WPA Cracked - additional details

Published: 2008-11-08. Last Updated: 2008-11-08 20:23:33 UTC
by Raul Siles (Version: 2)
1 comment(s)

UPDATE: The WPA whitepaper is out: "Practical attacks against WEP and WPA" (from aircrack-ng website).

Yesterday, fellow handler Joel provided an early warning about the recently announced WPA Crack. Although we won't know all the technical details until next week (at least in whitepaper or presentation format), I tried to provide some light about this issue on my personal blog, RaDaJo. It is important to highlight that PoC exploit code is available.

The recomendation is simple: Migrate to WPA2! If for any reason you cannot do it before finishing reading this post, check some of the quick mitigation recommendations (like reducing the renew key interval; please, test it before making the change on your production environment), and increase your wireless detection stance and check for multiple MIC failure messages.

--
Raul Siles
www.raulsiles.com

Keywords: wireless
1 comment(s)

Comments

Check out
http://arstechnica.com/articles/paedia/wpa-cracked.ars
for a short description of the weakness. WPA is not entirely broken, but small packets can be.

Diary Archives