your bandwidth.  The only people you're likely to
> keep
>>>
>>>  out with MAC filtering are the people who think they are connecting
> to
>>>  their own network but they are connecting to yours by mistake.  It is
>>>  amazing how often that happens.
>>>
>>>  I'm much more paranoid about connecting to an unknown network than I
> am
>>>  about people cracking into mine.  I seem especially paranoid in
> hotels.
>>>      I know that if I can fire up wireshark and steal unencrypted pop,
>>>  imap, and instant messenger password, so can someone else.
>>>
>>>  I nearly always VPN or use an SSH proxy on any scary wifi connection
> :).
>>>
>>>
>>>
>>>>  The problem is both of my friends couldn't get WPA to work.  My
>>>>  wife's sister in law was refusing to use her new laptop because her
>>>>  husband had turned WPA off to get it on the internet.  I told them
>>>>  how to set up MAC filtering over the phone and now she is surfing
> the
>>>>  internet confident that her computer is safe.  Just like she sleeps
>>>>  soundly because she doesn't know how easy it is to break into her
>>>>  locked house.
>>>>
>>>>
>>>  With any semi-modern hardware (3-4+ years?) I wouldn't expect
> wpa/wpa2
>>>  to be a problem.  WEP tends to be problematic because there is more
> than
>>>
>>>  one algorithm for converting a passphrase to a hex key.
>>>
>>>  MAC filtering will likely narrow the opportunity for attack, though.
> If
>>>
>>>  someone drives by while no authorized machines are connected then
> they
>>>  will not see any valid MAC addresses to clone.
>>>
>>>  Pat
>>>  _______________________________________________
>>>  Ale mailing list
>>>  Ale at ale.org
>>>  http://mail.ale.org/mailman/listinfo/ale
>>>  See JOBS, ANNOUNCE and SCHOOLS lists at
>>>  http://mail.ale.org/mailman/listinfo
>>>
>>>  Proud partner. Susan G. Komen for the Cure.
>>>
>>>  Please consider our environment before printing this e-mail or
> attachments.
>>>  ----------------------------------
>>>  CONFIDENTIALITY NOTICE: This e-mail may contain privileged or
> confidential information and is for the sole use of the intended
> recipient(s). If you are not the intended recipient, any disclosure,
> copying, distribution, or use of the contents of this information is
> prohibited and may be unlawful. If you have received this electronic
> transmission in error, please reply immediately to the sender that you
> have received the message in error, and delete it. Thank you.
>>>  ----------------------------------
>>>
>>>  _______________________________________________
>>>  Ale mailing list
>>>  Ale at ale.org
>>>  http://mail.ale.org/mailman/listinfo/ale
>>>  See JOBS, ANNOUNCE and SCHOOLS lists at
>>>  http://mail.ale.org/mailman/listinfo
>>>
>>>
>>>
>>  _______________________________________________
>>  Ale mailing list
>>  Ale at ale.org
>>  http://mail.ale.org/mailman/listinfo/ale
>>  See JOBS, ANNOUNCE and SCHOOLS lists at
>>  http://mail.ale.org/mailman/listinfo
>>
>>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo


More information about the Ale mailing list