Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Wi-Fi WPA2 Vulnerability Found

kdawson posted more than 3 years ago | from the keep-your-enemies-closer dept.

Security 213

BobB-nw sends along news based on yet another press release in advance of the Black Hat conference: a claimed vulnerability in WPA2 Enterprise that leaves traffic open to a malicious insider. "...wireless security researchers say they have uncovered a vulnerability in the WPA2 security protocol, which is the strongest form of Wi-Fi encryption and authentication currently standardized and available. Malicious insiders can exploit the vulnerability, named 'Hole 196' by the researcher who discovered it at wireless security company AirTight Networks. The moniker refers to the page of the IEEE 802.11 Standard (Revision, 2007) on which the vulnerability is buried. Hole 196 lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network, and compromise other authorized devices using open source software, according to AirTight. 'There's nothing in the standard to upgrade to in order to patch or fix the hole,' says Kaustubh Phanse, AirTight's wireless architect who describes Hole 196 as a 'zero-day vulnerability that creates a window of opportunity' for exploitation." Wi-Fi Net News has some more detail and speculation.

Sorry! There are no comments related to the filter you selected.

so, not a hole (2, Insightful)

Bizzeh (851225) | more than 3 years ago | (#33017398)

so rather than a hole, its more a forced proxy? a user who knows your password, is decrypting your traffic, and re-broadcasting it with different content... if this user has your password, you need to have a think about who you give your password to

Re:so, not a hole (5, Insightful)

Iwanowitch (993961) | more than 4 years ago | (#33017510)

Unless the wifi network is at a Starbucks, a university or a corporation.

That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.

Re:so, not a hole (4, Insightful)

Culture20 (968837) | more than 4 years ago | (#33017590)

That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.

How's he do that? Am I relying on WPA2 as my only encryption across the 'net?

Re:so, not a hole (1, Insightful)

Anonymous Coward | more than 4 years ago | (#33017682)

That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.

How's he do that? Am I relying on WPA2 as my only encryption across the 'net?

if you're dumb enough to do that for anything important to you, especially when using a wireless network you do not own, then you pay the stupidity tax. that's all. seems fair enough to me so long as no one is representing WPA2 as the be-all and end-all of perfect security, and in that case the unfairness is limited to that person or corporation only.

Re:so, not a hole (4, Insightful)

jijacob (943393) | more than 4 years ago | (#33017766)

ssh -D is just a terminal away.

Re:so, not a hole (1, Insightful)

houghi (78078) | more than 4 years ago | (#33017902)

Yeah, stupid standard users who have no idea. Luckily we are the elite, so we are not affected. Right?

Re:so, not a hole (0)

Anonymous Coward | more than 4 years ago | (#33017982)

Yes, because Slashdot has so many elite people.

Re:so, not a hole (0, Insightful)

Anonymous Coward | more than 4 years ago | (#33018056)

Yeah, stupid standard users who have no idea. Luckily we are the elite, so we are not affected. Right?

what an absolutely predictable response. yes people who can inform themselves about important matters such as their own security, with freely available information, at their own leisure and at the cost of only a bit of effort, who then refuse to inform themselves are stupid. that's correct. there is nothing wrong with saying so. they aren't stupid because their actions are not likable, they are stupid because they do not look after their own interests. they are especially stupid because they view education as something that only a teacher or professor can give to them.

let's get this part straight. an action that harms or potentially harms others in order to benefit yourself is selfish. an action that harms or potentially harms you in order to benefit others is sacrificial and altruistic. an action that harms or potentially harms you while benefitting no one else is stupid. it's really that simple. if stupidity is painful it is not because i frown upon it, it is because it is inherently a self-defeating idea.

now, i wish all instances of an "elite" were like this one. anyone who is literate and wishes to join this "elite" can find lots of excellent documentation for free literally at the touch of a button. they will find it for audiences ranging from beginner/entry-level to experienced expert and anything in-between. the willingness to do some reading and educate oneself is the only barrier to entry for joining this "elite".

want to talk about financial and industrial elites? how about governmental or military elites? think those are so easy to join up with? didn't think so.

besides, one need not become an expert in computer security. you don't have to comprehend encryption algorithms or the cryptanalytic techniques used to compromise them. you don't need to be a programmer. all you have to do is understand that when you are using someone else's network, you have no default expectation of privacy and should plan accordingly. you don't have to understand how SSL works to know that it is a remedy for this situation, same deal with a VPN. an idiot is capable of understanding that.

i would love to see how you respond to this. it is likely though not certain that you will read it, but will not respond to it. after all you might want to save face and all of that, and that is hard to do with a childish and utterly predictable response like the one you have committed yourself to.

Re:so, not a hole (1)

greentshirt (1308037) | more than 4 years ago | (#33018098)

whoosh

Re:so, not a hole (0)

Anonymous Coward | more than 4 years ago | (#33018206)

whoosh

and a "whoosh" for you sir. i think it was Shakespeare who said that in every jest there is a kernel of truth. it was that kernel of truth which I was addressing. the kernel of truth is that guy's belief in the old, time-worn notion that expecting people to take an active role in protecting their own interests is some kind of horrible elitism, or that they are totally innocent victims free of any possible fault when they fail to do so and suffer as a result.

besides which, the notion that a serious post that raises valid points could arise as a response from a non-serious or less-serious post is not really so absurd. in this world, far more strange things happen every day. care to respond to any valid points, or would you rather pat yourself on the back for your one-word dismissal of a post?

Re:so, not a hole (0)

Anonymous Coward | more than 4 years ago | (#33018196)

I'm thinking most people read their email on their web browser on a site that hopefully is transmitted over https. Google's IMAP and SMTP don't even allow you to fuck it up, they don't talk to you unless you encrypt.

Re:so, not a hole (4, Interesting)

squiggleslash (241428) | more than 4 years ago | (#33018324)

In my experience, the most popular email system out there is Yahoo! Mail, and the web interface doesn't do any encryption except for the logging in process.

Frankly though, email should generally be considered insecure anyway. It's usually transmitted, somewhere along the chain, in plain-text, and you only have (limited) control over your own connection, not the connection of the party you're communicating with. The pseudo-elitists posting here claiming that they're OK because, unlike the great unwashed, they use HTTPS when they connect to their web mail, are fooling themselves.

Re:so, not a hole (2, Insightful)

Anonymous Coward | more than 4 years ago | (#33017598)

Not through my SSL or VPN connection, he can't.

Re:so, not a hole (1)

blai (1380673) | more than 4 years ago | (#33018048)

given that you trust what the server does with you?

Re:so, not a hole (2, Funny)

Anonymous Coward | more than 4 years ago | (#33017924)

Creepy guy? Wow, you sound like an ignorant female. Laughing aloud.

Re:so, not a hole (1)

RAMMS+EIN (578166) | more than 4 years ago | (#33018306)

``Unless the wifi network is at a Starbucks, a university or a corporation.

That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.''

Not unless he also knows how to break SSL. I've never assumed that any path between me and my mail server was secure, whether wired or wireless, WEP or WPA. So I only read mail over end-to-end encrypted protocols. Of course, most people still send e-mail through unencrypted SMTP, and without very reliable authentication, so I assume neither that e-mail is private, nor that it comes from whom it purports to come from. The protocols just don't work that way.

Re:so, not a hole (0, Redundant)

John Hasler (414242) | more than 4 years ago | (#33017528)

> ...if this user has your password...

Where does it say that?

Re:so, not a hole (0)

Anonymous Coward | more than 4 years ago | (#33017558)

in the summary. read it.

Re:so, not a hole (1)

davester666 (731373) | more than 4 years ago | (#33017560)

"internal, authorized Wi-Fi user"

This would be a person with the password to your Wi-Fi network.

Re:so, not a hole (0, Redundant)

John Hasler (414242) | more than 4 years ago | (#33017668)

> This would be a person with the password to your Wi-Fi network.

Individual sessions are supposedly secure from each other. I don't see how that's possible without some sort of out-of-band key exchange (i.e., a different password for each user).

Re:so, not a hole (5, Interesting)

fwr (69372) | more than 4 years ago | (#33017702)

Sigh. Understand the protocol before commenting, or at least RTFA. There IS an individual key per user. But, there is also a shared key used for broadcast traffic. The problem is that the shared key is not authenticated, so a user who knows the shared key (i.e., anyone with access to the wireless network), can use the shared key to spoof the AP and send messages to other users, and force them to give up or change their unique per-user keys. A "fix" would be getting rid of the shared key for broadcast, but that would require the AP to send a separate "broadcast" packet to each user individually, using their unique per-user key, instead of just one packet.

Re:so, not a hole (1, Troll)

John Hasler (414242) | more than 4 years ago | (#33017726)

> Understand the protocol before commenting, or at least RTFA.

What, and break with Slashdot tradition? Don't be silly.

Re:so, not a hole (2, Insightful)

MagicM (85041) | more than 4 years ago | (#33017948)

can use the shared key to spoof the AP and send messages to other users, and force them to give up or change their unique per-user keys

I haven't read the spec, but it seems odd that per-user keys would be given up or changed in response to a broadcast message. Could this attack be mitigated by only performing these kinds of actions in response to direct, non-broadcast messages?

Re:so, not a hole (0)

Anonymous Coward | more than 4 years ago | (#33018200)

A "fix" would be getting rid of the shared key for broadcast, but that would require the AP to send a separate "broadcast" packet to each user individually, using their unique per-user key, instead of just one packet.

No, you can keep broadcast traffic with a shared key, but it would require some sort of public-key signature, OR require sending multiple MACs (message authentication code - http://en.wikipedia.org/wiki/Message_authentication_code ) in the broadcast (one MAC for each client, using the individual client's shared secret).

Then again, perhaps it's easiest to abandon most broadcast.

Re:so, not a hole (2, Interesting)

bitslinger_42 (598584) | more than 4 years ago | (#33018276)

The real fix would be to get users to realize that there's no such thing as a secret when you're yelling loud enough that people a half a block away can hear you. Even if you're talking in code, chances are, if someone really wants to screw with you, they'll figure out how.

Wireless networking is a convenience, and at Layer 2, there probably isn't much that can be done to secure traffic. If you want secure, either use your own encryption (IPSEC, SSL/TLS, SSH, etc.) or use a wire.

Re:so, not a hole (1)

Kral_Blbec (1201285) | more than 4 years ago | (#33017578)

> ...if this user has your password...

Where does it say that?

whereby an internal, authorized Wi-Fi user

This is stupid. Its basicly saying that if someone knows your wireless key they can decrypt your wireless traffic. Any web based email should use another layer of encryption via https anyway. I'm too lazy to read the article, but is there mention of if it is for WPA2 personal or enterprise?

Re:so, not a hole (1)

WrongSizeGlass (838941) | more than 4 years ago | (#33017610)

I'm too lazy to read the article, but is there mention of if it is for WPA2 personal or enterprise?

Enterprise. From the first line of the summary: a claimed vulnerability in WPA2 Enterprise that leaves traffic open to a malicious insider. .

Re:so, not a hole (1)

yuhong (1378501) | more than 4 years ago | (#33017588)

Except that they don't need your password, all they need is access to any user account on your WPA(2) network to sniff the Wi-Fi traffic of any other user.

WTF (0, Flamebait)

fnj (64210) | more than 3 years ago | (#33017404)

Can't anybody design any piece of hardware or software that does not have some lame vulnerability?

Re:WTF (2, Funny)

Anonymous Coward | more than 3 years ago | (#33017442)

You have an awfully low UID for such a huge troll!

Re:WTF (3, Funny)

mortonda (5175) | more than 4 years ago | (#33017716)

nah, things went downhill about the 50k mark... ;)

Re:WTF (5, Funny)

Eivind Eklund (5161) | more than 4 years ago | (#33017986)

I'd say more around the 5170-mark, myself.

Re:WTF (3, Interesting)

Tumbleweed (3706) | more than 4 years ago | (#33017990)

nah, things went downhill about the 50k mark... ;)

Not really. Things went downhill much sooner than that. I'd have a much lower UID than I have if I had seen the need for it, but the 'first poster' morons, etc., weren't much yet around, and there wasn't much value to HAVING a Slashdot account until some time after the account system was first implemented.

Re:WTF (0)

Anonymous Coward | more than 3 years ago | (#33017446)

Can't anybody design any piece of hardware or software that does not have some lame vulnerability?

Please try it yourself and let us know how it works out.

Re:WTF (1)

MadGeek007 (1332293) | more than 3 years ago | (#33017456)

No. Humans make mistakes; it's a natural fact of life. To expect anything to be flawless is foolish.

Re:WTF (0)

Anonymous Coward | more than 4 years ago | (#33017532)

"hello_world.c"?

Re:WTF (1)

MadGeek007 (1332293) | more than 4 years ago | (#33017698)

Good point. That made me think. On the surface there is nothing wrong with a hello world program. However, technologies are only as effective, secure, and efficient as the systems on which they depend.

Believe it or not, I'm a "glass half full" kind of guy; I'm just paranoid :)

Re:WTF (1)

AnonymousClown (1788472) | more than 3 years ago | (#33017460)

Can't anybody design any piece of hardware or software that does not have some lame vulnerability?

I have. The program is called One.

Basically, it's an NPN transistor that has a voltage that goes to its base. Its collector is connected to 6V and its emitter is connected to ground. There's a 1K resistor connected to the base and emitter.

It's a binary one and it's hack proof.

Genius huh?

Next, I'll be showing my 1 pixel digital image called: One.

I'm gonna be rich!

Re:WTF (1)

The MAZZTer (911996) | more than 3 years ago | (#33017468)

What about if the power fails?

Re:WTF (1)

Mr. Vage (1084371) | more than 4 years ago | (#33017748)

That's simply a demo of his next project, Zero.

Re:WTF (0)

Anonymous Coward | more than 4 years ago | (#33017776)

I could hack it with the right EMP.

Re:WTF (1)

sakdoctor (1087155) | more than 3 years ago | (#33017464)

Hans R Camenzind?

Re:WTF (0)

Anonymous Coward | more than 3 years ago | (#33017466)

ever heard of digital wrist watches?

Re:WTF (1)

MichaelSmith (789609) | more than 4 years ago | (#33017540)

Mine doesn't make me happy at all.

Re:WTF (0)

Anonymous Coward | more than 4 years ago | (#33017534)

10 PRINT "Hello World!"
20 GOTO 10 //Yes i know goto is evil!

I don't understand how it could be possible... (1)

John Hasler (414242) | more than 4 years ago | (#33017568)

...even in principle to create a secure over-the-air encryption system with no out-of-band key exchange. Does there exist a proof of this?

Re:I don't understand how it could be possible... (2, Interesting)

fwr (69372) | more than 4 years ago | (#33017670)

There is an out-of-band key exchange. It is called a trusted certificate. You know, just like how HTTPS works. This is for WPA2 Enterprise, of which there are many different EAP methods possible, but for which most do include an out of band key exchange (i.e., certificates, or EAP-FAST PAK). In any case, there's also the old DH key exchange, which worked fine for IPsec for years.

Re:I don't understand how it could be possible... (1)

John Hasler (414242) | more than 4 years ago | (#33017816)

Ok. I was thinking of "personal" mode (I don't use wireless at all, myself).

Re:WTF (1, Funny)

Anonymous Coward | more than 4 years ago | (#33017620)

You are the humanity's last hope as time and time again those "incompetent" engineers have failed us. This is how it's going to happen. You will get an EE degree from college. Then move onto graduate school to get a PhD in EE. Then you will become an EE professor. After 20 ~ 30 years of excellent productivity of research, you will become a chairman of IEEE and make sure that the published networking protocols are free of any vulnerabilities. Let me know how far you were able to manage through this process.

Re:WTF (1)

AHuxley (892839) | more than 4 years ago | (#33017794)

Sure category 6 cable. As for wifi your right, why is it so hard to encrypt as needed, are chips that expensive per unit and cryptography developers that rare?

Re:WTF (1)

Architect_sasyr (938685) | more than 4 years ago | (#33018260)

This was explained to me once, so I feel the urge to pass on the (mis)information.

Your average crypto geek has a job, generally they teach in a university or write books or blogs. What they don't do is troll around job sites looking for "Cryptographic Developer needed to design new standard" jobs. It would be boring etc. What they do do is sit around their office on a quiet friday afternoon and pick apart current cryptographic standards, looking for flaws and such just like this. It takes a pretty special kind of person to read and understand the standards (no I am not one of them), but you can't ask them to drop everything and do it.

At a guess, I'd say that (or a variant of that) is why cryptography developers are so apparently rare.

Wrong way around (1)

Netshroud (1856624) | more than 3 years ago | (#33017426)

+1 for consumers, -1 for enterprises?

Not that big a deal... (4, Insightful)

Denis Lemire (27713) | more than 3 years ago | (#33017478)

This vulnerability is only useful if the attacker knows your WPA key. In other related news, it has been discovered that those who know your root password can delete all your files.

Re:Not that big a deal... (0)

Anonymous Coward | more than 4 years ago | (#33017526)

Did you even rtfa, or did you just not comprehend it?

Re:Not that big a deal... (2, Interesting)

tagno25 (1518033) | more than 4 years ago | (#33017552)

This vulnerability is only useful if the attacker knows your WPA key.

This is for WPA2-EAP (may or may not cover WPA2-PSK). So they need a valid username and password, not just a key.

Re:Not that big a deal... (5, Interesting)

maximander (806231) | more than 4 years ago | (#33017586)

When I give someone my root password, I assume they can delete all my files.
When I give them a limited shell account and set permissions correctly, I don't make that assumption.

This exploit is more like the later than the former: WPA was supposed to keep traffic of each individual user safe, and now it doesn't.

Re:Not that big a deal... (5, Insightful)

Denis Lemire (27713) | more than 4 years ago | (#33017658)

M'eh, if you have anything sensitive that you're sending over the network it should be sent securely, period. ie) via SSH, HTTPS, etc... Otherwise, you're just doing it wrong.

Having an additional layer like WPA provided is indeed a nice thing, but this being compromised isn't the end of the world. I'd be far more concerned if there was a vulnerability that allowed someone to bypass WPA all together and connect to a network in which he or she isn't authorized.

The encryption of the traffic itself really isn't that much of a selling point when it'll continue across the wired network in the clear once it hits the router or switch upstream. Encryption that isn't end-to-end really isn't worth the time spent talking about it.

Re:Not that big a deal... (1)

Shakrai (717556) | more than 4 years ago | (#33017672)

M'eh, if you have anything sensitive that you're sending over the network it should be sent securely, period. ie) via SSH, HTTPS, etc... Otherwise, you're just doing it wrong.

So I should put an ssh/ssl tunnel between my laptop users and our Windows file server?

Re:Not that big a deal... (0)

Anonymous Coward | more than 4 years ago | (#33017712)

If the connection is wireless - yes - use SSTP.

Re:Not that big a deal... (1)

Denis Lemire (27713) | more than 4 years ago | (#33017792)

That or replace your Windows file server with something trustworthy. ;)

Actually, I may have to claim ignorance here as I haven't looked into it recently, is there STILL no crypto available in SMB/CIFS traffic?

If not then perhaps IPSEC between your Windows servers and clients, it's a probably a hassle to setup, but it would give you another layer of security. I've never trusted wireless enough to do sensitive data transfers using non-secure protocols. Guess that's why I don't see this as a big deal. Just business as usual.

Re:Not that big a deal... (1)

yuhong (1378501) | more than 4 years ago | (#33017804)

Only if something like people connecting to the wired network and running packet sniffers is a concern.

Actually makes a bit of sense if you can't enforce (1)

dbIII (701233) | more than 4 years ago | (#33017820)

Actually that's not entirely a bad idea.
One frequent problem is that many people that think they are too important to obey pesky IT rules and they will give out the WPA key to any visitor that wants to check their email. Thus you have to assume to a point that the network is open and restrict things to certain MAC addresses or similar anyway.
Assuming the wireless network is completely open (but not actually doing so), sticking it on the outside of a firewall and letting laptop users in with some sort of VPN actually makes a bit of sense.

Re:Actually makes a bit of sense if you can't enfo (1)

yuhong (1378501) | more than 4 years ago | (#33017894)

Or just create separate open wireless networks outside the firewall for visitors along with the WPA(2) wireless networks.

Re:Actually makes a bit of sense if you can't enfo (1)

yuhong (1378501) | more than 4 years ago | (#33017944)

Of course, if you really want to limit it to visitors, you could use WPA(2)-Personal for the visitor network.

Re:Actually makes a bit of sense if you can't enfo (1)

Shakrai (717556) | more than 4 years ago | (#33017942)

One frequent problem is that many people that think they are too important to obey pesky IT rules and they will give out the WPA key to any visitor that wants to check their email.

Most enterprise grade access points will support multiple SSIDs and VLANs. It's child's play to setup a VLAN for guests that provides internet access without putting them on your corporate network. I did this at my job because I was sick of explaining to the bosses why it was a bad idea to put vendors and salespeople on our corporate network just so they could check their e-mail. It took all of ten minutes to setup with Cisco access points, switches and routers.

Re:Not that big a deal... (1)

GNUALMAFUERTE (697061) | more than 4 years ago | (#33018136)

Yes, but first you have to get rid of windows.

Re:Not that big a deal... (5, Insightful)

yuhong (1378501) | more than 4 years ago | (#33017836)

Yep, WEP stood for Wired Equivalent Privacy, which was all it and WPA(2) was intended to provide, nothing more.

Re:Not that big a deal... (1)

Denis Lemire (27713) | more than 4 years ago | (#33017890)

Exactly...

Re:Not that big a deal... (3, Insightful)

John Hasler (414242) | more than 4 years ago | (#33018026)

It's "Wired Equivalent Privacy" only if your idea of "wired privacy" involves dangling a cable out the window down into the alley behind the building.

Re:Not that big a deal... (1)

yuhong (1378501) | more than 4 years ago | (#33018076)

Are you talking about the WEP security holes found over the last few years? That was not what I am talking about.

Re:Not that big a deal... (4, Interesting)

blacklint (985235) | more than 4 years ago | (#33018060)

It used to be that an enterprise WPA2 network had a similar level of privacy to a switched wired network, where individual users couldn't see each other's traffic. Now it is equivalent to a network with hubs, allowing connected users to see each other's traffic.

Re:Not that big a deal... (1)

yuhong (1378501) | more than 4 years ago | (#33018074)

This seems like a packet injection attack to me.

Re:Not that big a deal... (2, Insightful)

Shadyman (939863) | more than 4 years ago | (#33017768)

"When I give them a limited shell account and set permissions correctly, I don't make that assumption."

Isn't the idea to always expect the worst? I'd tend to assume that if I give anyone any access at all, that they will find a way to break it.

Re:Not that big a deal... (1)

John Hasler (414242) | more than 4 years ago | (#33018000)

> Isn't the idea to always expect the worst? I'd tend to assume that if I give
> anyone any access at all, that they will find a way to break it.

The worst would be to assume that they will find a way to break it no matter what you do even with no access at all and so it is all hopeless.

Re:Not that big a deal... (0)

Anonymous Coward | more than 4 years ago | (#33017602)

Yeah, but this could mean that any wireless network you don't have complete control over (public hotspots, etc.) are effectively compromised even if the wireless link is encrypted with WPA2.

Of course, using a VPN would negate the problem, but I suspect that a significant number of public wi-fi users don't use a VPN as well.

Re:Not that big a deal... (1)

Kral_Blbec (1201285) | more than 4 years ago | (#33017704)

Yeah, but this could mean that any wireless network you don't have complete control over (public hotspots, etc.) are effectively compromised even if the wireless link is encrypted with WPA2.

Of course, using a VPN would negate the problem, but I suspect that a significant number of public wi-fi users don't use a VPN as well.

No, it means that they are remotely possibly compromised.

Re:Not that big a deal... (0)

Anonymous Coward | more than 4 years ago | (#33017644)

My windows does not have a root account, you insensitive clod!

Re:Not that big a deal... (0)

Anonymous Coward | more than 4 years ago | (#33017686)

More FUD.

home router still safe (1)

faber0 (234887) | more than 4 years ago | (#33017490)

your home wpa2/psk environment is still safe, so don't worry about your neighbours virtual break-in.....

Yawn (2, Insightful)

Jeffrey Baker (6191) | more than 4 years ago | (#33017520)

In other news, people on your wired ethernet segment can also see your "private" traffic. If you care so much, use SSL. Next scaremongering non-story in 3, 2, 1.

Re:Yawn (0, Redundant)

yuhong (1378501) | more than 4 years ago | (#33017852)

Yep, WEP stood for Wired Equivalent Privacy, which was all it and it's successor WPA(2) was intended to provide, nothing more.

Not normally (2, Insightful)

Sycraft-fu (314770) | more than 4 years ago | (#33018112)

The whole point of a switch is that it sends data only to the host that it is for. So you don't get my data out your switch port. If you clone a MAC, that doesn't do the trick as it just confuses the switch and some data goes to one computer, some to the other, and the connection works poorly. Back in the day you could overload the switches in various ways and make them act like hubs, but that is also noticeable, and it doesn't work on new high quality switches.

Wired networks are actually pretty secure from snooping over all. It's not impossible, but it is damn hard.

Re:Not normally (1)

bitslinger_42 (598584) | more than 4 years ago | (#33018242)

Of course, this is why serious attackers on a switch don't try cloning MACs. They send gratuitous ARPs to the systems they want to sniff traffic from and pretend to be the default router. Or they take over the root of the spanning tree on the switch. Or they send an email to their target that says "Click this link to download nekkid pictures of " but actually installs a keystroke logger.

None of that is as hard as the 133t hax0rs want you to believe. Not trivial, and not undetectable, but not particularly difficult these days, thanks to Ettercap [sourceforge.net] .

Of course, it's often cheaper and easier to just slip the janitor a $50 to have them photocopy all the CEO's garbage, but that doesn't sound nearly geeky enough :-)

vuln fixed. cat-5 cables. (0)

swschrad (312009) | more than 4 years ago | (#33017524)

nooo problemo.

Michael Jackson said it best (5, Funny)

CaptSaltyJack (1275472) | more than 4 years ago | (#33017542)

"I'm starting with the man in the middle
I'm asking him to change his ways
Every packet is encrypted just a little
If you wanna make your network a safer place
Find the man in the middle and punch his face."

Re:Michael Jackson said it best (1)

vivek7006 (585218) | more than 4 years ago | (#33017784)

U sir are my new hero!

Re: I will make sure he is gonna look like (1)

caekys (1845106) | more than 4 years ago | (#33017872)

I will make sure he is gonna look like Michael Jackson himself, after I am done.

IPSEC here we come (0)

Anonymous Coward | more than 4 years ago | (#33017628)

So deploy ipsec everywhere...

Ha Ha! The joke's on them! (0)

Anonymous Coward | more than 4 years ago | (#33017720)

I use ROT13. TWICE!

Mommy! (1)

Konster (252488) | more than 4 years ago | (#33017814)

Mommy, Jimmy's sniffing my packets again, make him stop!

Re:Mommy! (1)

Andorin (1624303) | more than 4 years ago | (#33018072)

...yuck.

VPN (5, Insightful)

Jaime2 (824950) | more than 4 years ago | (#33017916)

I've been telling people to use VPN over WiFi connections forever. Even better, put your wireless devices on the outside of the firewall, so they have no choice but to VPN in. This also makes giving a random guest access to your wireless no big deal. Any one who thinks wireless networking will ever be safer than an old-fashioned hub is deluding themselves.

Re:VPN (0)

Anonymous Coward | more than 4 years ago | (#33018100)

If I had any mod-points I would mod you up so fast, it would look like the space shuttle taking off.

One question (1)

cowboy76Spain (815442) | more than 4 years ago | (#33018044)

Hi.

We recently had some security tests with a consulting firm and, while no WiFi test was done (we have no WiFi), I was curious and asked the guy about WiFi security. He told me that, given that there was a constant traffic, he could break any WiFi in about two hours. So I do not know if this vulnerability is a completely different thing or that guy was just too much optimistic.

Anyone does have first hand info?

Re:One question (0)

Anonymous Coward | more than 4 years ago | (#33018254)

he could break the WEP in two hours by waiting for enough traffic, yes. but its the dumb way to do it.

Fire the consultant (2, Insightful)

VortexCortex (1117377) | more than 4 years ago | (#33018312)

Statements like, "I could break any WiFi in about two hours," are red flags that you should higher a different security researcher...

The terms "any", "ever" or "all" are not in most security researcher's vocabularies when talking about unknowns or speculative situations.
We prefer to use terms that imply some degree of uncertainty such as "mostly", "almost never", and "nearly all" since the one thing we know
as security researchers is "trust no one", followed closely by "there is almost always an exception to the rule".

I'm certain that there is at least one "WiFi" your researcher could not break in approximately two hours, thus voiding the "any" term they used.

When in doubt just say, "Prove It."

So what... (0)

Anonymous Coward | more than 4 years ago | (#33018062)

Some wireless vendors can detect soft "fake" APs because the entire wireless system knows which packets are generated by itself, and which are spoofed. These systems can also triangulate the rogue device. See arubanetworks.com for just one example.

He also didn’t mention how long it took, although it can’t have been that long. Crank down the rekey interval on the ptk and that would help some, although a script could be ran on the attacking machine to continually repoll for updated keys.

But, So what? A malicious INSIDER can sniff or inject other users traffic while being already connected to the wpa2 network. The malicious insider could also go plug in a wired device and do a whole lot more damage, easier, and faster.

There is no vulnerability from an UNauthorized wireless attacker. Wake me when that happens.

Discrepancy: Theory vs. Practice (0)

Anonymous Coward | more than 4 years ago | (#33018192)

With cryptographic theory, we have many systems which seem to be really hard to break. We have stuff which we can prove is secure unless the attacker uses brute force, a quantum computer, or solves a "hard" problem in number theory.

Why is it so difficult to make an actual secure cryptosystem?

No shit, really? (1)

RoboRay (735839) | more than 4 years ago | (#33018274)

So, if you grant someone access to your encrypted wireless network, the person you granted access to can access data on that network? Who would have thunk it?

So an authenticated user can sniff my packets.. (1)

Culture20 (968837) | more than 4 years ago | (#33018280)

Just to make sure (I've never read the WPA2-EAP specs), the login username/password for access to the wireless is encrypted with another layer and isn't now cleartext to any malicious authenticated user? Any place with single sign-on for Wireless and Computers could be seriously exposed to internal baddies.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?