[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] WEEPING FOR WEP

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] WEEPING FOR WEP
From: "Mike Vasquez" <mike.vasquez@xxxxxxxxx>
Date: Fri, 6 Apr 2007 15:44:23 -0700

Nice, even better.  So that means a lot of the higher end APs that use
sophisticated techniques (smaller IV pools, dynamic, etc) are going to be
much less effective.  I know a few large entities that will be affected
negatively.  Time to seriously upgrade the wireless security!

People who don't think they need more than wep are fooling themselves.  Kids
will a) build that cool pringles can antenna to experiment... b) run kismet
to explore the wireless around them, and c) practice their wepcracking on
your network.  what's next?  Exploring your windows machines once they're
on.

They'll be destructive just b/c they can.  Keylogger on your home pc?
cake.  Do you patch every day?  All they need is one windows vulnerability
to get access to all your data.  Anything think that if they wait long
enough, a windows flaw will come around?  hrm?  and *then* your network will
be... their network.

It's really not that far fetched.



On 4/6/07, george_ou@xxxxxxxxxxxxxxxx <george_ou@xxxxxxxxxxxxxxxx> wrote:

With the newest crack released earlier this week from the German
researchers that reduces the number of packets by an order of magnitude,
that's under 1 minute on average with ARP replay on an 802.11g network.
About 20 seconds average if the network is going full blast on its own.
http://blogs.techrepublic.com.com/Ou/?p=464

George

-------- Original Message --------
Subject: Re: [Full-disclosure] WEEPING FOR WEP
From: "Mike Vasquez" <mike.vasquez@xxxxxxxxx>
Date: Fri, April 06, 2007 1:22 pm
To: full-disclosure@xxxxxxxxxxxxxxxxx

And traffic rate shouldn't be in the discussion either, since arp-replay
allows enough packets to be captured, on most home equipment, in about 20
minutes if you're unlucky, and attacking 128-bit wep.  64 bit keys can be
had in under 5 minutes, 128 in under 10, and all you have to do is be
connected for that length of time.

On 4/6/07, george_ou@xxxxxxxxxxxxxxxx <george_ou@xxxxxxxxxxxxxxxx > wrote:
>
>  But WPA-PSK mode is even easier to use than WEP.  Why would you use
> WEP.  Distance isn't really a problem with a pringle can antenna.
>
>
> George
>

------------------------------

_______________________________________________

Full-Disclosure - We believe in it.

Charter: http://lists.grok.org.uk/full-disclosure-charter.html

Hosted and sponsored by Secunia - http://secunia.com/ 
<http://secunia.com/%3C/pre>

>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] WEEPING FOR WEP
  - From: Troy Cregger

References:
- Re: [Full-disclosure] WEEPING FOR WEP
  - From: george_ou

Prev by Date: Re: [Full-disclosure] WEEPING FOR WEP
Next by Date: [Full-disclosure] [ GLSA 200704-06 ] Evince: Stack overflow in included gv code
Previous by thread: Re: [Full-disclosure] WEEPING FOR WEP
Next by thread: Re: [Full-disclosure] WEEPING FOR WEP
Index(es):
- Date
- Thread