Slashdot Mirror
WEP And PPTP Password Crackers Released
Jacco de Leeuw writes "SecurityFocus published an article by Michael Ossmann that discusses the new generation of WEP cracking tools for 802.11 wireless networks. These are much faster as they perform passive statistical analysis. In many cases, a WEP key can be determined in minutes or even seconds. For those who have switched to PPTP for securing their wireless nets: Joshua Wright released a new version of his Cisco LEAP cracker called Asleap which can now also recover weak PPTP passwords. Both LEAP and PPTP employ MS-CHAPv2 authentication." Update: 12/22 00:14 GMT by T : Michael Ossmann wrote to point out his last name has two Ns, rather than one.
Well, I wrote some thoughts on Wireless and Security in my blog which I now copy here.
# setting up secure connections is too difficult for the lay person. We need standard Diffie-Helman key exchanges. I saw on the internet that it is available on some access points, but it just should be the standard of the IEEE. As far as I could find with Google it isn't yet. I can't understand why.
# Securing accesspoints should be mandatory. There are too many open access points available. There is no use for anonymous connections over a random family's access point, it only endangers them into being seen as cybercriminals.
# If people want to make it possible for neighbours and strangers to make use of their access point it should be done in the same way hotspots are now available at airports and Starbucks. Make it possible to extend the official network of the ISP to a users access point. This way if I open up my laptop and there is an access point available of Joe User, I can only hook up to it by propperly logging in to the ISP's network or use the airport/credit card system. This will require many roaming agreements etc, but it would bring security and convenience at the same time. It should be done in such a way that the person opening up his network in this way can throttle the speed of the guest users and/or the times they can access. So I would like to see a rule like "Guests can only connect when I am not connecting" or "Guests only get 1mbit/sec".
Use Adsense for Charity
But the good ones only allow online dictionary attacts. LEAP, PPTP, WEP, and unfortunately WPA all allow offline attacks.
Finally! A year of moderation! Ready for 2019?
this will not break an authenticated WAP. the ones I help support in my community have only port 80 open for low bandwidth for free, you join us and you get a password you access through nocatauth and then gain full speed open access at the wireless points.
these tools are useless against that scheme. you still need to perform old-skool cracking in order to get past nocatauth, no point and drool tools for getting past that yet, espically with the non-public modifications we made to it to make it different than what is freely available.
Do not look at laser with remaining good eye.
While I applaud your suggestions for SSL, PGP et al., one should realize that none of these protect against network intrusion, or more often : someone living of your bandwidth...
When will I end this grieving ? When will my future begin ?
Whats wrong with letting the world access your network? Use SSH/SSL etc to keep your connections secure. If somebody wants internet access, why not provide a public service to them? Wouldn't you like it if someone else did the same for you? If they start using too much bandwidth you can always you can politely ask them to stop, and if that fails, blackmail them with all the pr0n they've been downloading.
Er, MAC filtering is the LEAST safe way to lock-out wireless. MAC addresses are EASILY picked-out of the air, and all you have to do is push the address you want to your wifi card to 'steal' one.
MAC filtering is not encryption, even if you MAC filter, I can come by with any number of 'tools' and leech all your traffic without having to do any work. Perhaps the only thing MAC filtering does is keep the non-technical neighbor upstairs off your signal.
This article refers to another way to crack networks that are actually encrypted, which was generally enough of a hassle that someone would want to specifically target YOU before going through the trouble. As with all encryption though, cracking what's out there gets easier every day, time to move up to something else!
"Sometimes, I think Trent just needs a cup of hot chocolate and a blankie." -Tori Amos on Nine Inch Nails
I think there is a high level of hysteria about this issue of you being responsible for someone using your link to download child porn. Remember - the criminal standard is "proof beyond a reasonable doubt". I am an attorney and I work for a District Attorney (although criminal law is not my area) and we would be extremely unlikely to prosecute anyone for child porn without finding actual images in the defendant's possession.
The moral of this story is that your security doesn't need to be perfect, it just needs to be 'good enough', and in this case 'good enough' is probably merely 'better than the muppet next door who hasn't secured their network at all'.
I use WEP to secure my wireless LAN. Does it bother me that it's possible to crack? Not really, because there are at least 2 other networks in my apartment building (with SSIDs of 'linksys' and 'default') which don't appear to have any kind of security at all. Which means that someone casually looking for a free connection is going to use them, not me. If someone really wants to compromise my network specifically, and has the time and skill to do so, well, then I have bigger problems...