A New Wi-Fi Exploit, Limited But Clever

eggboard writes "Martin Beck, who in 2008 co-wrote a paper describing a way to inject packets into a secured Wi-Fi system, is back with a more extensive exploit. His 'Enhanced TKIP Michael Attacks' still don't allow extraction of a key, and are limited to TKIP (not AES-CCMP) WPA-protected networks. Still, he's figured out how to put in large payloads, and to extract data sent from an access point to a client — all without cracking the network key. The attack requires proximity to sniff and inject data, but it's another crack in the older key standard (TKIP) that no one with serious security interests should still be using." Here is Beck's paper (PDF) describing the new attacks.

Just use SSL over L2TP over IPsec over WPA

That's what I always do.

Re:Just use SSL over L2TP over IPsec over WPA

Alice? Alice, is that you?

We were using SSL over L2TP over WPA over IPsec. Who else have you been seeing?

Bob

Re:Just use SSL over L2TP over IPsec over WPA

My services as a private investigator are available at a very reasonable price, should you wish them.

Eve

A Little Help Please

[WrongSizeGlass]

Since I have an unnatural fear of vowels I'm waiting for a protocol who's acronym is constructed solely of consonants.

Re:Use a MAC address filter

I do this at home (do not broadcast SSID, MAC address filter, etc.). But, it's just on principle, I have nothing to hide. However if I've wasted 10 minutes of your time getting on my network and another 30 minutes snooping around admiring my MP3 collection, it's worth it.

Re:Use a MAC address filter

Not broadcasting is even more dangerous, as someone can set up a network with the same ID that does broadcast, and potentially capture your traffic without your knowledge.

Really? I don't think anybody else would choose "Linksys" as an SSID, would they?