[Full-disclosure] WEEPING FOR WEP

Mike Vasquez mike.vasquez at gmail.com
Fri Apr 6 23:44:23 BST 2007 

Nice, even better.  So that means a lot of the higher end APs that use
sophisticated techniques (smaller IV pools, dynamic, etc) are going to be
much less effective.  I know a few large entities that will be affected
negatively.  Time to seriously upgrade the wireless security!

People who don't think they need more than wep are fooling themselves.  Kids
will a) build that cool pringles can antenna to experiment... b) run kismet
to explore the wireless around them, and c) practice their wepcracking on
your network.  what's next?  Exploring your windows machines once they're
on.

They'll be destructive just b/c they can.  Keylogger on your home pc?
cake.  Do you patch every day?  All they need is one windows vulnerability
to get access to all your data.  Anything think that if they wait long
enough, a windows flaw will come around?  hrm?  and *then* your network will
be... their network.

It's really not that far fetched.



On 4/6/07, george_ou at lanarchitect.net <george_ou at lanarchitect.net> wrote:
>
> With the newest crack released earlier this week from the German
> researchers that reduces the number of packets by an order of magnitude,
> that's under 1 minute on average with ARP replay on an 802.11g network.
> About 20 seconds average if the network is going full blast on its own.
> http://blogs.techrepublic.com.com/Ou/?p=464
>
>
> George
>
> -------- Original Message --------
> Subject: Re: [Full-disclosure] WEEPING FOR WEP
> From: "Mike Vasquez" <mike.vasquez at gmail.com>
> Date: Fri, April 06, 2007 1:22 pm
> To: full-disclosure at lists.grok.org.uk
>
> And traffic rate shouldn't be in the discussion either, since arp-replay
> allows enough packets to be captured, on most home equipment, in about 20
> minutes if you're unlucky, and attacking 128-bit wep.  64 bit keys can be
> had in under 5 minutes, 128 in under 10, and all you have to do is be
> connected for that length of time.
>
>
>
> On 4/6/07, george_ou at lanarchitect.net <george_ou at lanarchitect.net > wrote:
> >
> >  But WPA-PSK mode is even easier to use than WEP.  Why would you use
> > WEP.  Distance isn't really a problem with a pringle can antenna.
> >
> >
> > George
> >
>
> ------------------------------
>
> _______________________________________________
>
> Full-Disclosure - We believe in it.
>
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>
> Hosted and sponsored by Secunia - http://secunia.com/ <http://secunia.com/%3C/pre>
>
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070406/e1264639/attachment.html

Full-Disclosure is hosted and sponsored by Secunia.