Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: WPA Cracked - additional details - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
WPA Cracked - additional details

Yesterday, fellow handler Joel provided an early warning about the recently announced WPA Crack. Although we won't know all the technical details until next week (at least in whitepaper or presentation format), I tried to provide some light about this issue on my personal blog, RaDaJo. It is important to highlight that PoC exploit code is available.

The recomendation is simple: Migrate to WPA2! If for any reason you cannot do it before finishing reading this post, check some of the quick mitigation recommendations (like reducing the renew key interval; please, test it before making the change on your production environment), and increase your wireless detection stance and check for multiple MIC failure messages.

--
Raul Siles
www.raulsiles.com

Raul Siles

152 Posts
Check out
http://arstechnica.com/articles/paedia/wpa-cracked.ars
for a short description of the weakness. WPA is not entirely broken, but small packets can be.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!