Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Improvements On the Attacks On WPA/TKIP

timothy posted more than 4 years ago | from the feelin'-nervous dept.

Wireless Networking 166

olahau writes "Two weeks ago, improvements to the previously reported attack on WPA/TKIP, were presented at the NorSec Conference in Oslo, Norway. In their paper coined 'An Improved Attack on TKIP,' Finn Michael Halvorsen and Olav Haugen describe the improvements, which enable an attacker to inject larger, maliciously crafted packets into a WPA/TKIP protected network, thus opening the probabilities for new and more sophisticated attacks against the well-established wireless security protocol."

cancel ×

166 comments

AM or FM? (5, Funny)

MobileTatsu-NJG (946591) | more than 4 years ago | (#29915075)

New Improvements On the Attacks On WPA/TKIP

... in Cincinatti!!

Re:AM or FM? (0)

Anonymous Coward | more than 4 years ago | (#29915239)

Do these attacks involve turkeys?

Re:AM or FM? (1, Funny)

Anonymous Coward | more than 4 years ago | (#29915409)

Do you like tkips?

Re:AM or FM? (2, Funny)

clang_jangle (975789) | more than 4 years ago | (#29916245)

Do you like tkips?

OMG I fucking *love* tkips!

Black History Month (-1, Troll)

Anonymous Coward | more than 4 years ago | (#29915701)

HOW TO BE A WORTHLESS, VILE, AMERICAN YARD-APE!!!!
  • Slink around, shuffling your feet and bobbing your neck like the lazy retard you are.
  • Walk down the middle of the street because you don't know what a sidewalk is for.
  • Hang out at carwashes and mini-marts because everybody knows these are the best places to be a dope, I mean dope.
  • If you're a nigger bitch, shit three nigger babies into the world before 17 years of age. This assures that welfare money will support you, so your nigger men have more time to commit crimes.
  • And give REAL honest black people a bad name.
  • Oh yes, make sure each nigger baby has a different father.
  • Bastardize the English language in the name of nigger culture.
  • Make sure that several terms have multiple meanings and others have ambiguous meanings and that only 50% of nigger words are even complete words. Real niggers will know what you're trying to say.
  • As a culture, make sure there are always more blacks in prison than in college at any given time.
  • Hang out in packs of 10 to 15 and make sure everyone acts as annoying as possible. This helps to promote nigger individuality.
  • Always talk loud enough so everyone in the 'hood can fucking hear you, and if they are niggers, they will know what your saying, bro.
  • Wear clothes that are 10 sizes too big, making sure the pants hang off your ass.
  • Park at least 5 junk cars in your yard while being careful not to use the driveway. It's OK to abandon them in the street as long as it's in front of someone else's crib.
  • Exaggerate every motion, every tonal inflection and grab your dick a lot.
  • Do drugs, sell drugs, make drugs. Okay, don't REALLY do this, but it IS what niggers do.
  • Turn your backyard into a junk yard. If you don't have a backyard, turn your mother's into a junk yard.
  • Travel around leaching off relatives, friends, salvation armies.
  • Drink cheap wine and malt liquor every day, forgetting that "malt liquor" is just fortified cheap beer.
  • If you're a nigger buck: fuck anything that moves, no matter how ugly she is. After two 40oz, even the ugliest, fattest nigger bitch will look good.
  • Be charitable and covet fat, ugly white chicks. After all, they're niggers too. They can't help being so undesirable to white men that they have to fraternize with black dudes on a 20/20 trip. And white ho's are a special trophy too, especially the not so ugly ones.
  • Spray paint everything in sight with scribbles that mean nothing to white people but mean things to fellow niggers (except niggers from another hood who will probably go after you for tresspassing on their turf).
  • Use the term "motherfucker" in every sentence. It's one of the most versatile words in the nigger language, being a noun, verb, adjective and complete mini-sentence in event you run out of thoughts.
  • Stop in the middle of the street, blocking all traffic to converse with fellow niggers and have complete disregard for everyone else.
  • Overcharge customers at Taco Bell and pocket the difference.
  • Drive your car while slouched so low that you can barely see over the wheel (gangsta drivin').
  • Get a job under affirmative action. Then sit around all day pretending that you earned the position and that the other co-workers respect you. Whenever you fuck up, scream "racism!" & hope you get enough Generation X liberals in the jury.
  • Never, I mean NEVER, take any responsibility for your actions. Always blame others including Asians, Latinos, Mexicans, and especially Whites for your sorry ass stupid lives.
  • Be sure to get a dog, tie it up in the cold and mud and neglect it until it dies. Then start all over again. Cash must be used because you long ago fucked up your credit and checking account.
  • Cram 5 generations into a two room government apartment and still be able to neglect your kids.

Then you too can be a true nigger, and anyone who finds any fault with anything you do is automatically a racist. They don't dislike what you do and wish you would do something better with your life, nor do they wish you would realize that other people exist and should be treated with respect. No, they're just racists who hate you because of the color of your skin, and everything bad in your life is their fault. You nigger.

Re:AM or FM? (4, Funny)

natehoy (1608657) | more than 4 years ago | (#29915813)

"As God is my witness, I thought packets could fly!"

Re:AM or FM? (1)

MobileTatsu-NJG (946591) | more than 4 years ago | (#29915829)

I wonder if somebody drove around looking for unpatched routers if they'd call it Turkey Bombing.

Re:AM or FM? (2, Informative)

Mikkeles (698461) | more than 4 years ago | (#29917655)

They [faqs.org] can. [wikipedia.org]

Year of the Linux desktop is upon us! (-1, Troll)

Disgruntled Goats (1635745) | more than 4 years ago | (#29915131)

Oombooboo 9.10 Lactating Llama is going to take the desktop by storm! It's got a brand new shit-brown theme and it's got a superior combination of FSpot, Tomboy, Firefox, OOo than any of it's predecessor versions!

Re:Year of the Linux desktop is upon us! (-1, Redundant)

Disgruntled Goats (1635745) | more than 4 years ago | (#29915191)

Oh and if Lactating Llama doesn't capture the desktop, everyone knows that 10.4 Masturbating Moose is going to do it! It's got an even shittier-brown colored theme and it's going to have undergone a serious tweaking of it's packaging of FSpot, Tomboy, Firefox, OOo that will totally r0x0r your b0x0r5.

Re:Year of the Linux desktop is upon us! (-1, Offtopic)

Dunbal (464142) | more than 4 years ago | (#29915565)

Personally I am waiting for Wanking Wallaby...

Re:Year of the Linux desktop is upon us! (0)

Anonymous Coward | more than 4 years ago | (#29915199)

Disgruntled goats, what you've just said is one of the most insanely idiotic things I have ever heard.

At no point in your rambling, incoherent post were you even close to anything that could be considered a rational thought.

Everyone on this site is now dumber for having read it. I award you no points, and may God have mercy on your soul.

Does that mean... (2, Interesting)

Monkeedude1212 (1560403) | more than 4 years ago | (#29915217)

WEP is better? Has it always been better? I used WEP for the longest time until I figured I could set my own (short & easy) password with WPA.
Should I switch back? Not that I expect my neighbours to be leet hackers...

But one time not too long ago I logged into my one of my neighbours unsecured network (no idea who owned it) and noticed they had a printer on the network. So I downloaded the drivers off of HP and then sent a message to their printer telling them they should secure their wireless, and a website to show them how.

Now to you or I, this would seem like a noble act in educating people on good security measures, but everyone else (meaning not computer people) thought that this was an outright invasion of privacy and advised me "Never to attempt that kind of stunt again" (not that I'll listen to them).

Anyways, ever since then I've had this itching feeling that someones going to break into my wireless and show me whats what in a sort of karmic irony.

Re:Does that mean... (3, Informative)

Anonymous Coward | more than 4 years ago | (#29915359)

WEP is not better. Don't use WEP.

WPA2+AES is better.

Re:Does that mean... (4, Insightful)

Anonymous Coward | more than 4 years ago | (#29915373)

WEP is better? Has it always been better?

Sure, keep using WEP. 128-bit WEP takes a very long time to break. Somewhere on the order of 15-30 minutes, in my experience.

Re:Does that mean... (2, Informative)

Random2 (1412773) | more than 4 years ago | (#29915389)

WEP has always been less secure than WPA, especially because you can just brute-force a WEP password.

Stick with WPA2 and you'll be alright for a while.

Re:Does that mean... (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#29915499)

WEP is not better. Don't use WEP.

WPA2+AES is better.

-

WEP takes a very long time to break. Somewhere on the order of 15-30 minutes

-

WEP has always been less secure than WPA

Well thats reassuring. You learn something new everyday.

You're a lazy bastard. You know that, right? (-1, Troll)

Anonymous Coward | more than 4 years ago | (#29915851)

WEP is not better. Don't use WEP.

WPA2+AES is better.

-

WEP takes a very long time to break. Somewhere on the order of 15-30 minutes

-

WEP has always been less secure than WPA

Well thats reassuring. You learn something new everyday.

If you had bothered to do the most basic research with Google or Wikipedia you would have already known this. I know, I know, that would take a whole 2 minutes, it's SO unreasonable to expect you to do that. You must be American. They seem allergic to informing themselves using readily available resources, or to taking any sort of initiative of any kind. Passive, ignorant, stupid, bovine Americans. I bet you're fat too.

Re:Does that mean... (2, Interesting)

Anonymous Coward | more than 4 years ago | (#29915939)

64-bit keys are NOT trivially brute-forceable. Even if you've got a botnet of decent computers, you're probably still looking at weeks. The attacks on WEP, real attacks on severe flaws, typically take about five minutes to produce the key.

Re:Does that mean... (2, Informative)

Korin43 (881732) | more than 4 years ago | (#29917469)

WEP has always been less secure than WPA, especially because you can just brute-force a WEP password.

That's not the problem. You can brute force a WPA-TKIP password if you capture the handshake as someone connects, it just takes a really long time so it's not practical to do anything except a dictionary attack (and that would still take a loooong time). The problem with WEP is that you don't need to brute force the password, you can figure it out by collecting enough data packets. The only think slowing you down is the speed of the network. To give you an idea, I downloaded the example packets from aircrack-ng (basically simulating collecting enough packets from a WEP network), and my computer cracked the password in less than 15 seconds.

Re:Does that mean... (1)

cjb658 (1235986) | more than 4 years ago | (#29917843)

WPA basically generates a new WEP key for each packet. It's a bit more complicated than that, obviously (there must be a pattern that the AP and client can follow).

I've also found a tool [google.com] that lets you run WPA cracks with CUDA or Stream for about a 20-50x speed increase.

Re:Does that mean... (0)

Anonymous Coward | more than 4 years ago | (#29915433)

Anyways, ever since then I've had this itching feeling that someones going to break into my wireless and show me whats what in a sort of karmic irony.

They certainly will if you move back to WEP. WEP isn't just "under attack," it's very, very broken. If you're lucky, WEP makes an attacker wait 15 minutes more than they would have on an unsecured network.

Re:Does that mean... (5, Informative)

natehoy (1608657) | more than 4 years ago | (#29915611)

no. Actually, let me rephrase that... "NO!!!!!!"

WEP has been broken. Terribly, horribly, and completely broken. Not only are attacks possible, they are out there, and they are the data-intercept type. It's somewhat more secure than running Open and hiding your SSID, but not a lot more.

WPA/TKIP has a vulnerability that malformed packets may be inserted in to the data stream. This opens the door for possible attacks. That does not mean attacks are currently possible, nor does it necessarily mean that data-intercept attacks will be possible near-term. You are "nearly safe" running WPA/TKIP. WPA/TKIP uses the same encryption methodologies as WPA but encrypts more data and is a lot harder to break.

WPA/AES has, to my knowledge, no presently-known attack vector vulnerabilities. That can (and probably will) change.

But if your gear is capable of WPA/AES, switch to that. If not, leave it as WPA/TKIP.

And for the love of Pete, switch to a longer password with some nice scrunchy numbers, letters (upper and lower) and a few special characters. 10 total characters should do it if you use the prefix of some phrase and replace a few letters with special characters.

Example: The Lord of the Rings is the Greatest Series Ever Written

TLotRitGSER This is actually a decent-security password, you've got decent length, 11 characters, and some upper/lower goodness.

Now add the concepts that it was originally actually one book, (&1b), and not about the 7 dwarves (!7d) to the end. TLotRitGSER&1b!7d

Seriously secure password, and you're going to remember the hell out of it. Of course, it helps if you use something memorable to you.

Then you'll never go around saying "Amazing! That's the exact same combination I have on my luggage!"

Re:Does that mean... (1)

sexconker (1179573) | more than 4 years ago | (#29915859)

Secure passwords demand nonstandard characters.
Bring up the charmap or memorize your alt codes

dumb slascode filtering out my bells and spanish upside exclamation marks and such!

Re:Does that mean... (0)

Anonymous Coward | more than 4 years ago | (#29917117)

Ya, those are GREAT fun to enter into the psk field on my mobile device.

Which for some brain damaged reason is both obscured AND wont allow a paste.

There's a bunch of reasons it's called wince.

Re:Does that mean... (2, Informative)

Andy Dodd (701) | more than 4 years ago | (#29915879)

If I recall correctly, WPA/TKIP was an "interim" solution intended to be more secure than WEP but compatible with most WEP hardware. As such it had to leverage some of the low-level components of WEP, of which TKIP was one of them.

So effectively, WPA/TKIP has vulnerabilities because it inherited them from WEP.

WPA2/AES eliminates all "WEP heritage cruft".

Re:Does that mean... (3, Interesting)

natehoy (1608657) | more than 4 years ago | (#29916305)

Yes, you're absolutely correct. However, the question was "now that WPA/TKIP is broken, is WEP more secure than it?"

WPA/TKIP has vulnerabilities inherited from WEP, yes, but those vulnerabilities are still hidden behind a layer that, for now, is still protective. Trouble is, people are starting to discover larger and larger vectors for inserting attacks.

The shields are still holding - I haven't heard of a successful data breach or DNS spoof on a WPA/TKIP (someone correct me if there is an actual working breach out there), and there are measures that can be taken (turn off QoS/WMM, update your client stack) that will close the holes.

But only FOR NOW. Upgrading to AES is the correct answer.

Downgrading to WEP is not the correct answer, unless the question is "What security protocol is the easiest to break?"

Re:Does that mean... (0)

Anonymous Coward | more than 4 years ago | (#29915901)

So nice to see that someone else uses this method.

Another method i use for passwords is a sentence with a number sequence as the spacers.
I1Am2A3Fruitcake as a simple example.

Re:Does that mean... (5, Informative)

RedLeg (22564) | more than 4 years ago | (#29916581)

Did you even read the paper or take the time to understand the attack?

I'm one of the authors of IEEE 802.11i. I did, and it's not good.

This is a significant advance in attack technique on TKIP. Get off of TKIP as quickly as you can. NOW.

On one hand, as the paper's authors point out, we got seven years of life out of a band-aid fix that was designed to buy us five. I'm pretty happy with that.

On the other hand, the Beck and Tews attack opened some cracks in the walls, this latest paper wedges that crack further open by a factor of 14, and provides some practical real-world exploit scenarios. The bad guys will come up with more, trust me.

This is bad.

Migrate off of TKIP NOW.

Your advice for the length of a passphrase is off as well, BTW. IEEE 802.11i CLEARLY states that a passphrase of less that 20 characters in length does not offer adequate security.

Use a strategy to choose a LONG, STRONG passphrase. Type it into notepad. Cut and paste it wherever it needs to go to eliminate typo errors.

Cheers.....

Red

Re:Does that mean... (1)

zonky (1153039) | more than 4 years ago | (#29916717)

If there is an effective attack on TKIP, will that also affect WPA2 w/ TKIP as well?

Re:Does that mean... (1)

HomelessInLaJolla (1026842) | more than 4 years ago | (#29917353)

I have often mused that, if one had a low bandwidth trojan on someone's system, the most interesting memory to watch would be the copy and paste buffer.

Re:Does that mean... (1)

owlstead (636356) | more than 4 years ago | (#29918569)

20 characters? That's an entropy of 244 bits if it is completely random (using /only/ upper- and lower case characters). That's a bit much for a complex password like the one mentioned. If the password consists of much easier to guess characters, than 20 characters is probably on the low side. I can understand such a recommendation from some point of view (we'll at least let them choose a long passphrase), but I think it is a bit over the top for well chosen passwords...

And I would recommend to write down the password and put it in a drawer. Chances are that you only need to type it in after your system went fubar, and if that happens, you may have lost your password. Drawers are also very difficult to hack from the internet.

Re:Does that mean... (2, Insightful)

jhfry (829244) | more than 4 years ago | (#29916789)

When I set up a wifi router for someone I always simply generate a random string of letters numbers and special characters then I write it down and stick it to the router.

I figure that you can't get more secure and its not exactly something they need to remember because they type it every day.

Re:Does that mean... (0)

Anonymous Coward | more than 4 years ago | (#29918195)

Some router firmwares (ex. Tomato) actually have a "Random" button for just that. It is also what the SES button on newer Linksys routers does.

Re:Does that mean... (2, Insightful)

mrcaseyj (902945) | more than 4 years ago | (#29916791)

Example: The Lord of the Rings is the Greatest Series Ever Written

TLotRitGSER This is actually a decent-security password, you've got decent length, 11 characters, and some upper/lower goodness.

I'd suggest just using the whole sentence. It would have at least as much entropy and would be more resistant to simple brute force breakage.

And I'm considering giving up on upper case in passwords. The lower case alphabet requires about 5 bits to encode, while adding uppercase only requires one more bit. I suspect that just making the password 25% longer would be about as easy to remember, and a lot faster to type.

Re:Does that mean... (1)

vadim_t (324782) | more than 4 years ago | (#29917571)

Actually, it will have a LOT more entropy.

Going by brute force, there are 98569 lines in my /usr/share/dict/words. Double that to account for that some words are capitalized.

There are only 26 characters, double to account for uppercase.

197138 ^ 11 is a much bigger number than 52 ^ 11. Of course it's also longer to type. But if brute force resistance is what you want it makes no sense to weaken it.

Re:Does that mean... (1)

CompMD (522020) | more than 4 years ago | (#29916795)

"you've got decent length, and some upper/lower goodness." ...that's what she said.

Re:Does that mean... (1)

MadFarmAnimalz (460972) | more than 4 years ago | (#29917201)

Example: The Lord of the Rings is the Greatest Series Ever Written TLotRitGSER This is actually a decent-security password, you've got decent length, 11 characters, and some upper/lower goodness. Now add the concepts that it was originally actually one book, (&1b), and not about the 7 dwarves (!7d) to the end. TLotRitGSER&1b!7d Seriously secure password

Except you actually got it wrong.

and you're going to remember the hell out of it.

Sure doesn't look like it. :)

Re:Does that mean... (1)

natehoy (1608657) | more than 4 years ago | (#29917797)

Extra layer of security, or a typo? You decide. :)

Good catch. LOL

Re:Does that mean... (1)

changa (197280) | more than 4 years ago | (#29917291)

Dude! TLotRitGSER&1b!7d is the combination I have on my luggage!

Re:Does that mean... (0)

Anonymous Coward | more than 4 years ago | (#29917693)

Perfect! That's a great password! I'm using that for everything!

Re:Does that mean... (0)

Anonymous Coward | more than 4 years ago | (#29918425)

Haha!! I hacked ur /. account and am posting under ur name!! Sucka!!

Re:Does that mean... (2, Interesting)

Jasonv (156958) | more than 4 years ago | (#29918093)

And for the love of Pete, switch to a longer password with some nice scrunchy numbers, letters (upper and lower) and a few special characters. [..snip]..Seriously secure password, and you're going to remember the hell out of it. Of course, it helps if you use something memorable to you.

Then you'll never go around saying "Amazing! That's the exact same combination I have on my luggage!"

I have my router set up without a password, and the SSID set to "Bring beer to Apt. 243".

Since then, I've had the pleasure of meeting a few of my neighbors and drinking beer with them.

Re:Does that mean... (1)

Prune (557140) | more than 4 years ago | (#29918095)

SSID hiding is NOT security.

Re:Does that mean... (1)

Prune (557140) | more than 4 years ago | (#29918137)

This password seems too short. For AES256 much longer passwords are recommended by security-specific programs; for example, Truecrypt complains if the password has anything less than 20 characters.

Re:Does that mean... (1)

tolomea (1026104) | more than 4 years ago | (#29915739)

WEP - old very broken WPA with TKIP encryption (aka WPAv1) - aging and showing it WPA with AES encryption (aka WPAv2) - best currently available

Re:Does that mean... (0)

Anonymous Coward | more than 4 years ago | (#29915937)

When I was in college and the residential network was very new, I was snooping around and I found an unsecured c: drive shared. So I left a very sternly worded text file on his desktop telling him what he had better do to secure his system. A couple of days later I read in the campus newspaper about how someone had experienced a hacker leaving a harassing and malicious message on his computer, and reminding everyone that if such hacking was caught it would be bad news for him.

Re:Does that mean... (1)

khellendros1984 (792761) | more than 4 years ago | (#29916621)

I did something similar once. It was in college, and someone had brought the family computer to school, complete with r/w shared C drive. I left a shortcut in their startup folder to run notepad c:\warning.txt, telling them the problem, and either fix it themselves, or to find a geek to fix it for them. I met that person later....she was actually pretty hot. Nothing came of it though =/

Re:Does that mean... (0)

Anonymous Coward | more than 4 years ago | (#29916141)

I recently broke a WEP protected network. It was rather easy.
Stick with WPA

Re:Does that mean... (1)

khellendros1984 (792761) | more than 4 years ago | (#29916647)

I was staying at my aunt's house one time, and she didn't know how the wireless worked. She was a little annoyed that I was able to break into her connection in under 10 minutes though.

Re:Does that mean... (1)

Brianwa (692565) | more than 4 years ago | (#29916287)

You found someone kind enough to share their internet connection, so you wasted their ink and paper. Nice.

Re:Does that mean... (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#29916565)

The cost of a single piece of paper and the amount of ink I would have used is trivial to me being able to deny them internet access. They had it completely open, broadcasted the SSID, and left the router with the default username and password. I could have locked them out from their own internet if I had wished it. Sure, they could press the button on the bottom to restore factory defaults, but then I could do it over and over again. Or, if I were in the business of stealing personal information, I would have had very little standing in the way.

If they wanted to share, they should have at least locked down access to the rest of their network (PC, Printer, Router/Gateway).

If you leave your car unlocked and someone uses your pen and post its to tell you to lock your car, are you going to be pissed?

Re:Does that mean... (1)

shentino (1139071) | more than 4 years ago | (#29917791)

I would if they left the post-it where a would-be thief could read it, be informed the car was unlocked, and then rob me for real.

They'd even be potentially aiding and abetting in this case.

I would appreciate the post-it PROVIDED it was left somewhere only I could see it...after I get back in the car.

Leaving a public message on their printer is like sticking a "kick me" note on someone's back.

Antisocial (1)

ratboy666 (104074) | more than 4 years ago | (#29917031)

I leave my wireless connection "unsecured". Sure, the neighbours use it, and people needing iPod Touch location services.

I figure it's just good social behaviour. If I need network access when I'm "out and about", I will use someone else's wifi.

Just don't be a 'leet hacker asshole.

Re:Antisocial (1)

cjb658 (1235986) | more than 4 years ago | (#29917921)

Location based Wifi actually doesn't need to connect to an AP, it just looks its MAC address up in a database, such as this one [wigle.net] .

Even if you have WPA2/AES, your AP still broadcasts this information.

Re:Antisocial (1)

jroysdon (201893) | more than 4 years ago | (#29918555)

While that might seem nice, it's actually pretty stupid, on both parts (sharing, and using "shared" resources).

Two points, first is that you're opening yourself up to having all your gear seized by the police when you leave things open. How/why? How 'bout your neighbor has an interest in child porn? How 'bout your neighbor uses your internet to send death threats to the President of the United States and guess what, the Secret Service will have your address from your ISP in no time and you'll probably have fun, again with your gear taken and sitting in jail until it all gets sorted. What if your neighbor shares movies/music non-stop and your ISP decides to cut you off? Most likely sharing your internet outside of your household violates their ToS.

At the very least, you should require users to create accounts and use those and that you log access times (and perhaps dns queries or some proof of where they went). When I used to run an open AP, I did that with NoCatAuth (some form of that project is still around). Then should any of these things happen, you could at least have some "proof" that it wasn't you. Granted, your equipment is still seized while you fight this, or you're still offline until you promise to shutdown/limit your access.

Ok, the second point is that, at least here in the US, you're actually committing theft of computer services and unauthorized access when you use someone's "shared" AP without permission. Yeah, I know it's really lame. Unless you have written proof somewhere (like on a sign at a college or in a hotel lobby), or at least connecting to an SSID labelled "somesite-public" so you can say it was open to the public, you're asking for it legally.

A final thought of how stupid it is to use any old open AP is that you're ripe for a M-i-t-M attack and giving up all your account info. You can disagree all you want, all you have to do is look and see all the security issues that come up with this and how SSL really isn't a solution as it is constantly found to be broken.

What I do to prevent such problems is to use a "Guest" firefox profile to login to the ToS or whatever a public place may have and "sign in" to their system if I have to auth somehow. Once that is up, iptables blocks all outbound traffic from my laptop except to my remote proxy server which I SSH to and forward all my traffic. No M-i-t-M attack is possible here since I already have my SSH server's public key stored and that server had my public key, and the only traffic they see is AES-256bit SSH. Nothing else can even leave/leek out of my box thanks to iptables blocking it (dns likes to leak from a lot of apps, and SOCKS proxying will not do DNS and always leak unless you use something like privoxy).

Anyway, I just don't have time to deal with the police or my ISP should someone else do something stupid. I have "PRIVATE" in my SSID string (no excuses for unauthorized access) use WPA2/AES, have MAC address filtering, and only allow SSH access into my host server from my AP to my LAN. Again, I don't trust wireless, even at home. Should WPA2/AES found to be broken and someone spoofs my MAC address, they cannot get anywhere but to my hardened SSH host. A little bit of protection and security mindset goes a long way. This works in a corp setting as well, replacing SSH with VPNs (only allow access from the wireless to your VPN server/firewall, etc.).

Re: WHY would you "secure" a WLAN? (1)

xiando (770382) | more than 4 years ago | (#29917035)

But one time not too long ago I logged into my one of my neighbours unsecured network (no idea who owned it) and noticed they had a printer on the network. So I downloaded the drivers off of HP and then sent a message to their printer telling them they should secure their wireless, and a website to show them how.

I run my WLAN open, or "unsecured", intentionally and encourage everyone to do the same. Your neighbors are good people who leave their network open, so why would you be rude and abuse their printer?

The Internet DOES NOT MAGICALLY BECOME SECURE by using encryption on a local wireless network. No. If you are talking https then you have end-to-end encryption. If you are talking http then you do not. These are the facts regardless of you using encryption 10 feet between your laptop and your router.

If you want real security then use end-to-end encryption. If you do that then it no longer matters if that end-to-end encrypted connection goes encrypted or unencrypted through the air locally. "Securing" wireless networks in pointless and rude. It provides no security beyond your local network and it makes it harder for those good folks next door or folks who happen to park their car within range who want to update their facebook status or something.

Re: WHY would you "secure" a WLAN? (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#29917189)

Or those guys who just moved in, wanting to eat up your bandwidth downloading music and playing world of warcraft without paying for their own internet service?

Thinking that you shouldn't secure a wireless network is ridiculous. Do you leave your door open and encourage people to use the washroom? Do you leave your keys in the ignition to encourage your neighbours to do their grocery runs with your car?

If so, you are a very unique, not to mention naive character, who will only be taught once they get scammed.

May sound cynical, but my motto is: Assume the worst of people you will never meet.

Re: WHY would you "secure" a WLAN? (1)

cjb658 (1235986) | more than 4 years ago | (#29917955)

SSL doesn't always mean secure either.

See the third video here: http://www.defcon.org/#earlyVids [defcon.org]

Re: WHY would you "secure" a WLAN? (1)

jroysdon (201893) | more than 4 years ago | (#29918615)

If there were not evil people in the world and laws that will get you in hot water should that evil person use your network in a bad way, I'd agree. That's not the world we live in.

Yes from your LAN to the internet is wide open, all email from your ISP to another ISP is in the open (GPG if you care), but for me that's not the point of securing my WLAN. It's securing who accesses my internet connection which is tied to me personally, and without physically being in my home/office, WLAN is the only way to do so, so that's why I secure it.

I have a longer reply about this and the reasoning here:
http://mobile.slashdot.org/comments.pl?sid=1423971&cid=29918555 [slashdot.org]

Does anyone know... (3, Insightful)

Lord Ender (156273) | more than 4 years ago | (#29915263)

Why did they invent a (well, multiple) new encryption algorithm(s) for WiFi? Any competent security specialist will tell you that using an established encryption algorithm is always the wise choice. Did the people behind WiFi simply lack competence? Not Invented Here?

Re:Does anyone know... (1)

lukas84 (912874) | more than 4 years ago | (#29915453)

I think it was all about money. At the advent of Wireless networking, AES would've been expensive to implement.

Re:Does anyone know... (1)

afidel (530433) | more than 4 years ago | (#29916103)

802.11b predates AES by quite a few years.

Re:Does anyone know... (1)

KlaymenDK (713149) | more than 4 years ago | (#29918601)

I think it was all about money. At the advent of Wireless networking, AES would've been expensive to implement.

802.11b predates AES by quite a few years.

Well, there you go, then. That would make it rather expensive.

By the way, if anyone's interested in time travel, meet me at the mall last Thursday.

Re:Does anyone know... (0)

Anonymous Coward | more than 4 years ago | (#29915487)

Yes, I agree! Everyone should have just stuck with WEP. Damn the consequences! The first product available is always the best there will ever be.

Re:Does anyone know... (1)

Lord Ender (156273) | more than 4 years ago | (#29915599)

Uh... Mr. Coward, WEP and TKIP are both examples of (failing to) reinvent crypto.

Re:Does anyone know... (5, Informative)

salahx (100975) | more than 4 years ago | (#29915579)

WEP is "Wired Equivalent Privacy". It wasn't supposed to be very strong - about a secure a regular wired network. However, it wasn't known back then just HOW weak it was. As a stopgap measure, WPA PSK (TKIP) was created. Since it uses the same algorithm as WEP, (RC4), existing equipment could be easily upgraded with just a firmware/software update. A long-term solution WPA2 PSK (AES) was created as well.

WPA-PSK (TKIP) is still far, far better than WEP by many order of magintude, but WPA2-PSK is better, and if all you wireless devices support it (in particular the Nintendo DS DOES NOT, The DSi does, but not for DS games), then that preferred.

Re:Does anyone know... (1)

Ash-Fox (726320) | more than 4 years ago | (#29918049)

WPA-PSK (TKIP) is still far, far better than WEP by many order of magintude, but WPA2-PSK is better, and if all you wireless devices support it (in particular the Nintendo DS DOES NOT, The DSi does, but not for DS games), then that preferred.

Shame my Nintendo DS doesn't support it.

Re:Does anyone know... (1)

MobyDisk (75490) | more than 4 years ago | (#29915671)

They did it because the existing router hardware and wireless network card hardware was not capable of AES. It was a temporary solution that no one should be using any longer. WPA2 is the current established secure protocol, and it uses AES which is not a specialized algorithm.

Not quite correct (1)

Andy Dodd (701) | more than 4 years ago | (#29915973)

They didn't use AES because AES didn't yet exist. (Or, to be specific, was very early on in the algorithm competition to determine which one would become the standard.)

Rijndael was chosen as the AES winner by NIST in 2001. WEP was finalized in 1997.

At that point, I believe DES was already known to have issues.

Re:Does anyone know... (2, Insightful)

tecker (793737) | more than 4 years ago | (#29915687)

Well. This attack is used on the less robust TKIP protocol. AES is much stronger. Here is the break down (from my memory weakest to strongest):
  1. WEP
  2. WPA/TKIP
  3. WPA/AES
  4. WPA2/TKIP
  5. WPA2/AES

WEP Came first. It was one of those "oh we need security" bits. It's about what you would have on a wired network. Yea, no, not really. Broadcast != Hardwire so that quickly began being broken. Collisions were found. Time for something stronger

WPA came next but it was a bit advanced and all of these older machines didn't have really good processing in them and AES was a bit to intensive so the came up with WPA/TKIP. Lighter encryption but the old devices could pull it. WPA/AES came out around the same time and was stronger but the encryption had a bigger processing overhead.

Then WPA2 (802.11i) came about with further layers and was what really should have been from the start. Backwards compatibility was a problem here and key to adoption. TKIP stayed as some machines didn't take AES very well. WPA2+AES was the real place most will tell you to be. The whole multiple things was just getting protection out there on a technology that was rapidly falling apart.

Here is an analogy. US went to war with nearly unprotected Humvees (WEP). They worked well and they did their job. But attackers just blew right through it. So in an effort to get things locked down they welded plates of metal on the Humvee (WPA) some machines could handle more (AES) some less (TKIP). The military went back and developed a new technology similar to the quick field fix and came up with the Armored Humvee (WPA2) with good protection all around and made it standard (802.11i). Still defeatable but it can take a lot more.

There. I'm sure it would have been easier to find a wikipedia article and link to that but I was bored.

Re:Does anyone know... (1)

tecker (793737) | more than 4 years ago | (#29915745)

Yea knew I should have looked around. Here. Wikipedia on WPA will tell the story [wikipedia.org] . Salahx and MobyDisk have it right. It was all stop-gapping. Which is why you have a sprawling landscape of security options.

Re:Does anyone know... (1)

sexconker (1179573) | more than 4 years ago | (#29915887)

I would swap the positions of 3 and 4.

Re:Does anyone know... (1)

AHuxley (892839) | more than 4 years ago | (#29918581)

The US military went back and bought old tech from 1980's South Africa's used during bush wars.
They did a MS and innovated :)
As for WPA2/AES, my only thought is cat6/5 or optical your house if you want networking.

Nothing to see, move along (2, Informative)

sadler121 (735320) | more than 4 years ago | (#29915299)

This tells us nothing more than we knew before. Stop using WPA/TKIP and switch to WPA2/AES

Re:Nothing to see, move along (0)

Anonymous Coward | more than 4 years ago | (#29915503)

The first time that it was posted an attack on TKIP was even possible I switched everything to AES at work. I guess the big deal is IT admins who keep their heads in the sand and -dont- go for the (currently) unhackable technology.

Re:Nothing to see, move along (1)

Ash-Fox (726320) | more than 4 years ago | (#29917977)

The first time that it was posted an attack on TKIP was even possible I switched everything to AES at work. I guess the big deal is IT admins who keep their heads in the sand and -dont- go for the (currently) unhackable technology.

Would have made more sense to me if you had used ipsec.

Re:Nothing to see, move along (1, Informative)

Anonymous Coward | more than 4 years ago | (#29915563)

WPA/AES is safe, too. My Wii doesn't seem to like my router's implementation of WPA2.

Re:Nothing to see, move along (1)

CastrTroy (595695) | more than 4 years ago | (#29915647)

I have an older router that doesn't support WPA2/AES. TKIP is the best thing you can use. Guess I have to buy new hardware.

Re:Nothing to see, move along (1)

jpe30 (1538069) | more than 4 years ago | (#29915843)

Check to see if you can use DD-WRT ( http://www.dd-wrt.com/site/index [dd-wrt.com] ) with your router. This way you don't need to buy entirely new hardware! :)

Re:Nothing to see, move along (2, Interesting)

glarbl_blarbl (810253) | more than 4 years ago | (#29916449)

DD-WRT is sweet, I've been using it for a couple of years now. The best feature for me is WDS (a distributed wireless network, I use it to wirelessly bridge my house and recording studio about 75m away). Unfortunately, I found a barely-documented bug which prevents WDS from operating with WPA2-PSK/AES encryption. It tends to lose the connection and not regain it until you stand on one foot and unplug both routers while whistling "God Save the Queen". Apparently the answer is to use TKIP, so now I'm using WPA2-PSK/TKIP. I'm thinking I'll move to RADIUS eventually, once I buy a Snow Leopard Server license ;)

Re:Nothing to see, move along (1)

DittoBox (978894) | more than 4 years ago | (#29915889)

You may wish to check for some replacement firmware from DD-WRT before buying new hardware. I've used DD-WRT for years and love it!

http://dd-wrt.com/site/index [dd-wrt.com]

New Improved Attacks on Obsolete Standards! (1)

Tumbleweed (3706) | more than 4 years ago | (#29915511)

News at 11!

Wake me when someone's got something on WPA2.

I think someone should post a story about bugs in zmodem.

Re:New Improved Attacks on Obsolete Standards! (2, Interesting)

CannonballHead (842625) | more than 4 years ago | (#29915703)

Please provide your definition "obsolete."

Google provides disused: no longer in use; "obsolete words"

WEP isn't even obsolete, let alone WPA. Many people still use "old" standards. Not everyone keeps up to date with the latest wireless security. Many have unsecured networks. Many use WEP just to keep off annoying neighbors. I don't know anyone that uses WPA2+AES at home. I take it back, I do know one person that does.

Re:New Improved Attacks on Obsolete Standards! (1)

Tumbleweed (3706) | more than 4 years ago | (#29916007)

WEP isn't even obsolete, let alone WPA. Many people still use "old" standards. Not everyone keeps up to date with the latest wireless security. Many have unsecured networks. Many use WEP just to keep off annoying neighbors. I don't know anyone that uses WPA2+AES at home. I take it back, I do know one person that does.

WEP is obsolete and so is WPA. People still drive Model T cars - that doesn't mean they're not obsolete. Hell, lots of people still use *IE6*!

I've been using WPA2+AES at home for quite some time. :)

Re:New Improved Attacks on Obsolete Standards! (1)

CannonballHead (842625) | more than 4 years ago | (#29918099)

The Slashdot sample of wireless encryption users may be different than most samples, hehe...

I don't think WEP nor WPA are obsolete. People still use it fairly regularly, if anything at all.

They SHOULD be obsolete - I'll agree with that statement... :)

Re:New Improved Attacks on Obsolete Standards! (1)

Tumbleweed (3706) | more than 4 years ago | (#29918235)

The Slashdot sample of wireless encryption users may be different than most samples, hehe...

I don't think WEP nor WPA are obsolete. People still use it fairly regularly, if anything at all.

As I said, just because people are still using something, that doesn't mean it isn't obsolete. WEP & WPA *are* obsolete. Unfortunately, people are still using older hardware, as well as installing stuff without knowing how to configure it. IE6 is a good example - (VERY) obsolete technology, still in wide use.

I think AP manufacturers should make it MORE difficult to use their equipment in unsecured or WEP/WPA mode than the other way around. I doubt most people really want to run an unsecured access point, though that's just a guess.

Re:New Improved Attacks on Obsolete Standards! (1)

Jesus_666 (702802) | more than 4 years ago | (#29916733)

One of my routers is set up to support any combination of WPA, WPA2, TKIP and AES (the weaker ones for compatibility, the stronger ones because it supports them). The other one only supports WPA+TKIP but it works and thus won't be replaced unless WPA+TKIP security devolves quite a bit farther.

Just in time! (4, Interesting)

AmiMoJo (196126) | more than 4 years ago | (#29915537)

The timing of this new attack could not have been better - the day after the UK government announces they want to introduce a "three strikes" rule before disconnecting suspected file-sharers.

I imagine this must be a massive headache for ISPs who have been shipping routers with WPA/TKIP enabled for compatibility (i.e. a lot of them). Suddenly their routers need remotely updating and they have to hope that most of their customer's wifi drivers will cope with the move to AES.

Re:Just in time! (1)

John Hasler (414242) | more than 4 years ago | (#29915907)

> Suddenly their routers need remotely updating...

Why would they see a need for updating? It certainly won't come from customer demand.

Re:Just in time! (2, Informative)

natehoy (1608657) | more than 4 years ago | (#29916029)

Alternatively, they could simply turn off QoS/WMM and buy a little more time, since that is (currently) a requirement for this specific attack vector, according to the submitted paper.

There are also fixes available to TKIP that could extend its life a little longer.

But, yeah, it's time to go AES.

Having said all that, I fear the backlash from people who have routers that are only capable of WEP and WPA/TKIP and decide WPA/TKIP is "less secure" because no one is talking about how insecure WEP is any more. Given a choice, WPA/TKIP is still the better selection of the two. As far as I know, no one has demonstrated or claimed the ability to actually compromise the datastream in WPA/TKIP, though I'm sure that's a matter of time.

3 little pigs analogy:
Open = living under the stars. Wolf eats you now.
Opwn/hidden SSID = living under the stars with a wet paper towel as a shield. Wolf eats you in 2-3 seconds.
WEP = straw house. Wolf eats you in 5 minutes.
WPA/TKIP = wooden house with reinforcements. Wolf hasn't figured out how to eat you yet, but it's a matter of not much time before he does. Change or wolf will eat you soon.
WPA2/AES = Sealed concrete bunker 100 feet underground. Wolf will figure out how to get into it eventually, but you're safe for a while.

Nothing is ever permanently secured against the wolf. Eventually WPA2/AES will be broken and we'll be on to the Next Big Thing. But for now, I'd call WPA/TKIP "OK for home use, but start shopping for a router and new wireless gear, like, right now."

Re:Just in time! (1)

phillips321 (955784) | more than 4 years ago | (#29916295)

WPA2/AES = Sealed concrete bunker 100 feet underground. Wolf will figure out how to get into it eventually, but you're safe for a while.

If he doesn't figure out how to get in there soon your going to die anyway: Sealed means Sealed; no oxygen in, no nasty carbon dioxide out......

Re:Just in time! (1)

fireylord (1074571) | more than 4 years ago | (#29916687)

surely you'd have time to get a fire or 2 going, not sure the wolf would come near then. . .

Re:Just in time! (1)

a-zarkon! (1030790) | more than 4 years ago | (#29917021)

If you're *that* concerned, consider establishing and IPSEC tunnel across your WLAN. Yes, you will have additional headaches with this, more software, more configuration, and likely more hardware too. However IPSEC tunnel trumps all of the above in my opinion, and should hold up longer than WPA2/CCMP (aka WPA/AES). You could maybe use SSL VPN, but I'm a bit of a paranoid curmudgeon and I've got some concerns about the longterm security of many SSL VPN implementations. This is purely my opinion, offered freely on /. so use your best judgment.

Additional thoughts to ponder on WiFi:
1) All your packets belong to Bob, as Bob has a card in monitor mode and he can pluck them from the air and write them to a cap file. Bob can keep your packets until there is a hole identified with your security. He might even share them with people who are more clever than he is and better able to crack them.
2) Your WiFi works because Bob doesn't feel like spending the time to DoS you right now. Bob isn't terribly 133t, but then he doesn't need 133tness to DoS you.
3) If you're really doing something that must remain confidential - maybe you shouldn't be doing it over wireless in the first place.

Re:Just in time! (0)

Anonymous Coward | more than 4 years ago | (#29918325)

Pretty much any layer of security you use is likely to use AES. If AES is broken, you are in trouble no matter how many layers of it you are using.

Short information about current Wireless Hacking (5, Informative)

zukinux (1094199) | more than 4 years ago | (#29916567)

In-order to hack WEP it's quite simple today, you need to do the following :
1) Listen to packets going through (monitor mode)
2) Force people to send more packets using arp-replay packets or specially crafted packets
3) Capture about 25000 packets and make an crypto analysis [the more packets you capture, more chance you'll be able to decrypt the password] about this packets to get password


In WPA1/2 it's quite different :
1) Listen to packets going through in monitor mode
2) Wait un-till you capture a connection-login handshake (it's 2 packets both ways = 4 packets)
3) After you capture packets in 2, you need to do Dictionary attack on the captured session login. If that word isn't in your dictionary, you're screwed.

That's why a current wireless hacking methods against a strong not-in-dictionary WPA(PSK) password will be quite hard (if possible) to hack these days.

Just so we all be cleared.

Re:Short information about current Wireless Hackin (0)

Anonymous Coward | more than 4 years ago | (#29918001)

Small note of warning, not all routes like the arp-replay and crafted packets. Some low cost routers die from an arp 'flood', requiring a reboot.

There still isn't a proper actual password crack (0)

Anonymous Coward | more than 4 years ago | (#29916905)

Is there? I'm pretty sure you can't actually obtain the password like WEP, or am I wrong?
Let me know asap, I'm low on my monthly quota for downloads! ...
Oh Australia.... :(

Re:There still isn't a proper actual password crac (0)

Anonymous Coward | more than 4 years ago | (#29917925)

You're wrong.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...