>>
>>> WEP? Again, we all know how bad it is, but has it really been used?
>>> Evidence?
>>
>> Yes, WEP was a confirmed vector in the Gonzales TJX hack:
>>> http://www.jwgoerlich.us/blogengine/post/2009/09/02/TJ-Maxx-security-incident-timeline.aspx
>>
>> http://en.wikipedia.org/wiki/TJX_Companies#Computer_systems_intrusion
>
> Ah --- I'll check. I knew they attacked WiFi; I didn't recall that they'd
> cracked WEP. Thanks.
I don't believe the TJX attack cracked WEP. I believe that the post-hack
auditors identified WEP as a weak point, but the attackers got in through an
easily-cracked network. By easily cracked I mean something like a stupid
password or unsecured. The attackers were not sophisticated.
Jon
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography