Wi-Fi WPA2 Vulnerability Found

← Back to Stories (view on slashdot.org)

Wi-Fi WPA2 Vulnerability Found

Posted by kdawson on Saturday July 24, 2010 @11:43AM from the keep-your-enemies-closer dept.

BobB-nw sends along news based on yet another press release in advance of the Black Hat conference: a claimed vulnerability in WPA2 Enterprise that leaves traffic open to a malicious insider. "...wireless security researchers say they have uncovered a vulnerability in the WPA2 security protocol, which is the strongest form of Wi-Fi encryption and authentication currently standardized and available. Malicious insiders can exploit the vulnerability, named 'Hole 196' by the researcher who discovered it at wireless security company AirTight Networks. The moniker refers to the page of the IEEE 802.11 Standard (Revision, 2007) on which the vulnerability is buried. Hole 196 lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network, and compromise other authorized devices using open source software, according to AirTight. 'There's nothing in the standard to upgrade to in order to patch or fix the hole,' says Kaustubh Phanse, AirTight's wireless architect who describes Hole 196 as a 'zero-day vulnerability that creates a window of opportunity' for exploitation." Wi-Fi Net News has some more detail and speculation.

213 comments

so, not a hole by Bizzeh · 2010-07-24 11:48 · Score: 2, Insightful

so rather than a hole, its more a forced proxy? a user who knows your password, is decrypting your traffic, and re-broadcasting it with different content... if this user has your password, you need to have a think about who you give your password to

--
portfolio
1. Re:so, not a hole by Iwanowitch · 2010-07-24 12:02 · Score: 5, Insightful
  
  Unless the wifi network is at a Starbucks, a university or a corporation.
  That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.
  
  --
  One CS student VS 893 DOS games: Let's play oldies
2. Re:so, not a hole by John+Hasler · 2010-07-24 12:04 · Score: 0, Redundant
  
  > ...if this user has your password...
  Where does it say that?
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
3. Re:so, not a hole by Anonymous Coward · 2010-07-24 12:08 · Score: 0
  
  in the summary. read it.
4. Re:so, not a hole by davester666 · 2010-07-24 12:08 · Score: 1
  
  "internal, authorized Wi-Fi user"
  This would be a person with the password to your Wi-Fi network.
  
  --
  Sleep your way to a whiter smile...date a dentist!
5. Re:so, not a hole by Kral_Blbec · 2010-07-24 12:11 · Score: 1
  
  > ...if this user has your password...
  Where does it say that?
  
  whereby an internal, authorized Wi-Fi user
  This is stupid. Its basicly saying that if someone knows your wireless key they can decrypt your wireless traffic. Any web based email should use another layer of encryption via https anyway. I'm too lazy to read the article, but is there mention of if it is for WPA2 personal or enterprise?
6. Re:so, not a hole by yuhong · 2010-07-24 12:13 · Score: 1
  
  Except that they don't need your password, all they need is access to any user account on your WPA(2) network to sniff the Wi-Fi traffic of any other user.
7. Re:so, not a hole by Culture20 · 2010-07-24 12:14 · Score: 4, Insightful
  
  That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.
  How's he do that? Am I relying on WPA2 as my only encryption across the 'net?
8. Re:so, not a hole by Anonymous Coward · 2010-07-24 12:14 · Score: 2, Insightful
  
  Not through my SSL or VPN connection, he can't.
9. Re:so, not a hole by WrongSizeGlass · 2010-07-24 12:16 · Score: 1
  
  I'm too lazy to read the article, but is there mention of if it is for WPA2 personal or enterprise?
  Enterprise. From the first line of the summary: a claimed vulnerability in WPA2 Enterprise that leaves traffic open to a malicious insider. .
10. Re:so, not a hole by John+Hasler · 2010-07-24 12:26 · Score: 0, Redundant
  
  > This would be a person with the password to your Wi-Fi network.
  Individual sessions are supposedly secure from each other. I don't see how that's possible without some sort of out-of-band key exchange (i.e., a different password for each user).
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
11. Re:so, not a hole by Anonymous Coward · 2010-07-24 12:28 · Score: 1, Insightful
  
  That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.
  How's he do that? Am I relying on WPA2 as my only encryption across the 'net?
  if you're dumb enough to do that for anything important to you, especially when using a wireless network you do not own, then you pay the stupidity tax. that's all. seems fair enough to me so long as no one is representing WPA2 as the be-all and end-all of perfect security, and in that case the unfairness is limited to that person or corporation only.
12. Re:so, not a hole by fwr · 2010-07-24 12:30 · Score: 5, Interesting
  
  Sigh. Understand the protocol before commenting, or at least RTFA. There IS an individual key per user. But, there is also a shared key used for broadcast traffic. The problem is that the shared key is not authenticated, so a user who knows the shared key (i.e., anyone with access to the wireless network), can use the shared key to spoof the AP and send messages to other users, and force them to give up or change their unique per-user keys. A "fix" would be getting rid of the shared key for broadcast, but that would require the AP to send a separate "broadcast" packet to each user individually, using their unique per-user key, instead of just one packet.
13. Re:so, not a hole by John+Hasler · 2010-07-24 12:34 · Score: 1, Troll
  
  > Understand the protocol before commenting, or at least RTFA.
  What, and break with Slashdot tradition? Don't be silly.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
14. Re:so, not a hole by jijacob · 2010-07-24 12:42 · Score: 4, Insightful
  
  ssh -D is just a terminal away.
15. Re:so, not a hole by houghi · 2010-07-24 13:03 · Score: 1, Insightful
  
  Yeah, stupid standard users who have no idea. Luckily we are the elite, so we are not affected. Right?
  
  --
  Don't fight for your country, if your country does not fight for you.
16. Re:so, not a hole by Anonymous Coward · 2010-07-24 13:07 · Score: 2, Funny
  
  Creepy guy? Wow, you sound like an ignorant female. Laughing aloud.
17. Re:so, not a hole by MagicM · 2010-07-24 13:11 · Score: 2, Insightful
  
  can use the shared key to spoof the AP and send messages to other users, and force them to give up or change their unique per-user keys
  I haven't read the spec, but it seems odd that per-user keys would be given up or changed in response to a broadcast message. Could this attack be mitigated by only performing these kinds of actions in response to direct, non-broadcast messages?
18. Re:so, not a hole by Anonymous Coward · 2010-07-24 13:19 · Score: 0
  
  Yes, because Slashdot has so many elite people.
19. Re:so, not a hole by blai · 2010-07-24 13:31 · Score: 1
  
  given that you trust what the server does with you?
  
  --
  In soviet Russia, God creates you!
20. Re:so, not a hole by Anonymous Coward · 2010-07-24 13:34 · Score: 0, Insightful
  
  Yeah, stupid standard users who have no idea. Luckily we are the elite, so we are not affected. Right?
  what an absolutely predictable response. yes people who can inform themselves about important matters such as their own security, with freely available information, at their own leisure and at the cost of only a bit of effort, who then refuse to inform themselves are stupid. that's correct. there is nothing wrong with saying so. they aren't stupid because their actions are not likable, they are stupid because they do not look after their own interests. they are especially stupid because they view education as something that only a teacher or professor can give to them.
  
  let's get this part straight. an action that harms or potentially harms others in order to benefit yourself is selfish. an action that harms or potentially harms you in order to benefit others is sacrificial and altruistic. an action that harms or potentially harms you while benefitting no one else is stupid. it's really that simple. if stupidity is painful it is not because i frown upon it, it is because it is inherently a self-defeating idea.
  
  now, i wish all instances of an "elite" were like this one. anyone who is literate and wishes to join this "elite" can find lots of excellent documentation for free literally at the touch of a button. they will find it for audiences ranging from beginner/entry-level to experienced expert and anything in-between. the willingness to do some reading and educate oneself is the only barrier to entry for joining this "elite".
  
  want to talk about financial and industrial elites? how about governmental or military elites? think those are so easy to join up with? didn't think so.
  
  besides, one need not become an expert in computer security. you don't have to comprehend encryption algorithms or the cryptanalytic techniques used to compromise them. you don't need to be a programmer. all you have to do is understand that when you are using someone else's network, you have no default expectation of privacy and should plan accordingly. you don't have to understand how SSL works to know that it is a remedy for this situation, same deal with a VPN. an idiot is capable of understanding that.
  
  i would love to see how you respond to this. it is likely though not certain that you will read it, but will not respond to it. after all you might want to save face and all of that, and that is hard to do with a childish and utterly predictable response like the one you have committed yourself to.
21. Re:so, not a hole by greentshirt · 2010-07-24 13:43 · Score: 1
  
  whoosh
22. Re:so, not a hole by Anonymous Coward · 2010-07-24 14:05 · Score: 0
  
  I'm thinking most people read their email on their web browser on a site that hopefully is transmitted over https. Google's IMAP and SMTP don't even allow you to fuck it up, they don't talk to you unless you encrypt.
23. Re:so, not a hole by Anonymous Coward · 2010-07-24 14:06 · Score: 0
  
  A "fix" would be getting rid of the shared key for broadcast, but that would require the AP to send a separate "broadcast" packet to each user individually, using their unique per-user key, instead of just one packet.
  No, you can keep broadcast traffic with a shared key, but it would require some sort of public-key signature, OR require sending multiple MACs (message authentication code - http://en.wikipedia.org/wiki/Message_authentication_code ) in the broadcast (one MAC for each client, using the individual client's shared secret).
  Then again, perhaps it's easiest to abandon most broadcast.
24. Re:so, not a hole by Anonymous Coward · 2010-07-24 14:07 · Score: 0
  
  whoosh
  and a "whoosh" for you sir. i think it was Shakespeare who said that in every jest there is a kernel of truth. it was that kernel of truth which I was addressing. the kernel of truth is that guy's belief in the old, time-worn notion that expecting people to take an active role in protecting their own interests is some kind of horrible elitism, or that they are totally innocent victims free of any possible fault when they fail to do so and suffer as a result.
  
  besides which, the notion that a serious post that raises valid points could arise as a response from a non-serious or less-serious post is not really so absurd. in this world, far more strange things happen every day. care to respond to any valid points, or would you rather pat yourself on the back for your one-word dismissal of a post?
25. Re:so, not a hole by bitslinger_42 · 2010-07-24 14:19 · Score: 2, Interesting
  
  The real fix would be to get users to realize that there's no such thing as a secret when you're yelling loud enough that people a half a block away can hear you. Even if you're talking in code, chances are, if someone really wants to screw with you, they'll figure out how.
  Wireless networking is a convenience, and at Layer 2, there probably isn't much that can be done to secure traffic. If you want secure, either use your own encryption (IPSEC, SSL/TLS, SSH, etc.) or use a wire.
26. Re:so, not a hole by RAMMS+EIN · 2010-07-24 14:27 · Score: 1
  
  ``Unless the wifi network is at a Starbucks, a university or a corporation.
  That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.''
  Not unless he also knows how to break SSL. I've never assumed that any path between me and my mail server was secure, whether wired or wireless, WEP or WPA. So I only read mail over end-to-end encrypted protocols. Of course, most people still send e-mail through unencrypted SMTP, and without very reliable authentication, so I assume neither that e-mail is private, nor that it comes from whom it purports to come from. The protocols just don't work that way.
  
  --
  Please correct me if I got my facts wrong.
27. Re:so, not a hole by squiggleslash · 2010-07-24 14:32 · Score: 4, Interesting
  
  In my experience, the most popular email system out there is Yahoo! Mail, and the web interface doesn't do any encryption except for the logging in process.
  Frankly though, email should generally be considered insecure anyway. It's usually transmitted, somewhere along the chain, in plain-text, and you only have (limited) control over your own connection, not the connection of the party you're communicating with. The pseudo-elitists posting here claiming that they're OK because, unlike the great unwashed, they use HTTPS when they connect to their web mail, are fooling themselves.
  
  --
  You are not alone. This is not normal. None of this is normal.
28. Re:so, not a hole by dissy · 2010-07-24 14:32 · Score: 1
  
  That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.
  And that is different from yesterday (before the exploit was known) how exactly?
  That person not using encryption could and did have their email intercepted already. So add one more unknown person to the mix, its not any worse than before.
  This is why one should use encryption. If the atom 'grandma wants to check email and encryption is too hard' is actually still true, then the problem is lack of encryption. Adding one more layer of no encryption is not the thing making the situation worse.
29. Re:so, not a hole by squiggleslash · 2010-07-24 14:38 · Score: 1
  
  Hmm, that worries me. Can you tell me whether it's regular WPA, or WPA2 that's affected? Also should I be worried about malicious insiders hacking my network with this exploit?
  
  --
  You are not alone. This is not normal. None of this is normal.
30. Re:so, not a hole by Nyder · 2010-07-24 14:47 · Score: 5, Insightful
  
  Unless the wifi network is at a Starbucks, a university or a corporation.
  That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.
  No, the creepy guy sitting 2 tables from you? he's just viewing porn.
  See that nice dressed business woman? She's stealing your data.
  
  --
  Be seeing you...
31. Re:so, not a hole by sumdumass · 2010-07-24 15:01 · Score: 1
  
  Look up a pineapple and it should give you a hint. Oh yea, your probably going to want to view the revision3 results.
  Anyways, if I have access to the wifi, I can easily trick you into connecting to my access and then I'm your encrypted endpoint. WPA2 works, but I moved the middle and end points for a classic attack.
32. Re:so, not a hole by Anonymous Coward · 2010-07-24 15:07 · Score: 0
  
  Eat my goatse hole you dummy.
  He already did... that's why it's a hole, you retard.
33. Re:so, not a hole by WrongSizeGlass · 2010-07-24 15:23 · Score: 1
  
  You should be worried about malicious insiders, hackers, men in black suits, men in clown suits, clowns in swimsuits and frogs that claim to be princes.
34. Re:so, not a hole by zippthorne · 2010-07-24 15:40 · Score: 1
  
  Yeah, but you have to remember to add your key to known_hosts *before* you visit the coffee shop, though.
  
  --
  Can you be Even More Awesome?!
35. Re:so, not a hole by mr+exploiter · 2010-07-24 15:40 · Score: 1
  
  I don't see how is this would fix anything. This looks more like a jerk reaction... It's too difficult to get wireless security right so let's give up and use cables instead.
36. Re:so, not a hole by zippthorne · 2010-07-24 15:47 · Score: 4, Interesting
  
  So.. its the same as the wired ethernet, then? Except that instead of just plugging in a wire and sniffing away, it takes a small amount of effort?
  I guess "WiFi is slightly safer than wired networks, when it comes to malicious peers" isn't quite as attention grabbing a headline.
  
  --
  Can you be Even More Awesome?!
37. Re:so, not a hole by mr+exploiter · 2010-07-24 15:51 · Score: 2, Insightful
  
  Am I the only who thought that WPA didn't protected against what this "attack" is doing? I'm not convinced either that this is a real vulnerability.
38. Re:so, not a hole by buchner.johannes · 2010-07-24 17:39 · Score: 1
  
  unless wifi spots think internet access means web access
  
  --
  NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
39. Re:so, not a hole by Mr.+Freeman · 2010-07-24 17:54 · Score: 1
  
  Aren't those completely open APs anyway?
  
  --
  -1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
40. Re:so, not a hole by Anpheus · 2010-07-24 18:01 · Score: 1
  
  If you managed to break public key cryptography, do tell. I assure you, you'll be quite famous.
41. Re:so, not a hole by Your.Master · 2010-07-24 18:22 · Score: 2, Insightful
  
  Pedestrians should look both ways before they cross the road and observe the local traffic laws and customs. That's taking an active interest in your own personal security. But also, vehicle operators should be wary of pedestrians and certainly try not to run them over, even if they don't look both ways.
  The problem here isn't that we shouldn't strive to educate users. The problem is that the user being poorly educated in these matters isn't an excuse for running somebody over.
42. Re:so, not a hole by Anonymous Coward · 2010-07-24 18:43 · Score: 0
  
  Pretty much, yes
43. Re:so, not a hole by Anonymous Coward · 2010-07-24 19:39 · Score: 0
  
  Seriously, you are taking this, and probably your whole life, way to seriously. People read this stuff for a laugh not to be "educated" and you, sir, have provided the laughs. Bravo.
44. Re:so, not a hole by hitmark · 2010-07-24 20:16 · Score: 3, Insightful
  
  depends on how diligently one checks the certificates.
  
  --
  comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
45. Re:so, not a hole by hitmark · 2010-07-24 20:19 · Score: 1
  
  depends, are we talking hub or switch?
  
  --
  comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
46. Re:so, not a hole by Mr2001 · 2010-07-24 20:29 · Score: 1
  
  A "fix" would be getting rid of the shared key for broadcast, but that would require the AP to send a separate "broadcast" packet to each user individually, using their unique per-user key, instead of just one packet.
  How about just signing the important AP broadcast messages with a private key unique to the AP, so they can still be broadcast but the recipients can verify that they're not spoofed?
  
  --
  Visual IRC: Fast. Powerful. Free.
47. Re:so, not a hole by silverdr · 2010-07-24 20:38 · Score: 2, Interesting
  
  > That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.
  
  Can he?
  
  Ah - you wrote "_your_ e-mail", right? I am pretty sure he can't do much of reading of _my_ e-mail based on this particular exploit.
  
  And if _you_ rely on WPA (or whatever) within your (W)LAN to protect you from unauthorised reading of your e-mail, then you should really reconsider your approach to data security.
  
  --
  Now, mod me down freely. My karma can't get any worse...
48. Re:so, not a hole by Anne+Thwacks · 2010-07-24 21:18 · Score: 3, Insightful
  
  you'll be quite famous.
  or assassinated
  
  --
  Sent from my ASR33 using ASCII
49. Re:so, not a hole by Sique · 2010-07-24 21:26 · Score: 1
  
  We are talking switch here:
  monitor session 1 source interface Gi0/1 - 23 monitor session 1 destination interface Gi0/24
  
  --
  .sig: Sique *sigh*
50. Re:so, not a hole by Anonymous Coward · 2010-07-24 21:43 · Score: 1, Insightful
  
  Yeah, but when a woman does it, it's hot!
51. Re:so, not a hole by hitmark · 2010-07-24 22:16 · Score: 1
  
  that would indicate that your inside the settings of the switch, iirc. Thats a bit more access then just plugging a computer in and setting it to sniff any traffic it see.
  
  --
  comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
52. Re:so, not a hole by amorsen · 2010-07-24 22:30 · Score: 3, Informative
  
  Do not rely on switches for security within a particular VLAN, unless you go high-end and really know what you are doing. There are a million ways to beat switch "security", including mac spoofing, forcing the switch to flood traffic, fake DHCP, fake ARP, fake RA or ND (on IPV6). Each of those attacks can be stopped by a sufficiently clever and well-configured switch, although right now it is difficult to find one that can do RA and ND protection.
  
  --
  Finally! A year of moderation! Ready for 2019?
53. Re:so, not a hole by nstlgc · 2010-07-24 22:53 · Score: 4, Funny
  
  No, the creepy guy sitting 2 tables from you? He's viewing *your* porn.
  
  --
  I'm Rocco. I'm the +5 Funny man.
54. Re:so, not a hole by RAMMS+EIN · 2010-07-24 23:25 · Score: 2, Insightful
  
  Correct. I have actually worked at organizations where they used a certificate signed by their own certificate whenever you accessed something over HTTPS. And since they had added their certificate to the trusted list in Internet Explorer, very few people actually noticed. I did not access my e-mail or enter any passwords not already known to those organizations over those links.
  
  --
  Please correct me if I got my facts wrong.
55. Re:so, not a hole by eulernet · 2010-07-25 00:28 · Score: 2, Funny
  
  See that nice dressed business woman? She's stealing your data.
  You are wrong, they mention man-in-the-middle-style, not woman-in-the-middle-style.
56. Re:so, not a hole by TheTrueScotsman · 2010-07-25 01:11 · Score: 1
  
  That's as maybe. But then, what about Eve?
57. Re:so, not a hole by icebraining · 2010-07-25 01:23 · Score: 4, Informative
  
  Tunneling SSH over an HTTP-Proxy Server
  
  --
  Dilbert RSS feed
58. Re:so, not a hole by Anonymous Coward · 2010-07-25 01:34 · Score: 0
  
  I am not creepy! I resent those comments. Nice collection by the way...
59. Re:so, not a hole by clang_jangle · 2010-07-25 02:43 · Score: 1
  
  The problem here isn't that we shouldn't strive to educate users. The problem is that the user being poorly educated in these matters isn't an excuse for running somebody over.
  The "problem" to which you refer is an integral part of human nature. So essentially you're saying "it should be like this", which of course is no help at all. It is the way it is and in light of that it's apparent that the average user is indeed to blame when they get pwned. Any other conclusion is just silly.
  
  --
  Caveat Utilitor
60. Re:so, not a hole by Sir_Lewk · 2010-07-25 03:59 · Score: 1
  
  If he tells, then the cat will be out of the bag and assassination would be pointless. Now if he keeps it a secret....
  
  --
  "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
61. Re:so, not a hole by Anonymous Coward · 2010-07-25 05:08 · Score: 0
  
  Fine, I'll bite.
  To my mind, he conveyed well a too-rarely-made point regarding the responsibility of the end-user, and rightly put greentshirt in his place for his dismissal.
  
  probably your whole life
  You were saying, on taking /. too seriously?
  
  People read this stuff for a laugh not to be "educated"
  Nonsense. I expect to learn when reading Slashdot (and, generally, do), whether of facts or opinions. I'm not just here for the comic genius, and I doubt I'm the only one.
  -another AC
62. Re:so, not a hole by Anonymous Coward · 2010-07-25 05:49 · Score: 0
  
  you can always use SSL in gmail or in your favorite email
63. Re:so, not a hole by Anonymous Coward · 2010-07-25 07:22 · Score: 0
  
  Huh?! After he cracks WPA2 he still has to crack the SSL that IMAP is running over, and then (if people do things right) the OpenPGP in the email messages. Anyone who cares whether or not other people can read their email, aren't going to be effected by this sort of thing.
  But anyway, it sounds like it's time to just give up on the whole idea behind WEP, WPA, and WPA2 and just "let it go" for the wireless aspect itself. Use VPNs to get to secure the connection between you and your gateway, and then of course continue to pile on encryption in all the other layers too.
64. Re:so, not a hole by Anonymous Coward · 2010-07-25 08:23 · Score: 0
  
  You are wrong, they mention man-in-the-middle-style, not woman-in-the-middle-style.
  I think I've seen that movie!
65. Re:so, not a hole by marcosdumay · 2010-07-25 10:41 · Score: 1
  
  Eve is the men-in-the-middle. Or do you have anything against his name?
  
  --
  Rethinking email
66. Re:so, not a hole by Matey-O · 2010-07-25 10:46 · Score: 1
  
  He already could...you're not USING WPA2-enterprise at Starbucks.
  
  --
  "Draco dormiens nunquam titillandus."
67. Re:so, not a hole by sjames · 2010-07-25 14:12 · Score: 1
  
  Not that password, the shared secret on your wireless link to the AP. The problem is that anyone with access to that AP can spoof the AP so that you (actually your 802.11 stack) exchange the shared secret with it.
  Unfortunately, this is a design flaw rather than an implementation bug, so if you're not vulnerable, you're violating the spec.
68. Re:so, not a hole by Rene+S.+Hollan · 2010-07-25 15:07 · Score: 1
  
  Indeed. I work for a firewall manufacturer where our product can be configured to do this. The idea is to block "objectionable" content and detect viruses in HTTPS traffic.
  So, we intentionally set up a man in the middle, that your IT department has your browser trust. Checking the cert hierarchy will make this clear.
  Of course, the better employers will tell you that they are doing this.
  
  --
  In Liberty, Rene
69. Re:so, not a hole by QuietObserver · 2010-07-25 15:08 · Score: 1
  
  From Hoodwinked:
  Nicky Flippers: We don't arrest people for being creepy.
  Tommy: [into walkie-talkie] Yeah, Bruce, you know that guy we got in the tank?
  Bruce: [over walkie-talkie] Ah, the creepy one?
  Tommy: Yeah, better let him go.
70. Re:so, not a hole by h7 · 2010-07-25 19:16 · Score: 0
  
  nice one, wish I could mod it up.
71. Re:so, not a hole by Andy+Dodd · 2010-07-26 02:14 · Score: 1
  
  Starbucks doesn't use encryption last time I checked. The AP is open, access control is handled at the router. (You're "blackholed" in an isolated network until you pay or, since I think they have limited free service, click through a Terms of Use.)
  
  --
  retrorocket.o not found, launch anyway?
72. Re:so, not a hole by wastedlife · 2010-07-26 04:23 · Score: 1
  
  There is this thing, called the "Shift" key, that you hold down while typing the first letter of a sentence. It is very simple to do and vastly improves readability. Once you have mastered this, we can get into the finer points of capitalization, such as capitalizing proper nouns. I see you already have a decent grasp of punctuation and paragraphs, so I will give you some points for that.
  If you are going to rant about how anyone can educate themselves to use tools such as computers properly, you should educate yourself on how to convey your thoughts in a way that people will be more willing to read.
  
  --
  Said, "It's just like dice but it's got more sides And it tells me who lives and who dies"
73. Re:so, not a hole by mldi · 2010-07-26 06:36 · Score: 1
  
  Frankly though, email should generally be considered insecure anyway. It's usually transmitted, somewhere along the chain, in plain-text, and you only have (limited) control over your own connection, not the connection of the party you're communicating with. The pseudo-elitists posting here claiming that they're OK because, unlike the great unwashed, they use HTTPS when they connect to their web mail, are fooling themselves.
  Well, just checking it can be considered secure, so as to the relevancy of TFA, I would feel fine using HTTPS to check my webmail over a wi-fi connection that I do or do not own. Sending/receiving mail (via webmail) over that same HTTPS connection isn't any less secure than a connection at home either when speaking in context of the actual SMTP transmission. That is, unless you're using your own machine as the mail server for whatever reason.
  Not disagreeing, just noting the context in the spirit of TFA.
  
  --
  If you aren't suspicious of your government's actions, you aren't doing your job as a responsible citizen.
74. Re:so, not a hole by Anonymous Coward · 2010-07-26 12:08 · Score: 0
  
  To my mind, he conveyed well a too-rarely-made point regarding the responsibility of the end-user, and rightly put greentshirt in his place for his dismissal.
  the GP saw that Greenshirt attempted a dismissal tactic and it failed. he saw that I know how to respond to that matter-of-factly without getting personally/emotionally drawn into it. thus, that tactic fell flat on its face and did not accomplish its goal of shutting me up and/or making me feel stupid for speaking the truth. i did put him in his place, but only because he was out of order, not because i think i am better than him. that's why i don't share his need to belittle and dismiss.
  
  that he didn't want to hear the truth is his problem. the dismissal was an attempt to transfer that onto me and make that my problem. for that to happen i have to react emotionally and get upset/offended and take it personally.
  
  in other words, in his mind i have to have a goal of making him agree with me and then get frustrated when that goal fails and I get a dismissal instead. can you see the self-importance he displays in this? it's as though what I say and how I say it and how I feel about it is all about him. he doesn't view it that way in a vacuum, of course. most people are phony and so they put on a face because they are in the business of impressing others. this is so common he assumes i share this pathology and deals with me accordingly.
  
  that won't work on anyone with even a small amount of real understanding. the reality is, if he cannot appreciate a genuine person who speaks the truth then that is his loss. i respect his decision however foolish it may be. if i needed him to appreciate anything it would only be because my ego imagines itself his master and should control what he does or else it gets upset at him for not doing what it wanted. see that? it's the unspoken undercurrent behind far too much of human interaction.
  
  You were saying, on taking /. too seriously?
  well he saw that a dismissal tactic failed, so he decided to try a different tactic. he decided to try a degrading tactic. so he gets on his high horse and pontificates to me about my life despite having never met me. the message is that he's so superior that he can declare such things.
  
  i'm supposed to be angry or upset by that and respond out of my upset. that'd amount to responding to him with the energy that he gave me. that is surely a losing game. then and only then would i become degraded because i would be living up to the petty egotistical image with which he would like to represent me.
  
  of course it doesn't occur to him that i can say what is true and be happy about doing so. it doesn't occur to him that i can find a lot of humor in this entire exchange. this is mainly because he doesn't see how ridiculous he is being while i do.
  
  the only thing he would recognize as not "taking this and probably my whole life way too seriously" would be if I back off of speaking the truth just because he would rather I didn't. so only if i do his bidding and act as he wishes does he stop trying so hard to find fault that he'll invent one where there is none. you can see the attempt to manipulate in that.
  
  i don't like either option he offers as they are both equally useless. so i have a third option, and that is to expose what he is doing and explain why it will fail when used on me. he may learn something yet.
  
  Nonsense. I expect to learn when reading Slashdot (and, generally, do), whether of facts or opinions. I'm not just here for the comic genius, and I doubt I'm the only one.
  that's because you enjoy learning and have at least some degree of love for truth. that makes you less picky and insistent about when and where you find it and more grateful to find it at all. i think i can safely assume that this positive attitude is not at all limited to slashdot.
75. Re:so, not a hole by greentshirt · 2010-07-26 19:28 · Score: 1
  
  Too long, did not read, but you should get a hobby, or a penpal, or a gaming console, and probably visit with a professional who can tell you why you felt so compelled to write that mini-novel.
76. Re:so, not a hole by Anonymous Coward · 2010-07-27 15:17 · Score: 0
  
  Too long, did not read, but you should get a hobby, or a penpal, or a gaming console, and probably visit with a professional who can tell you why you felt so compelled to write that mini-novel.
  because no one ever has a lot to say about a worthy subject, right? still playing approval games I see. too bad. that's your loss. you realize you weren't even the person to whom i replied, don't you? you'll use the flimsiest excuse to judge anyone and tell them what they should do with their lives. "he wrote a long Slashdot post, and by that I mean longer than the ones I write, so clearly he needs professional help." you truly shame yourself with this, while convincing yourself that you're superior. that's the real insanity and it belongs to you, my friend.
  
  go find someone or something else to belittle and degrade, for you only lower yourself by trying that on anyone with my understanding. think i'm kidding about that? i am a genuine person. i don't play these silly approval games ("oh no, what will he think of me?") like phonies such as yourself. therefore the more you hate me or look down your nose at me (same thing) the more nutty you will become. it will be your own fault, for i wish you well and am not going to do anything against you whatsoever.
77. Re:so, not a hole by Anonymous Coward · 2010-08-02 14:12 · Score: 0
  
  Pretty long, did read ;-)
  Truly, you are wise to the ways of the troll, sir.
  -the "another AC" from before
WTF by fnj · 2010-07-24 11:48 · Score: 0, Flamebait

Can't anybody design any piece of hardware or software that does not have some lame vulnerability?
1. Re:WTF by Anonymous Coward · 2010-07-24 11:54 · Score: 2, Funny
  
  You have an awfully low UID for such a huge troll!
2. Re:WTF by Anonymous Coward · 2010-07-24 11:55 · Score: 0
  
  Can't anybody design any piece of hardware or software that does not have some lame vulnerability?
  Please try it yourself and let us know how it works out.
3. Re:WTF by MadGeek007 · 2010-07-24 11:56 · Score: 1
  
  No. Humans make mistakes; it's a natural fact of life. To expect anything to be flawless is foolish.
4. Re:WTF by AnonymousClown · 2010-07-24 11:56 · Score: 1
  
  Can't anybody design any piece of hardware or software that does not have some lame vulnerability?
  I have. The program is called One.
  Basically, it's an NPN transistor that has a voltage that goes to its base. Its collector is connected to 6V and its emitter is connected to ground. There's a 1K resistor connected to the base and emitter.
  It's a binary one and it's hack proof.
  Genius huh?
  Next, I'll be showing my 1 pixel digital image called: One.
  I'm gonna be rich!
  
  --
  RIP America
  July 4, 1776 - September 11, 2001
5. Re:WTF by sakdoctor · 2010-07-24 11:57 · Score: 1
  
  Hans R Camenzind?
6. Re:WTF by Anonymous Coward · 2010-07-24 11:57 · Score: 0
  
  ever heard of digital wrist watches?
7. Re:WTF by The+MAZZTer · 2010-07-24 11:57 · Score: 1
  
  What about if the power fails?
8. Re:WTF by Anonymous Coward · 2010-07-24 12:04 · Score: 0
  
  "hello_world.c"?
9. Re:WTF by Anonymous Coward · 2010-07-24 12:04 · Score: 0
  
  10 PRINT "Hello World!"
  20 GOTO 10 //Yes i know goto is evil!
10. Re:WTF by MichaelSmith · 2010-07-24 12:05 · Score: 1
  
  Mine doesn't make me happy at all.
  
  --
  http://michaelsmith.id.au
11. Re:WTF by Anonymous Coward · 2010-07-24 12:18 · Score: 1, Funny
  
  You are the humanity's last hope as time and time again those "incompetent" engineers have failed us. This is how it's going to happen. You will get an EE degree from college. Then move onto graduate school to get a PhD in EE. Then you will become an EE professor. After 20 ~ 30 years of excellent productivity of research, you will become a chairman of IEEE and make sure that the published networking protocols are free of any vulnerabilities. Let me know how far you were able to manage through this process.
12. Re:WTF by MadGeek007 · 2010-07-24 12:30 · Score: 1
  
  Good point. That made me think. On the surface there is nothing wrong with a hello world program. However, technologies are only as effective, secure, and efficient as the systems on which they depend.
  
  Believe it or not, I'm a "glass half full" kind of guy; I'm just paranoid :)
13. Re:WTF by mortonda · 2010-07-24 12:32 · Score: 3, Funny
  
  nah, things went downhill about the 50k mark... ;)
14. Re:WTF by Mr.+Vage · 2010-07-24 12:40 · Score: 1
  
  That's simply a demo of his next project, Zero.
15. Re:WTF by Anonymous Coward · 2010-07-24 12:44 · Score: 0
  
  I could hack it with the right EMP.
16. Re:WTF by AHuxley · 2010-07-24 12:46 · Score: 1
  
  Sure category 6 cable. As for wifi your right, why is it so hard to encrypt as needed, are chips that expensive per unit and cryptography developers that rare?
  
  --
  Domestic spying is now "Benign Information Gathering"
17. Re:WTF by Eivind+Eklund · 2010-07-24 13:20 · Score: 5, Funny
  
  I'd say more around the 5170-mark, myself.
  
  --
  Doubting the existence of evolution is like doubting the existence of China: It just shows that you're uninformed.
18. Re:WTF by Tumbleweed · 2010-07-24 13:20 · Score: 3, Interesting
  
  nah, things went downhill about the 50k mark... ;)
  Not really. Things went downhill much sooner than that. I'd have a much lower UID than I have if I had seen the need for it, but the 'first poster' morons, etc., weren't much yet around, and there wasn't much value to HAVING a Slashdot account until some time after the account system was first implemented.
19. Re:WTF by Architect_sasyr · 2010-07-24 14:16 · Score: 1
  
  This was explained to me once, so I feel the urge to pass on the (mis)information.
  
  Your average crypto geek has a job, generally they teach in a university or write books or blogs. What they don't do is troll around job sites looking for "Cryptographic Developer needed to design new standard" jobs. It would be boring etc. What they do do is sit around their office on a quiet friday afternoon and pick apart current cryptographic standards, looking for flaws and such just like this. It takes a pretty special kind of person to read and understand the standards (no I am not one of them), but you can't ask them to drop everything and do it.
  
  At a guess, I'd say that (or a variant of that) is why cryptography developers are so apparently rare.
  
  --
  Me failed English...
  FreeBSD over Linux. If my comments seem odd, this may explain...
20. Re:WTF by squiggleslash · 2010-07-24 14:43 · Score: 1
  
  I hit CTRL-C when this was running and now I have complete access to the computer!
  
  --
  You are not alone. This is not normal. None of this is normal.
21. Re:WTF by Nyder · 2010-07-24 14:49 · Score: 1
  
  nah, things went downhill about the 50k mark... ;)
  Not really. Things went downhill much sooner than that. I'd have a much lower UID than I have if I had seen the need for it, but the 'first poster' morons, etc., weren't much yet around, and there wasn't much value to HAVING a Slashdot account until some time after the account system was first implemented.
  I know things were going downhill when they let me have an account.
  
  --
  Be seeing you...
22. Re:WTF by Anonymous Coward · 2010-07-24 15:04 · Score: 0
  
  You have an awfully low UID for such a huge troll!
  Meh. I'd rather have a big dick than a low number.
23. Re:WTF by IgnitusBoyone · 2010-07-24 15:17 · Score: 1
  
  This has to be one of the Best UID threads I have stumbled on to in a while, but then again what do I know. My 840k shows that I lingered for way to long before signing up. I often wonder what I would be if I had signed up around 2001 when I started reading Slashdot. Granted given the fact I have less then 20 replies or so I haven't needed it all that much. Recently been trying to change that.
  
  --
  Momento Mori
24. Re:WTF by Anonymous Coward · 2010-07-24 15:40 · Score: 0
  
  As a reference, I signed up in '99 and got a 120k ID, which sometimes get praise too.
  I stopped posting frequently when my college days ended around '03. However, unemployment gave me lots of free time and I wanted to start fresh. My other new and active ID is in the 1.8M. I've been trying like mad, but can't hit the karma bonus needed to be posting at +2 for free. Not sure how 'legal' that is, or how angry people will get, so I'm making this pretty anonymous.
25. Re:WTF by zippthorne · 2010-07-24 15:49 · Score: 1
  
  If the power fails, the state isn't "zero." It's indeterminate. Therefore his next project is actually called, 'Maybe'
  
  --
  Can you be Even More Awesome?!
26. Re:WTF by Shimmer · 2010-07-24 16:44 · Score: 1
  
  Slashdotters have been complaining about Slashdot for as long as I can remember (since '98).
  
  --
  The most rabid believers in American Exceptionalism are the exact same people whose policies are destroying it.
27. Re:WTF by Anonymous Coward · 2010-07-24 17:23 · Score: 0
  
  lol, mortonda got pwned!
28. Re:WTF by Khyber · 2010-07-24 17:40 · Score: 1
  
  Shit I thought they were slacking when they let me disable ads!
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
29. Re:WTF by Rene+S.+Hollan · 2010-07-25 15:11 · Score: 0
  
  I figured around the 2k mark.
  Now, get off my lawn!
  
  --
  In Liberty, Rene
30. Re:WTF by Andy+Dodd · 2010-07-26 02:20 · Score: 0
  
  I'm thinking around the 705 mark myself...
  
  --
  retrorocket.o not found, launch anyway?
31. Re:WTF by fnj · 2010-08-01 04:38 · Score: 1
  
  You do understand that one man's "troll" is another man's refusal to tolerate incompetence and sloppiness? I suggest you look up the definition of "troll," Coward.
Wrong way around by Netshroud · 2010-07-24 11:52 · Score: 0

+1 for consumers, -1 for enterprises?
Not that big a deal... by Denis+Lemire · 2010-07-24 11:59 · Score: 4, Insightful

This vulnerability is only useful if the attacker knows your WPA key. In other related news, it has been discovered that those who know your root password can delete all your files.
1. Re:Not that big a deal... by Anonymous Coward · 2010-07-24 12:04 · Score: 0
  
  Did you even rtfa, or did you just not comprehend it?
2. Re:Not that big a deal... by tagno25 · 2010-07-24 12:06 · Score: 2, Interesting
  
  This vulnerability is only useful if the attacker knows your WPA key.
  This is for WPA2-EAP (may or may not cover WPA2-PSK). So they need a valid username and password, not just a key.
3. Re:Not that big a deal... by maximander · 2010-07-24 12:13 · Score: 5, Interesting
  
  When I give someone my root password, I assume they can delete all my files.
  When I give them a limited shell account and set permissions correctly, I don't make that assumption.
  This exploit is more like the later than the former: WPA was supposed to keep traffic of each individual user safe, and now it doesn't.
4. Re:Not that big a deal... by Anonymous Coward · 2010-07-24 12:14 · Score: 0
  
  Yeah, but this could mean that any wireless network you don't have complete control over (public hotspots, etc.) are effectively compromised even if the wireless link is encrypted with WPA2.
  Of course, using a VPN would negate the problem, but I suspect that a significant number of public wi-fi users don't use a VPN as well.
5. Re:Not that big a deal... by Anonymous Coward · 2010-07-24 12:20 · Score: 0
  
  My windows does not have a root account, you insensitive clod!
6. Re:Not that big a deal... by Denis+Lemire · 2010-07-24 12:22 · Score: 5, Insightful
  
  M'eh, if you have anything sensitive that you're sending over the network it should be sent securely, period. ie) via SSH, HTTPS, etc... Otherwise, you're just doing it wrong.
  Having an additional layer like WPA provided is indeed a nice thing, but this being compromised isn't the end of the world. I'd be far more concerned if there was a vulnerability that allowed someone to bypass WPA all together and connect to a network in which he or she isn't authorized.
  The encryption of the traffic itself really isn't that much of a selling point when it'll continue across the wired network in the clear once it hits the router or switch upstream. Encryption that isn't end-to-end really isn't worth the time spent talking about it.
7. Re:Not that big a deal... by Shakrai · 2010-07-24 12:26 · Score: 1
  
  M'eh, if you have anything sensitive that you're sending over the network it should be sent securely, period. ie) via SSH, HTTPS, etc... Otherwise, you're just doing it wrong.
  So I should put an ssh/ssl tunnel between my laptop users and our Windows file server?
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
8. Re:Not that big a deal... by Anonymous Coward · 2010-07-24 12:28 · Score: 0
  
  More FUD.
9. Re:Not that big a deal... by Kral_Blbec · 2010-07-24 12:31 · Score: 1
  
  Yeah, but this could mean that any wireless network you don't have complete control over (public hotspots, etc.) are effectively compromised even if the wireless link is encrypted with WPA2.
  Of course, using a VPN would negate the problem, but I suspect that a significant number of public wi-fi users don't use a VPN as well.
  No, it means that they are remotely possibly compromised.
10. Re:Not that big a deal... by Anonymous Coward · 2010-07-24 12:32 · Score: 0
  
  If the connection is wireless - yes - use SSTP.
11. Re:Not that big a deal... by Shadyman · 2010-07-24 12:42 · Score: 2, Insightful
  
  "When I give them a limited shell account and set permissions correctly, I don't make that assumption."
  
  Isn't the idea to always expect the worst? I'd tend to assume that if I give anyone any access at all, that they will find a way to break it.
12. Re:Not that big a deal... by Denis+Lemire · 2010-07-24 12:46 · Score: 1
  
  That or replace your Windows file server with something trustworthy. ;)
  Actually, I may have to claim ignorance here as I haven't looked into it recently, is there STILL no crypto available in SMB/CIFS traffic?
  If not then perhaps IPSEC between your Windows servers and clients, it's a probably a hassle to setup, but it would give you another layer of security. I've never trusted wireless enough to do sensitive data transfers using non-secure protocols. Guess that's why I don't see this as a big deal. Just business as usual.
13. Re:Not that big a deal... by yuhong · 2010-07-24 12:47 · Score: 1
  
  Only if something like people connecting to the wired network and running packet sniffers is a concern.
14. Re:Not that big a deal... by yuhong · 2010-07-24 12:51 · Score: 5, Insightful
  
  Yep, WEP stood for Wired Equivalent Privacy, which was all it and WPA(2) was intended to provide, nothing more.
15. Re:Not that big a deal... by Denis+Lemire · 2010-07-24 13:01 · Score: 1
  
  Exactly...
16. Re:Not that big a deal... by John+Hasler · 2010-07-24 13:21 · Score: 1
  
  > Isn't the idea to always expect the worst? I'd tend to assume that if I give
  > anyone any access at all, that they will find a way to break it.
  The worst would be to assume that they will find a way to break it no matter what you do even with no access at all and so it is all hopeless.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
17. Re:Not that big a deal... by John+Hasler · 2010-07-24 13:25 · Score: 3, Insightful
  
  It's "Wired Equivalent Privacy" only if your idea of "wired privacy" involves dangling a cable out the window down into the alley behind the building.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
18. Re:Not that big a deal... by blacklint · 2010-07-24 13:35 · Score: 4, Interesting
  
  It used to be that an enterprise WPA2 network had a similar level of privacy to a switched wired network, where individual users couldn't see each other's traffic. Now it is equivalent to a network with hubs, allowing connected users to see each other's traffic.
19. Re:Not that big a deal... by yuhong · 2010-07-24 13:40 · Score: 1
  
  This seems like a packet injection attack to me.
20. Re:Not that big a deal... by yuhong · 2010-07-24 13:41 · Score: 1
  
  Are you talking about the WEP security holes found over the last few years? That was not what I am talking about.
21. Re:Not that big a deal... by GNUALMAFUERTE · 2010-07-24 13:51 · Score: 1
  
  Yes, but first you have to get rid of windows.
  
  --
  WTF am I doing replying to an AC at 5 A.M on a Friday night?
22. Re:Not that big a deal... by mysidia · 2010-07-24 15:12 · Score: 1
  
  This is more like: when you let a user plug into your network, there is a possibility of them using ARP Hijacking or IP Spoofing to capture traffic intended for another computer on the same subnet.
  In many ways, this is just a wireless protocol equivalent of ye' old ARP hijack.
  But I don't see anyone around shouting about how the Ethernet protocol is broken and needs this security hole in the protocol to be fixed.
23. Re:Not that big a deal... by Anonymous Coward · 2010-07-24 19:22 · Score: 0
  
  Except there's no equivalent to this vulnerability on wired switched Ethernet, where if it's not destined for your host, it never touches your wire. This is the equivalent of a promiscuous host on an Ethernet repeater, so we're talking about "wired equivalence" to 2002 or so.
24. Re:Not that big a deal... by amorsen · 2010-07-24 22:38 · Score: 2, Interesting
  
  Actually it seems that WPA2 enterprise is exactly like a switched wired network. The casual users can't see each others traffic, but the knowledgeable can see everything. Unless there's an ubergeek doing the switch administration (which generally doesn't happen outside academia) and the switch is really good (which is rarely the case in academia).
  
  --
  Finally! A year of moderation! Ready for 2019?
25. Re:Not that big a deal... by slater86 · 2010-07-25 02:05 · Score: 1
  
  Kinda sounds the same as people foolishly relying on switches (as opposed to hubs) for keeping malicious users from sniffing username/password combos going by. Just use ssl over the top and you're good to go still. Multiple layer is for a reason.
  
  --
  When people ask if I'm an optimist, I say "I hope so". --Bill Bailey
26. Re:Not that big a deal... by Anonymous Coward · 2010-07-25 13:46 · Score: 0
  
  It's "Wired Equivalent Privacy" only if your idea of "wired privacy" involves dangling a cable out the window down into the alley behind the building.
  I think that's "Wired Equivalent Piracy"...
27. Re:Not that big a deal... by sjames · 2010-07-25 14:27 · Score: 1
  
  Oddly enough, plenty of people (including professionals) think that WPA is a magic bullet that protects you from others on the same AP as well as outsiders.
  They're wrong.
home router still safe by faber0 · 2010-07-24 12:00 · Score: 1

your home wpa2/psk environment is still safe, so don't worry about your neighbours virtual break-in.....
Yawn by Jeffrey+Baker · 2010-07-24 12:03 · Score: 2, Insightful

In other news, people on your wired ethernet segment can also see your "private" traffic. If you care so much, use SSL. Next scaremongering non-story in 3, 2, 1.
1. Re:Yawn by yuhong · 2010-07-24 12:54 · Score: 0, Redundant
  
  Yep, WEP stood for Wired Equivalent Privacy, which was all it and it's successor WPA(2) was intended to provide, nothing more.
vuln fixed. cat-5 cables. by swschrad · 2010-07-24 12:03 · Score: 0

nooo problemo.

--
if this is supposed to be a new economy, how come they still want my old fashioned money?
Michael Jackson said it best by CaptSaltyJack · 2010-07-24 12:05 · Score: 5, Funny

"I'm starting with the man in the middle
I'm asking him to change his ways
Every packet is encrypted just a little
If you wanna make your network a safer place
Find the man in the middle and punch his face."
1. Re:Michael Jackson said it best by vivek7006 · 2010-07-24 12:45 · Score: 1
  
  U sir are my new hero!
2. Re:Michael Jackson said it best by PJ6 · 2010-07-24 14:37 · Score: 1
  
  You, sir, are one of the reasons I actually read the comments here :)
3. Re:Michael Jackson said it best by AmberBlackCat · 2010-07-24 14:40 · Score: 1
  
  If your comment had a "Like" button, I'd click it.
4. Re:Michael Jackson said it best by Dusty101 · 2010-07-25 04:47 · Score: 1
  
  That just made my day.
  Maybe I should get out more, though?
5. Re:Michael Jackson said it best by Anonymous Coward · 2010-07-25 12:23 · Score: 0
  
  You made me laugh out loud my friend. It was a deep belly laugh that made my huge cock rub up against my inner thigh and pull free from where I keep it teathered during work to prevent the ladies from being distracted. Now I have to go adjust my harness, thank you though, I needed the laugh.
I don't understand how it could be possible... by John+Hasler · 2010-07-24 12:09 · Score: 1

...even in principle to create a secure over-the-air encryption system with no out-of-band key exchange. Does there exist a proof of this?

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
1. Re:I don't understand how it could be possible... by fwr · 2010-07-24 12:26 · Score: 2, Interesting
  
  There is an out-of-band key exchange. It is called a trusted certificate. You know, just like how HTTPS works. This is for WPA2 Enterprise, of which there are many different EAP methods possible, but for which most do include an out of band key exchange (i.e., certificates, or EAP-FAST PAK). In any case, there's also the old DH key exchange, which worked fine for IPsec for years.
2. Re:I don't understand how it could be possible... by John+Hasler · 2010-07-24 12:49 · Score: 1
  
  Ok. I was thinking of "personal" mode (I don't use wireless at all, myself).
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
3. Re:I don't understand how it could be possible... by selven · 2010-07-25 09:18 · Score: 1
  
  Each user has a pair of cryptographic keys--a public key and a private key. The private key is kept secret, while the public key may be widely distributed. Messages are encrypted with the recipient's public key and can only be decrypted with the corresponding private key. The keys are related mathematically, but the private key cannot be feasibly (ie, in actual or projected practice) derived from the public key.
  Public Key Cryptography.
IPSEC here we come by Anonymous Coward · 2010-07-24 12:19 · Score: 0

So deploy ipsec everywhere...
Ha Ha! The joke's on them! by Anonymous Coward · 2010-07-24 12:33 · Score: 0

I use ROT13. TWICE!
Mommy! by Konster · 2010-07-24 12:48 · Score: 1

Mommy, Jimmy's sniffing my packets again, make him stop!
1. Re:Mommy! by Andorin · 2010-07-24 13:37 · Score: 1
  
  ...yuck.
  
  --
  That Anonymous Coward guy is pretty annoying. Can we have the government censor him or something?
Actually makes a bit of sense if you can't enforce by dbIII · 2010-07-24 12:49 · Score: 1

Actually that's not entirely a bad idea.
One frequent problem is that many people that think they are too important to obey pesky IT rules and they will give out the WPA key to any visitor that wants to check their email. Thus you have to assume to a point that the network is open and restrict things to certain MAC addresses or similar anyway.
Assuming the wireless network is completely open (but not actually doing so), sticking it on the outside of a firewall and letting laptop users in with some sort of VPN actually makes a bit of sense.
Re: I will make sure he is gonna look like by caekys · 2010-07-24 12:58 · Score: 1

I will make sure he is gonna look like Michael Jackson himself, after I am done.
Re:Actually makes a bit of sense if you can't enfo by yuhong · 2010-07-24 13:01 · Score: 1

Or just create separate open wireless networks outside the firewall for visitors along with the WPA(2) wireless networks.
VPN by Jaime2 · 2010-07-24 13:07 · Score: 5, Insightful

I've been telling people to use VPN over WiFi connections forever. Even better, put your wireless devices on the outside of the firewall, so they have no choice but to VPN in. This also makes giving a random guest access to your wireless no big deal. Any one who thinks wireless networking will ever be safer than an old-fashioned hub is deluding themselves.
1. Re:VPN by Anonymous Coward · 2010-07-24 13:44 · Score: 0
  
  If I had any mod-points I would mod you up so fast, it would look like the space shuttle taking off.
2. Re:VPN by zippthorne · 2010-07-24 15:57 · Score: 1
  
  But the article pretty clearly demonstrates that it already is safer than the old-fashioned hub: with the old fashioned hub, every computer can hear every other computer, and nobody encrypts anything at all by default. Even with the new exploit, there are some parts of the communication that still aren't compromised by a malicious peer, which is something that wired "hub" networks really can't claim. (switched networks OTOH, if you've got enough switches...)
  Also, with VPN, once someone is connected to the VPN, they're another peer, just like a wired peer. I fail to see how you get any benefit to your proposed solution to the problem.
  
  --
  Can you be Even More Awesome?!
3. Re:VPN by fonos · 2010-07-24 17:26 · Score: 1
  
  Also, with VPN, once someone is connected to the VPN, they're another peer, just like a wired peer. I fail to see how you get any benefit to your proposed solution to the problem.
  The benefit of the VPN is that it encrypts your traffic so that someone using this exploit wouldn't be able to see and manipulate your traffic.
4. Re:VPN by phoenix321 · 2010-07-24 21:14 · Score: 1
  
  This seems like an old case of "never trust the client".
  A wireless LAN client is by default a mobile computer. Only lazy or stingy companies would connect stationary computers by wireless.
  A mobile computer will leave the company with its employee on business trips or weekends, otherwise they wouldn't need a mobile one. It will then need to connect to an external network, hotspot or 3G link. (Except for the rare case of purely internal mobility on large campuses protected by armed guards with bag and suitcase inspection on every leave)
  A computer that has left the direct observable company area and/or connected to an external network is by definition a piece of untrusted equipment. It may be a bit more trusted or secure than a computer connecting from a public Internet cafe somewhere in rural Nigeria, but not by a large margin.
  A company is foolish if it allows a mobile computer to behave as a truly internal, trusted resource and operate on sensitive corporate data or transfer any data outside the data center.
  A company is also foolish if it allows a stationary computer to do the same, since no computer is truly stationary or physically impenetrable unless you weld shut the case and bolt it on the ceiling.
  You either control the workplace environment and all things and data going in and out - which you can't above a certain size threshold or budget - or you take measures to keep the data in your data center where you *can* do that.
  That's why I'm a big fan of virtualized desktops and a two-factor authentication for the users. Virtualized desktop sessions will also protect the data in transit, end-to-end, using a password or other secret communicated out of band.
  After that, security between client computer and network doesn't matter that much anymore. Even keyloggers would not be able to extract any existing data, only newly typed text. It would take full-screen video capturing with OCR to make out any secrets and even then only the documents the user opens and views in that session. Both could be attained easier and less noticeable by shoulder-surfing or hiding cameras in the room, so I'm not too worried about it.
5. Re:VPN by Anne+Thwacks · 2010-07-24 21:26 · Score: 1
  
  Any one who thinks wireless networking will ever be safer than an old-fashioned bath tub is deluding themselves.
  There, thats fixed it for you!
  
  --
  Sent from my ASR33 using ASCII
6. Re:VPN by ensignyu · 2010-07-25 00:03 · Score: 1
  
  I'd be nice if I could allow people to use my wifi network, but ONLY to VPN to their own network. That way, they could use it to get connectivity but can't do stupid stuff using my IP address (for the same reason that some sites block Tor exit nodes).
7. Re:VPN by Charliemopps · 2010-07-25 00:19 · Score: 1
  
  Thats the problem with wireless security, it simply makes people feel safe when they are not. All it does is keep the neighbors from spying on what your doing. Anyone with even the slightest skill and motivation can intercept just about everything you're doing over a wireless connection.
8. Re:VPN by Sancho · 2010-07-25 02:21 · Score: 1
  
  Are you actually saying that a virtual machine is safe from the host on which it runs?
9. Re:VPN by evilviper · 2010-07-25 05:47 · Score: 1
  
  Any one who thinks wireless networking will ever be safer than an old-fashioned hub is deluding themselves.
  Care to explain how you can say that "VPN" over WiFi is safe, but WiFi can never be safe?
  If the computational requirements weren't so high, there's nothing stopping WiFi manufacturers from integrating IPSec, or similarly well-proven network protocols into the standard.
  And yes, I would say that WiFi with elementary encryption is more secure than a HUB of all things... While people don't typically know how to do it, there's not much stopping someone from picking-up the RF signal off a piece of CAT-5, from outside your building... That's how a cable tracer works to begin with.
  
  --
  Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
10. Re:VPN by Jaime2 · 2010-07-25 06:41 · Score: 1
  
  Care to explain how you can say that "VPN" over WiFi is safe, but WiFi can never be safe?
  History. People always seem so optimistic that the current flaws of wireless will be solved in the next six months, but they never are. I remember talking to friends ten years ago and listening to "pretty soon everything will be wireless". Since then, wireless has gone from 11Mb/s to 150Mb/s, where very few people get 150 in real life, plus it's shared bandwidth. Wired networking has gone to 1Gb/s as the cheap standard and 10Gb/s readily available in the wiring closet, this is dedicated bandwidth as everything is switched nowadays.
  
  Wireless security has gone the same direction -- IPSec has been around longer than 802.11 (1995 vs. 1997). I can't remember any major attacks against IPSec in the 15 years it has been around, but every wireless security protocol has had at least one. Since the hardware vendors have refused to include a sane protocol, I've been recommending using one on top of wireless forever. The day a real end-to-end security protocol is included with a wireless standard, I'll change my recommendation. I'm not holding my breath, as the goal of wireless security is to keep unauthorized people off the network, not to protect each data stream from each other.
  
  As for picking up CAT-5 signals from outside the building -- most offices have hundreds of CAT-5 wires running in bundles for much of their total distance. It would take some pretty hardcore equiptment to pick up a single data stream without the ability to wrap a pickup coil around a single wire. All it takes to pick up wireless network signals is a $30 card that comes preinstalled on laptops.
11. Re:VPN by Anonymous Coward · 2010-07-25 08:07 · Score: 0
  
  "can't do stupid stuff using my IP address"
  Yes they can.
  Mr Plod the policeman shows up at Foo Corp, who have a VPN. "Someone at Foo Corp on address 10.4.3.2*** did a Very Bad Thing". The Foo Corp sysadmin finds that 10.4.3.2 is a VPN address and check the logs. "It was the account of Bob Fisher, and he left the company six months ago". "Oh dear" says Mr Plod in an ominous way that makes the sysadmin frantically search for something useful to say. "But he connected from 10.8.7.6"
  Your doorbell rings. 10.8.7.6 is the static IP you use for allowing people to share your WiFi network. Mr Plod might not believe you that a neighbour asked to use it recently, that you've never met him before and can't describe him beyond saying he was "kinda Arab looking". Good news: A decent lawyer will probably get you off. Bad news: that may take a few weeks and you're a Suspected Terrorist so you'll spend those weeks in a jail cell. Hope your employer has a sense of humour.
  *** using these addresses rather than real globally unique ones for the story
  (also, did I mention that Slashdot's unicode handling sucks donkeys?)
Re:Actually makes a bit of sense if you can't enfo by Shakrai · 2010-07-24 13:10 · Score: 1

One frequent problem is that many people that think they are too important to obey pesky IT rules and they will give out the WPA key to any visitor that wants to check their email.

Most enterprise grade access points will support multiple SSIDs and VLANs. It's child's play to setup a VLAN for guests that provides internet access without putting them on your corporate network. I did this at my job because I was sick of explaining to the bosses why it was a bad idea to put vendors and salespeople on our corporate network just so they could check their e-mail. It took all of ten minutes to setup with Cisco access points, switches and routers.

--
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
Re:Actually makes a bit of sense if you can't enfo by yuhong · 2010-07-24 13:10 · Score: 1

Of course, if you really want to limit it to visitors, you could use WPA(2)-Personal for the visitor network.
One question by cowboy76Spain · 2010-07-24 13:30 · Score: 1

Hi.
We recently had some security tests with a consulting firm and, while no WiFi test was done (we have no WiFi), I was curious and asked the guy about WiFi security. He told me that, given that there was a constant traffic, he could break any WiFi in about two hours. So I do not know if this vulnerability is a completely different thing or that guy was just too much optimistic.
Anyone does have first hand info?

--
Why can't /. have a rich-text editor? Editing your own HTML is so XXth century.
1. Re:One question by Anonymous Coward · 2010-07-24 14:15 · Score: 0
  
  he could break the WEP in two hours by waiting for enough traffic, yes. but its the dumb way to do it.
2. Re:One question by Anonymous Coward · 2010-07-24 22:17 · Score: 0
  
  You pay him to break into your network, and tell you how he did it. Why would he tell you how to secure yourself before you paid him for this info?
So what... by Anonymous Coward · 2010-07-24 13:35 · Score: 0

Some wireless vendors can detect soft "fake" APs because the entire wireless system knows which packets are generated by itself, and which are spoofed. These systems can also triangulate the rogue device. See arubanetworks.com for just one example.
He also didn’t mention how long it took, although it can’t have been that long. Crank down the rekey interval on the ptk and that would help some, although a script could be ran on the attacking machine to continually repoll for updated keys.
But, So what? A malicious INSIDER can sniff or inject other users traffic while being already connected to the wpa2 network. The malicious insider could also go plug in a wired device and do a whole lot more damage, easier, and faster.
There is no vulnerability from an UNauthorized wireless attacker. Wake me when that happens.
Not normally by Sycraft-fu · 2010-07-24 13:47 · Score: 2, Insightful

The whole point of a switch is that it sends data only to the host that it is for. So you don't get my data out your switch port. If you clone a MAC, that doesn't do the trick as it just confuses the switch and some data goes to one computer, some to the other, and the connection works poorly. Back in the day you could overload the switches in various ways and make them act like hubs, but that is also noticeable, and it doesn't work on new high quality switches.
Wired networks are actually pretty secure from snooping over all. It's not impossible, but it is damn hard.
1. Re:Not normally by bitslinger_42 · 2010-07-24 14:14 · Score: 1
  
  Of course, this is why serious attackers on a switch don't try cloning MACs. They send gratuitous ARPs to the systems they want to sniff traffic from and pretend to be the default router. Or they take over the root of the spanning tree on the switch. Or they send an email to their target that says "Click this link to download nekkid pictures of " but actually installs a keystroke logger.
  None of that is as hard as the 133t hax0rs want you to believe. Not trivial, and not undetectable, but not particularly difficult these days, thanks to Ettercap.
  Of course, it's often cheaper and easier to just slip the janitor a $50 to have them photocopy all the CEO's garbage, but that doesn't sound nearly geeky enough :-)
2. Re:Not normally by hitmark · 2010-07-24 20:22 · Score: 1
  
  the email keylogger have nothing to do with the kind of network one is running...
  
  --
  comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
Discrepancy: Theory vs. Practice by Anonymous Coward · 2010-07-24 14:04 · Score: 0

With cryptographic theory, we have many systems which seem to be really hard to break. We have stuff which we can prove is secure unless the attacker uses brute force, a quantum computer, or solves a "hard" problem in number theory.
Why is it so difficult to make an actual secure cryptosystem?
1. Re:Discrepancy: Theory vs. Practice by ledow · 2010-07-24 21:59 · Score: 3, Insightful
  
  Because in practice, making sure that there is absolutely no hint of a secure piece of information is incredibly tricky. Most programmers traditionally have little concept of actual *secure* programming. Most implementations of perfectly secure algorithms are subject to flaws because people didn't treat side-cases, or properly analyse how the traffic use would affect the algorithm, etc. e.g. not renegotiating keys often enough, so that people can see enough traffic to decrypt a key in a relatively short space of time.
  Additionally, this isn't an attack on the crypto. The crypto secures the conversation, it does not necessarily prove identity and if it does prove identity most places don't care about the identity (how many company distinguish individual users/computers over the wireless network by anything other than MAC/IP/username given? AES is still 100% perfectly intact. If you'd been using, say, OpenVPN or OpenSSH with the same algorithm over an unsecured wireless network, the internal encrypted conversation would still be virtually as secure today as it was when AES was invented. The problem is that the *implementation* of AES wasn't designed to cover the usage scenario here, and probably never could be because of the way the access to this particular tiny piece of this part of the broadcast specification is granted. Basically, the flaw has always been sitting there in WPA, not in AES which is still chugging along nicely doing its job. Shocking that a wireless "encryption" fails to properly implement a security scheme because of a bad implementation that side-steps the actual encryption itself... that's never ever happened before ever anywhere :-P
  Moral of the story: only trust crypto from those well-established in the crypto-field that's been attacked and attacked and still is approved for government/military use in lots of sensible countries. And then make sure you have a damn good implementation that's not overly complex, or cast in stone, such that most people can't examine it / play with it / fix it.
  If you'd been running OpenVPN over the same wireless network, but using OpenVPN's key infrastructure and encryption instead of WPA or WEP or anything at all (i.e. completely "open" wireless) you would still be secure. A bad implementation of a particular encryption in WPA allows people to bypass steps of the actual encryption process that were never designed to be bypassed. It's almost an "out of band" security vulnerability - i.e. nothing to do with whether you use AES or Blowfish or 3DES or whatever you choose... they basically find a way around the (still theoretically secure) encryption that has no effect on the efficacy of the encryption itself.
  Basic rule: Just because your "Ethernet-over-the-mains" devices says it uses AES, don't think that means it's "secure". Chances are that it's not.
No shit, really? by RoboRay · 2010-07-24 14:19 · Score: 1

So, if you grant someone access to your encrypted wireless network, the person you granted access to can access data on that network? Who would have thunk it?
1. Re:No shit, really? by udippel · 2010-07-24 15:14 · Score: 1
  
  So, if you grant someone access to your encrypted wireless network, the person you granted access to can access data on that network? Who would have thunk it?
  Is that 'data' in your sentence or 'encrypted data'?
  Is that 'data' in your sentence or 'keys'?
So an authenticated user can sniff my packets.. by Culture20 · 2010-07-24 14:20 · Score: 1

Just to make sure (I've never read the WPA2-EAP specs), the login username/password for access to the wireless is encrypted with another layer and isn't now cleartext to any malicious authenticated user? Any place with single sign-on for Wireless and Computers could be seriously exposed to internal baddies.
Fire the consultant by VortexCortex · 2010-07-24 14:29 · Score: 2, Insightful

Statements like, "I could break any WiFi in about two hours," are red flags that you should higher a different security researcher...
The terms "any", "ever" or "all" are not in most security researcher's vocabularies when talking about unknowns or speculative situations.
We prefer to use terms that imply some degree of uncertainty such as "mostly", "almost never", and "nearly all" since the one thing we know
as security researchers is "trust no one", followed closely by "there is almost always an exception to the rule".
I'm certain that there is at least one "WiFi" your researcher could not break in approximately two hours, thus voiding the "any" term they used.
When in doubt just say, "Prove It."
In other words... by thePowerOfGrayskull · 2010-07-24 14:36 · Score: 1

In other words, if someone is already logged into a network they can perform a MITM attack against user(s) on that network?
Maybe it's just me, but I never considered traffic *within* a network to be secure from other network users, even on a wired network.
1. Re:In other words... by gmthor · 2010-07-24 20:14 · Score: 1
  
  When you are on an enterprise level network, all traffic goes through high configurable switches that are locked. No user can see other peoples traffic. To do a man in the middle attack, you would have to get access to the switches or routers. This is usually much harder to achieve.
  
  --
  How do I uncompress my MD5 archive?
Not 100% suprising... by tengeta · 2010-07-24 14:48 · Score: 1

If there is a reason you don't want someone seeing it, don't Wi-Fi it. Its not a 100% solution but it gets Wi-Fi vulnerabilities out of the way. I've always been too paranoid to do anything financial over a Wi-Fi and I only get more reasons to support that paranoia.

--
"They confiscated everything, even the stuff we didn't steal!"
What now? by iris-n · 2010-07-24 16:16 · Score: 1

Is there any wi-fi crypto left standing?
I understand that only applies to Enterprise mode; so will enterprises revert to using passphrases? Or if you use passphrases you already don't have protection from your peers?
Also, TFA talks only abou WPA2. However, there seems to be no reason to think it does not apply to WPA as well. Is anyone sure?

--
entropy happens
1. Re:What now? by gmthor · 2010-07-24 20:22 · Score: 1
  
  WPA-PSK doesn't even have this protection.
  You should consider WPA(1) practically broken. To many weaknesses have been discovered already.
  
  --
  How do I uncompress my MD5 archive?
2. Re:What now? by iris-n · 2010-07-25 01:24 · Score: 1
  
  No. AFAIK, the vulnerabilities in WPA(1) only applies to WPA+TKIP. WPA+AES is still flawless.
  And they don't lead to key retrival, so I wouldn't consider it to be pratically broken, anyway.
  
  --
  entropy happens
3. Re:What now? by yuhong · 2010-07-25 08:10 · Score: 1
  
  Not to mention reducing the rekey timeout and disabling QoS (basically it opened a loophole in TKIP's replay protection) fixes most of them.
4. Re:What now? by yuhong · 2010-07-26 13:09 · Score: 1
  
  Reading the Beck-Tews paper, it should really be "reducing the rekey timeout or disabling QoS". And the trick to fix the TSC counter referenced by this paper and described in more detail in another paper by having a MITM to jam traffic would obviously require physical access, thus isn't really practical.
Ummm... by Stormy+Dragon · 2010-07-24 16:48 · Score: 1

Hole 196 lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network, and compromise other authorized devices using open source software, according to AirTight
Wouldn't it be easier for said malicious insider to just give the man-in-the-middle the PSK?
1. Re:Ummm... by yuhong · 2010-07-25 17:38 · Score: 1
  
  This attack is against WPA(2) Enterprise.
Open Source? by MarkusQ · 2010-07-24 17:03 · Score: 1

Anyone else note the gratuitous dig at open source:

user can decrypt, over the air, the private data of others, inject malicious traffic into the network, and compromise other authorized devices using open source software,

So I guess everything would be OK except for those pesky kids and their free software. *sigh*
-- MarkusQ
802.1x is not designed for this crap by Anonymous Coward · 2010-07-24 17:30 · Score: 0

First of all (Attn TFA author) if you've read the 802.1x spec theres a huge honkin warning its not suitable in situations where the transport is not physically secure. IE if you don't trust the wired path from the switch providing port access to the system its plugged into then you shouldn't be using 802.1x in the first place as the path is obviously subject to trivial MITM.
The same idea applies to WPA. If your using a shared key and you don't trust others in posssesion of said key then your a moron if you think the key is doing you or anyone else any good.
Haha by X.25 · 2010-07-24 19:09 · Score: 1

Holy crap, I am really sentimental now.
I remember the good old days of security world, where BH/CCC/Defcon/etc presentations were technical marvels and work of extremely bright people.
Ah, good old days...
No need to worry... by fph+il+quozientatore · 2010-07-24 19:40 · Score: 2, Funny

...I'm using WEP, so I am perfectly safe!

--
My first program:
Hell Segmentation fault
Doubtful... by azrider · 2010-07-24 19:46 · Score: 1

Ahmad says it took about 10 lines of code in open source MadWiFi driver software, freely available on the Internet
Which is no longer used in current Linux kernels (and won't even compile properly without major tweaks.

The problem appears restricted to WPA Enterprise (802.1X with TKIP/AES-CCMP) in practical terms, because a malicious user must have legitimate credentials to gain access to the network to exploit the flaw.
And admin level access to the system to perform MAC spoofing. Sure, another user could see your broadcast transmission, but the user credentioals are not used during broadcast.

--
And ye shall know the truth, and the truth shall make you free.
John 8:32(King James Version)
1. Re:Doubtful... by Splab · 2010-07-24 22:10 · Score: 1
  
  Uhm, what?
  The point of mad wifi is he can use that to exploit the WPA2, it seems that you think it's an exploit within the drivers. Doesn't matter if it's used in the current kernels, you can just install an earlier version.
  Also, this exploit is useful if you have access to the network, since you have physical access to some machine near the AP, you have some admin access to the machine, thus this is very much an issue if you only rely on WPA2.
2. Re:Doubtful... by azrider · 2010-07-25 23:50 · Score: 1
  
  The point of mad wifi is he can use that to exploit the WPA2, it seems that you think it's an exploit within the drivers.
  No, the article (as I quoted) states that it is the driver. Pay attention to what you are responding to.
  
  Also, this exploit is useful if you have access to the network, since you have physical access to some machine near the AP
  Not on MY NETWORK, since with Radius or TACACS+ there is more to the authentication than you think.
  Besides, this is broadcast traffic (which should not have critical information) as opposed to point-to-point authenticated traffic.
  If you are sending sensitive traffic over broadcast protocols, you deserve what you get.
  If your network security administrator (who might be your system administrator too) allows it, FIRE THEM NOW.
  
  --
  And ye shall know the truth, and the truth shall make you free.
  John 8:32(King James Version)
Re:Actually makes a bit of sense if you can't enfo by Linker3000 · 2010-07-24 22:49 · Score: 1

Indeed - we have a Draytek 2820 broadband wireless router at HQ and it can be setup with up to four SSIDs that can be individually rate limited and isolated from each other (if wanted), giving guest users only broadband access but no corporate LAN connectivity.

--
AT&ROFLMAO
Seriously, why is WPA needed? by characterZer0 · 2010-07-24 23:36 · Score: 1

Connect to an open access point. Establish a VPN connection to the router. Configure the router to only route traffic from VPNed clients. What is the problem? Why can VPN be secure but they cannot seem to manage to build a wireless security system?

--
Go green: turn off your refrigerator.
1. Re:Seriously, why is WPA needed? by Anonymous Coward · 2010-07-25 03:36 · Score: 0
  
  Now that you've set that up, nobody can connect. You've created a catch-22. Only VPNed clients can connect, but they cannot connect in order to create the VPN tunnel because they are not on VPN (yet). You probably already knew this and were simplifying but the fact is that you have to accept SOME amount of unencrypted traffic (such as the IKE) in order to create the encrypted tunnel in the first place.
2. Re:Seriously, why is WPA needed? by Vetruvet · 2010-07-26 00:20 · Score: 0
  
  Now that you've set that up, nobody can connect.
  No, they can connect. You don't need (can't have) a VPN tunnel to connect. Once connected (open access point), however, the router won't route anything past itself until the client creates the VPN tunnel.
this reminds me.... by kujokane · 2010-07-25 08:02 · Score: 0

I heard a saying once before. I can't remember who said it but, "Security is a myth, no system is secure"- unknown
Censor the logs by Anonymous Coward · 2010-07-26 01:58 · Score: 0

In that case the Australian government can have access to user logs with 90% censoring... we'll let them see the protocol part of the requested URLs.