-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 8:11 AM -0400 7/27/10, Peter P Morrissey wrote:
Makes me wonder if it really matters that much anymore. Are there any
applications that don't already do their own encryption?
The problem is that this attack (basically an ARP spoofing attack) ends
This is good news to at least one vendor. Meru Network's Virtual Cell feature
creates a unique BSSID for each associated station, thereby rendering the whole
vulnerability a non-issue.
--
Ken LeCompte - Telecommunications Analyst
Rutgers University Office of Information Technology
Campus
Good article. Breaks it down very good.
It also appears that client isolation will break the attack vector as well.
We'll see when the Blackhat presentation goes on.
On Thu, Jul 29, 2010 at 8:43 AM, Bob Brown bbr...@nww.com wrote:
Our latest on this issue (which should be further clarified
It's not good.
But in an enterprise environment, it might be mitigated. In order to
do Badness, a client will have to spoof an Access Point BSSID. I
believe most of the vendors already do BSSID spoof detection. I'm not
sure what type of response would be appropriate, (ie blackhole that
BSSID,
Sent: Monday, July 26, 2010 5:59 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WPA2 vulnerability found
This is not good -It does not mention anything about keys that are rotated.
http://www.networkworld.com/newsletters/wireless/2010/072610wireless1.html
@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WPA2 vulnerability found
Makes me wonder if it really matters that much anymore. Are
there any applications that don't already do their own
encryption?
Pete Morrissey
Syracuse University
From: The EDUCAUSE Wireless Issues Constituent Group