What is Digg?Warning: The Content in this Article May be Inaccurate
Readers have reported that this story contains information that may not be accurate.Sponsored by Double Your Dating
The Best Way To Get A Woman To Pick YOU Up view!
doubleyourdating.com - Here’s how to get any woman to start a conversation with you. Can you say "Bye bye rejection..."???
138 Comments
- halfcockedjack, on 11/07/2008, -0/+98Bad reporting. Ars Technica talked to the author of the crack: http://digg.com/security/Battered_but_not_broken_u ...
And it's not broken. As the author of the story said, "longer packets are likely still safe, and TKIP hasn't been cracked. Don't believe the hype, but the exploit is still notable." - Barnettizer, on 11/06/2008, -12/+97Let's not start sucking each other's dicks quite yet, gentlemen... "They haven't, however, figured out how to gain access to the data that travels between the PC and the router"
- ducati748, on 11/07/2008, -0/+52Buried for misleading article title...
- Jaliyl, on 11/07/2008, -1/+24You should be gracious that Microsoft had it in their heart to support anything above WEP.
/s - OneLess, on 11/06/2008, -2/+24God damn it, Xbox 360's wireless does not support WPA2...Microsoft had better get their asses in gear.
- acaloiar, on 11/06/2008, -4/+25I'm just as confused by Barnettizer's comment as I am by the final statement of the article "You dick.". Lots of homoeroticism going around here.
- grumpyrain, on 11/07/2008, -0/+20This article is quite devoid of details. TKIP (a wrapper around WEP) is crackable, but "They haven't, however, figured out how to gain access to the data that travels between the PC and the router". Now forgive me for being a simpleton on this Friday afternoon, but what is now vulnerable? Is it man-in-the-middle attacks, DoS, or does it make it computationally feasible to crack WPA?
- mehan, on 11/07/2008, -0/+19http://it.slashdot.org/article.pl?sid=08/11/07/131 ...
"The reports earlier today on WPA's TKIP key type being cracked were incorrect. I spoke at length with Erik Tews, the joint author of the paper that discloses a checksum weakness in TKIP that allows individual short packets to be decrypted without revealing the TKIP key. I wrote this up for Ars Technica with quite a bit of background on WEP and WPA. Tews's paper, co-written with Martin Beck, whom he credits as discovering and implementing a working crack (in aircrack-ng as a module), describes a way to use a backwards-compatible part of TKIP to exploit a weakness that remains from WEP. ARP packets and similarly short packets can be decoded. Longer packets are likely still safe, and TKIP hasn't been cracked. Don't believe the hype, but the exploit is still notable." - OneLess, on 11/07/2008, -0/+18No, I'm worried that my router is set to WPA because my Xbox has to be connected to it through wireless, so all the computers I have connected wirelessly are being put at risk.
- boshaus, on 11/07/2008, -0/+18Slashdot also has good coverage at http://it.slashdot.org/it/08/11/07/1312246.shtml
"ARP packets and similarly short packets can be decoded. Longer packets are likely still safe, and TKIP hasn't been cracked. Don't believe the hype, but the exploit is still notable."
So yeah, buried - inaccurate. - MattB123, on 11/07/2008, -0/+15Let's postpone that as long as we can.
- RetroRufio, on 11/07/2008, -0/+12I agree... let's not :(
- DivisibleByZero, on 11/07/2008, -1/+13What exactly does that mean? Basically that they could park across the street and leech off my connection, but they can't actually see my trafic?
- stfuitsalex, on 11/07/2008, -1/+13This is the worst blog spam I have ever seen. Aircrack has been able to "crack" WPA for a while now. However, it can only crack passwords that are made up of dictionary words and its strength is dependant on how strong of a dictionary tool you use. WPA is still secure because a good password makes it damn near impossible to crack given a relatively short period of time. Brute force can take weeks on a good password.
WEP is different because you can use multiple packets or IV packets (Im not an expert on the specifics) to crack the password because it can gather enough information from multiple packets to crack the password. With WPA, this method of cracking is not possible. - DivisibleByZero, on 11/07/2008, -0/+9"and your problem with people using your wireless is?"
Last thing I need is the FBI raiding me because they think I was hacking or downloading kiddie porn.
Or even worse, I could get sued by the RIAA. - plantfood, on 11/07/2008, -1/+10@ isamuelson
you know how easy it is to see a list of connected mac addresses to a given access point?
and for that matter spoof it?
very. - inactive, on 11/07/2008, -2/+10TKIP was cracked, WPA was not. Your data cannot be read in plaintext.
Read the article from a reputable site like Ars Technica or Slashdot, Gizmodo is for gullible *****. - DerekMurray, on 11/07/2008, -1/+9pulp fiction quote.
- Omadhaun, on 11/07/2008, -0/+8At least the X360 has WPA; Nintendo's DS only supports WEP.
- LeadStripes, on 11/07/2008, -0/+7Yes, your own traffic is secure, your bandwidth is not.
- HybridVigor, on 11/07/2008, -1/+8It's rather scary how many of the people posting comments on that site believe MAC filtering and a hidden SSID are all the security they need. I don't even know why I'm paying for internet access now when there are so many people with totally unsecure networks out there.
- grumpyrain, on 11/07/2008, -0/+7Yeah. I don't even bother locking my front door. I have planted a tall hedge so thieves won't even notice there is a house there. Simple as that!
- Spoonicus, on 11/07/2008, -1/+8Sounds like someone is going to be getting a lot more bandwidth at his neighbors expense..
- ncc74656m, on 11/07/2008, -1/+8Not worried.
I use WPA2, and will continue to upgrade when new revisions or protocols come out. - BlackHatFerret, on 11/07/2008, -2/+9WPA was never THAT secure in the long run, if the user had a weak password it would still be possible to crack with coWPAtty. http://www.securiteam.com/tools/6L00F0ABPC.html
Guess what I'm getting at is, there's no patch for human stupidity. - flamingchorizo, on 11/07/2008, -1/+8Darn! you got me all worked up :(
- IHaveCrayons, on 11/07/2008, -0/+7About the dick sucking part?
- ElectricKetchup, on 11/07/2008, -1/+6This is a TKIP attack. Does not affect CCMP. Most people use CCMP now. Burried as inaccurate.
Also, from what I've read, it only works for smaller packets encrypted with TKIP, not larger packets, but either way, it doesn't affect me. - HappyScrappy, on 11/07/2008, -1/+6Inaccurate. The crack only decrypts certain short control packets that are covered with WEP instead of WPA for backwards compatibility.
Data packets are safe, at least for now. - AlanLivingston, on 11/07/2008, -0/+5It means they can see data that travels from the router to the PC, but not from the PC to the router.
I was confused by that statement too, but it's clarified in this article http://www.pcworld.com/article/153396/.html?tk=rss ...
"There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer."
and
"They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack." - thecheatah, on 11/07/2008, -0/+5wpa2 and wpa can run together.
- ncc74656m, on 11/07/2008, -3/+8Wrong. WEP has been cracked, not WPA.
Buried. Fool. - FKnight, on 11/07/2008, -3/+8Isn't there some possible way we can blame Vista for this? This is Digg, come on.
- _skin_, on 11/07/2008, -0/+5Not only that, but they also don't mention anything about AES.
Anyway, Buried for inaccurate title. - yrewol, on 11/07/2008, -0/+4I blame vista.
There, is that better? - revyn, on 11/07/2008, -0/+4FTA: Researchers by the name of Erik Tews and Martin Beck were the ones to do the cracking, finding a way to break the temporary Key Integrity Protocol (TKIP) in under 15 minutes.
So why not set your TKIP to change every 10 minutes? - TheWeez, on 11/07/2008, -0/+4Slashdot has the real info on the story.
http://it.slashdot.org/it/08/11/07/1312246.shtml - Poblasai, on 11/07/2008, -0/+4@DivisibleByZero
I guess I had never thought of that... can the RIAA really sue you (and win) if someone hacks your wireless and downloads copyrighted material? - crgnetworks, on 11/07/2008, -1/+5I have that router! I ***** hate it, it's a piece of *****!
- adderx99, on 11/07/2008, -0/+4the point is that they figured out how to exploit wpa encryption based on TKIP, not the actual Rijndael encryption. basically TKIP does checksums with low signal streath, because of the nature of wireless. there is lossed packets, and TKIP does a checksum to make up for that. they figured out a way to exploit 'michael' because it sequentially uses TKIP and WEP one after another. the low level authentication was cracked, not the encryption of the data packets.
i agree with you though, it doesnt matter one bit if you use the most advanced encryption in the world, if your password is 'pass', youre going to get hacked. - directedition, on 11/07/2008, -2/+5But it's true.... you can do DNS poisoning with this. You can make your neighbor type in www.mybank.com and redirect them to your fake box and get their password. It also allows for ARP poisoning, so you can fake being an internal IP of their network.
Your data is still encrypted, but this does open the door for some nasty attacks. - CalcProgrammer1, on 11/07/2008, -1/+4Since I had memorized my 26-digit hex WEP key, I used it as my WPA password. I highly doubt anyone's going to figure that one out using a dictionary or brute force system.
- plainOldFool, on 11/07/2008, -0/+3Oh, for the love of Harvey Keitel.
- Knowltey, on 11/07/2008, -1/+4Wire it to a Wireless reciever that supports WPA2
- FKnight, on 11/07/2008, -1/+4I don't know about you, but the reason I pay for Internet Access is because I don't want my Internet Access dependent on whether my neighbor can pay his FIOS bill or not.
It's not rocket science. - sully213, on 11/07/2008, -0/+3I'm going to have to bury this one as inaccurate. It's not quite cracked yet. Take a look at the last paragraph from this article on Ars Technica.
http://arstechnica.com/articles/paedia/wpa-cracked ...
It's a step towards cracking WPA, but your data is still safe....for now. - geodescent, on 11/07/2008, -0/+3I'm parking in front of his house to P2P music. He'll take the rap!
- kidlinux, on 11/07/2008, -0/+3WiFi encryption isn't just about keeping others from using your internet connection. It's about encrypting the information you're broadcasting to anyone within receiving range.
Right now anyone within range could intercept your computer and router WiFi transmissions and read your email or see what websites you're visiting, and read data you submit via forms. The exception is for secure websites (https) and secure email transmissions (if you access your mail via the web, it's typically over https, so that'd be safe.) That data can be intercepted, but is encrypted anyway. The difference is that the packet isn't encrypted, just the packet data. Some information, like IP addresses, is still available.
Anyone intercepting data between your computer and router would also be able to intercept ARP packets to get your MAC address. - lead2thehead, on 11/07/2008, -0/+3The slashdot article says that only very short packets, like ARP, can be decoded. Everything else is still safe.
- bigteebo, on 11/07/2008, -0/+3So let's have every site go https:// then and force comcast to offer secure FTP(which for some reason they discontinued). Let's add more layers of encryption to keep the security consultants from uttering the same "oh yeah? so and so is inscure" for another, oh, say, year or so.
You see, for all these things to be hacked, etc, someone needs to take the time, skill, & initiative to do it. -
Show 51 - 100 of 145 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is