A new method to obtaining login credentials on WPA2/Enterprise secured networks. This is a social engineering attack, so to speak, in which the attacker spoofs an AP and then routes all traffic through localhost which has a smart PHP script that does browser/OS detection, then embeds a fake WPA2 login window into a webpage. Check it out!
MisterX posted the PDF of the Defcon Presentation Here And there was a free webinar available Here from Airtight Networks on the Hole196. It’s making more sense now that I have been studying the Free CWAP and the CWSP Book that I purchased. It’s not a crack in the encryption, and it’s an insider attack. It seems that more and more insider attacks have been happening recently, so this is now a serious issue. I’d recommend reading the PDF and watching the free webinar, they are quite informative.
Possible Meru Networks Solution (which was given previously by WiFiNetNews.com):
“The best lesson I can take away from this hole? Make sure you’re running virtual SSIDs if you have that option to separate guests, contractors, and others from employees; or to isolate different kinds of operations within your company.” – WiFiNetNews
I am still in the process of studying for the CWNA/CWSP so I will be talking about this in upcoming episodes of TtE I am sure.
~Douglas.
As technology changes, we should keep a good eye on those technologies we love. At WeakNet Labs, we love WiFi (and especially Atheros!)! WiGig is a group of engineers that produced the first 60GHz wireless PCIe device. More and more talk is going around since the WiGig group joined up with the WiFiAlliance about triband devices that do 2.4GHz, 5GHz, and now 60GHz, and now we read that Atheros and Wilocity have “embraced” the new technology. The new, to us consumers, unlicensed 60GHz band can deliver speeds up to 7Gbps! This is about nine or ten times faster than the fastest wireless N devices of today, and competes with Wireless HD devices. Here is a cool article that includes the press release of WiGig’s device:
Engadget Story on WiGig Here is the Wikipedia page for more learning resources: Wikipedia WiGig article
~Douglas.