Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Handlers Diary Blog - WPA Cracked - additional details InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

WPA Cracked - additional details

Published: 2008-11-08
Last Updated: 2008-11-08 20:23:33 UTC
by Raul Siles (Version: 2)
1 comment(s)

UPDATE: The WPA whitepaper is out: "Practical attacks against WEP and WPA" (from aircrack-ng website).

Yesterday, fellow handler Joel provided an early warning about the recently announced WPA Crack. Although we won't know all the technical details until next week (at least in whitepaper or presentation format), I tried to provide some light about this issue on my personal blog, RaDaJo. It is important to highlight that PoC exploit code is available.

The recomendation is simple: Migrate to WPA2! If for any reason you cannot do it before finishing reading this post, check some of the quick mitigation recommendations (like reducing the renew key interval; please, test it before making the change on your production environment), and increase your wireless detection stance and check for multiple MIC failure messages.

--
Raul Siles
www.raulsiles.com

Keywords: wireless
1 comment(s)
Diary Archives