Wi-Fi Headache – get out the Goody’s powder
Just off the heels of getting our wireless network up and going (still got to add the MAC address filtering…) comes word of a partial-crack.
- Once Thought Safe, WPA Wi-Fi Encryption Is Cracked - PC World – Basic summary of the issue at hand. We are talking about WPA here, not WPA2 and involves breaking the Temporal Key Integrity Protocol (TKIP).
- WPA/TKIP ChopChop Attack - RaDaJo (RAul, DAvid and JOrge) Security Blog – Pre-official presentation technical details on just how the attack is designed. Offers some security thoughts and mitigation methods.
- Battered, but not broken: understanding the WPA crack – Ars Technica – Good and readable primer that the previous link built from. Good reading and information for any geek-minded or wireless network supporting sysadmin to know about.
- Wi-Fi: How to Protect Your Wi-Fi Network from the WPA Hack – Lifehacker. Current solution (if your Wi-Fi router supports it) is to switch over to using WPA2 and the Advanced Encryption System (AES) only and drop the TKIP mode. When I set our router up, that’s what I used, even before this partial-crack had been announced.
- WPA Wi-fi Cracked (but it's not as bad as you think... yet) – ISC-SANS Handler’s Diary – A few more thoughts on migration and they point out the fact that Xbox360 does not support WPA2 currently. Wonder what other similar devices don’t support WPA2…
- WPA Cracked - additional details – ISC-SANS Handler’s Diary – A bit more info and pointed me to the RaDaJo post linked.
- Download Squad PSA: WPA encryption successfully cracked- Download Squad – points out (like some other articles) that the attack method has made its way into the freely-available Aircrack-ng wireless cracking tool.
Here are some other security-related items I stumbled upon this week.
- RaDaJo (RAul, DAvid and JOrge) Security Blog – What they have is pretty good with tips, book reviews, and leads to tools. Detailed enough to be interesting and helpful but not so much to put you to sleep. Added to my security RSS feed list. For example:
- Security Book Review: "LAN Switch Security: What Hackers Know about your Switches”
- Investigating File Deletion from Windows File Servers – Part III – See also Part I and Part II.
- Challenge: Cracking the Password and Challenge Solution: Cracking the Password
- "A Picture From Your IP Address Has Been Uploaded To This Site..." - SpywareGuide Greynets Blog – Christopher “PaperGhost” Boyd looks at a (harmless?) website that could be a good example of how not to respond to phishing-type email notices.
- SynJunkie: The Story of a Hack – Introduction – SynJunkie begins a series on how a hack-attack occurs.
- SynJunkie: The Story of a Hack - Part 1. Reconaisance – Part I is the build-up of a fictional hack-attack. First things first, identify the target, and learn all you can about it.