PC Advisor: WPA wireless security cracked in 60 seconds
The WEP standard for encrypting wifi networks has long since been easily crackable. Now the next ‘uncrackable’ standard, WPA, can be cracked in 60 seconds. Expect more and better automatic cracking tools to follow, just like the WEP tools like aircrack-ng, wesside, etc. So apparently, WPA2 is now the gold standard, the one to beat. I’m guessing its only a matter of time.
Additionally, its now getting as easy to crack the GSM encryption used in GSM mobile phones, which is the most popular standard around the world: Huge GSM flaw allows hackers to listen in on voice calls
Its really time to start thinking about network security differently. Laptops are becoming ever more common, more and more phones have wifi, etc. Instead of trying to create a safe network, instead we need to think of our computers and devices as an island in rough seas. If you are smart about it, and follow good practices like turning off any network service that you are not using, you can even run a Windows box directly on the internet without problems.
Wow, and now Skype too:
http://tech.slashdot.org/story/09/08/30/238249/…
Its sad to see how many people ay NYC Resistor have open shares with no passwords or logins on their laptops, bluetooth running, and wifi auto connect to an insecure access point. People dont even take care to deactivate the bluetooth for their cell phones. Iv'e been very disappointed. People need to think a little harder about where, when, and how their wireless technology in put into use.
Yarr – we're brazen with our connectivity, matey.
That, and we're also boring. The general populace at Resistor has nothing of
note in their open shares, and isn't that worried about you reading their
gmail. They walk right away from their laptops, partially in trust that the
other folks we invite in aren't jerks.
I'm not saying it's 100% right, but those of us that need better security
layer that on top of the open web with SSH, VPNs, and HTTPS.
That said, a guest course along the lines of “Don't get hacked! – basic
guidelines for keeping your laptop safe” might be a good thing to have 🙂
-E
The only secure computer is locked in a bank vault with no power source and a guard with a gun out front … and even he can be bribed with a bottle of booze!!!!!
There's networks… and then there's networks. >=P
“Now the next ‘uncrackable’ standard, WPA, can be cracked in 60 seconds”
Except that's incorrect. The exploit that was reported on doesn't crack WPA. It's a quite specific, clever, and interesting approach that requires man-in-the-middle physical interposition between an AP and client, only works on very short packets (currently only ARP), and works only on the per-packet MIC keys.
“Now the next ‘uncrackable’ standard, WPA, can be cracked in 60 seconds”
Except that's incorrect. The exploit that was reported on doesn't crack WPA. It's a quite specific, clever, and interesting approach that requires man-in-the-middle physical interposition between an AP and client, only works on very short packets (currently only ARP), and works only on the per-packet MIC keys.