Lyle Backenroth » Wireless

Practical attacks on WEP & WPA (published).

lyle — Sun, 04 Jan 2009 07:47:42 +0000

Practical attacks on WEP & WPA, including WPA packet injection:

Details (PDF): http://tinyurl.com/56j63s.

From the site:

The attack is essentially a variant of the chopchop attack used against WEP secured networks, which surfaced in early 2005. The name “chopchop attack” is a nod to the KoreK-developed chopchop tool, which allows the user to decrypt an arbitrary encrypted data packet without having to know the WEP key.

WPA (wifi encryption) is still weak and easy to crack (as expected)

lyle — Sun, 07 Dec 2008 03:26:37 +0000

Here’s a good article on the subject.

Here’s also a good HowTo crack WPA.

WPA / WPA2 … as insecure as I expected

lyle — Sat, 10 May 2008 04:51:01 +0000

Wireless encryption stinks. It always has. Generally, the way I secure my wireless is first to engage MAC filtering (not at all secure, but at least filters out the newbies), then I engage an SSH tunnel to a trusted box @ home with the dynamic application-level port forwarding which allows the SSH server to act as a SOCKS proxy (ssh -D 1655 validusername@ssh-server.com, where “1655″ is any port #), allowing all traffic on the configured applications (Firefox, Pidgin, Mail Clients, etc) to be proxied through the tunneled SSH session, offering a secure and encrypted tunnel over a wireless signal. Here’s a cute summary on how to do this for those that need it.

One caveat: All your DNS lookups will be unencrypted, an easy way to correct this in Firefox is to go to the about:config page (just type about:config in Firefox’s address bar) and go down to network.proxy.socks_remote_dns = false and change “false” to “true”, which will force Firefox to use the SSH server (via the encrypted tunnel) for all DNS lookups.

A simple article on how easy it is to hack WPA / WPA2, also known as ROT-26 security.