It's not a new attack - the key thing with SILICA is that people can actually USE it. Although it's possible that aircrackNG is easier to use than I'm giving it credit for - have you tried it lately with this attack?
Of course, not all of your boxes are vulnerable to this sort of thing. Phones, in a turn of fate, are usually immune. -dave On Thu, Dec 1, 2011 at 3:30 PM, John Bond <[email protected]> wrote: > On 23 November 2011 16:33, Dave Aitel <[email protected]> wrote: > > WEP is truly the algorithm that won't stop giving. For example, did you > know that even if you have no unencrypted networks in your Mac/Win7 box's > profiles, you can still be attacked using the encrypted profiles that use > WEP? I guess you may have theoretically known that, because you are so up > on current day events! But it's one thing to "know" things are possible, > and another thing to "right click to get person's home network's WEP key". > > > > AKA: > > > > SILICA now has the ability to recover WEP keys directly from clients by > > tricking the client into disclosing the key. This attack does not > > require an AP to be present in order to derive the key. > > > > Video: http://silica.immunityinc.com/AP_less_WEP_cracking.mov > > Just catching up on old emails but hasn't this been possible since > 2007 with cafe late[1] and then improved upon by hirte in i think > 2008[2]. Or am i missing the sarcasm? > > [1]http://security-freak.net/toorcon/Toorcon.ppt > [2]http://hirte.aircrack-ng.org/nextgen-wepcracker.pdf > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave >
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
