From: wishi (broucegmx.net)
Date: Tue Nov 11 2008 - 12:07:30 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Cedric Blancher schrieb:
> Le dimanche 09 novembre 2008 à 00:52 +0100, Raul Siles a écrit :
>> The associated whitepaper from the authors has been released on the
>> aircrack-ng links page:
>> http://dl.aircrack-ng.org/breakingwepandwpa.pdf
>
> You can find a summary I posted earlier today about it:
>
> http://sid.rstack.org/blog/index.php/305-des-fameuses-faiblesse-de-tkip
>
> It is written in French, but English speaking readers can click on the
> UK flag just beneath title and get a Google translated version :)
>
>

I think this a perfect example for two technologies, which aren't
vulnerable for themselves: on the one hand this attack only works on QoS
enabled Access Points, one the other hand these Access Points have to
use TKIP, too. Nevertheless of WPA I oder II, as long as no AES-CCMP is
used.
Thing is: TKIP without QoS won't allow any successful attacks, either.
But today there's a need for VoIP and other technologies which need a
good latency. Which lead me to another tought:

UCsniff has been released this week. It's a very advanced VoIP sniffer.
(http://ucsniff.sourceforge.net/)

Especially the combinations again are problematic. Now it's not just
application data, but even VoIP, which can leak. It's like a little
piece of dynamite added to the problem to make it explode.
- Because it'll take years for the mass of people to patch their
routers. Even great companies have to find a new common denominator to
apply more security without TKIP, because QoS most times is harder to
deactivate.

It seems things came together... and made a really nice explosion!
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]