Full Disclosure mailing list archives

Re: Fwd: WiFi is no longer a viable secure connection

From: Cedric Blancher <blancher () cartel-securite fr>
Date: Sat, 11 Oct 2008 05:50:03 +0200

Le samedi 11 octobre 2008 à 09:08 +0530, Anshuman G a écrit :

I have turned off SSID broadcast and its pretty obscure, the password
is obscure too, its WPA personal, i think its impossible to crack/get
in my router without knowing SSID :D .


But your SSID is very easy to retrieve, as it is leaked every time you
associate a legitimate box to your wlan... And guess what: the regular
process of cracking a WPA PSK implies disassociating a client to sniff
the 4-way handshake. Doing this, the attacker will also sniff SSID
cleartext in the air.

Which means: *do not* rely on SSID cloaking for your security.


-- 
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE

Hi! I'm your friendly neighbourhood signature virus.
Copy me to your signature file and help me spread!


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

WiFi is no longer a viable secure connection Ivan . (Oct 10)
- Re: WiFi is no longer a viable secure connection Cedric Blancher (Oct 10)
  - Re: WiFi is no longer a viable secure connection line (Oct 10)
  - Re: WiFi is no longer a viable secure connection Valdis . Kletnieks (Oct 10)
    - Re: WiFi is no longer a viable secure connection Cedric Blancher (Oct 10)
    - Message not available
    - Fwd: WiFi is no longer a viable secure connection Anshuman G (Oct 10)
    - Re: Fwd: WiFi is no longer a viable secure connection Cedric Blancher (Oct 10)
    - Re: Fwd: WiFi is no longer a viable secure connection A . L . M . Buxey (Oct 11)
    - Re: Fwd: WiFi is no longer a viable secure connection Anshuman G (Oct 11)
    - Re: Fwd: WiFi is no longer a viable secure connection Cedric Blancher (Oct 11)