Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×

Comment Glenn Fleishman (Score 1) 322

by eggboard (#29233021) Attached to: WPA Encryption Cracked In 60 Seconds

I've looked through the comments, and I cannot tell whether anyone has read the paper linked or is commenting on the summary. The summary, derived from news coverage, is incorrect.

The exploit works only to recover a single MIC encryption key which is distinct for each packet. It allows a packet intended for a client to be falsified, but the packet has to be short and mostly known, like an ARP packet. The researchers require that they act as a physical man in the middle, as a relay between an access point and a client, where the client cannot receive signals from the access point.

It's very clever, but it doesn't involve breaking TKIP per se; it has nothing to do with key recovery for network encryption.
Wireless Networking

Submission + - Latest Hype on Broken WPA Is Incorrect (wifinetnews.com)

Submitted by
Glenn Fleishman
Glenn Fleishman writes: "The hullabaloo about "WPA cracked in sixty seconds" that Slashdot linked to and that's all over the Internet is entirely incorrect, and it's not what the Japanese academics claim in the paper to which everyone links. The researchers found a way, using a physical man-in-the-middle relay, to speed up last year's exploit in the TKIP key method (in WPA and WPA2) that allows a falsified packet to be sent to a client when the packet is short and contains mostly known information. ARP packets are the example. The Japanese paper is very clever, and it reduces the time to break a key 37 percent of the time to one minute, but it requires a very specific physical insertion, and it doesn't provide key recovery of the TKIP key material. It only recovers a single per-packet key used in the MIC packet integrity checksum. The recommendation to move to AES-CCMP, available only in WPA2, is a good one. But TKIP is simply not broken, nor is "WPA" broken."
Enlightenment

Submission + - Have We Entered a Post-Literate Technological Age? (tidbits.com)

Submitted by Sleeper55
Sleeper55 writes: A recent Google-produced video conducts person-on-the-street interviews asking questions including "What is a browser?", "What browser do you use?", and "Have you heard of Google Chrome?". Most of the people in the video — who appear to be functional adults and who use the Internet regularly — come off as highly clueless. According to the video, only 8 percent of people queried that day knew what a browser is. The article explores the challenges (technical support, computer books) and implications (limitations on innovation) of dealing with a population that doesn't know the terminology for the technology they use.
Security

Submission + - Advice on When Your Laptop Is Stolen (and Before) (tidbits.com)

Submitted by
Glenn Fleishman
Glenn Fleishman writes: "David Blatner shares his unfortunately hard-won advice about what he did when his laptop was stolen without any remote recovery software installed. He had backups, a month out of date, but also had CrashPlan running, which allowed him to recover most of his missing files. The computer was never returned, but he learned quite a lot about what he could do next time. (The police did knock on the door of the last-used IP address obtained via CrashPlan, but an open Wi-Fi access point was running there, eluding pinpointing the villains.)"
Books

Submission + - Amazon Releases Kindle for iPhone Software (tidbits.com)

Submitted by
Glenn Fleishman
Glenn Fleishman writes: "Amazon has released free Kindle software for the iPhone, which provides access to the Kindle catalog of books, and any books a Kindle owner might have already purchased. The simple software has good legibility, and automatically synchronizes the currently latest-read page among any devices synchronized with the owner's Amazon.com account. It's quite simple and nifty, and suddenly makes a huge quantity of contemporary fiction and non-fiction available to read on an iPhone. It must mean Apple has no similar plans on the content side, or they wouldn't have allowed Amazon to publish this application."

Comment Re:Still needs work (Score 4, Interesting) 182

by eggboard (#26846611) Attached to: Terabit Ethernet Inches Closer To Reality

Okay, I'm the author of the Ars Technica piece, and that make me laugh.

Talking to the researcher, Eggleton, made my head slightly explode, because he's looking 5 to 20 years into the future with the research he's on top of today.

But they have practical devices that show that the stuff can be hand-built, and that's what blows my mind.

The future isn't in plastics -- it's in glass!
Security

Submission + - The real story on WPA's flaw (arstechnica.com)

Submitted by
Glenn Fleishman
Glenn Fleishman writes: "The reports earlier today on WPA's TKIP key type being cracked were incorrect. I spoke at length with Erik Tews, the joint author of the paper that discloses a checksum weakness in TKIP that allows individual short packets to be decrypted without revealing the TKIP key. I wrote this up for Ars Technica with quite a bit of background on WEP and WPA. Tews's paper, co-written with Martin Beck, who he gives credit to as discovering and implementing (in aircrack-ng as a module) a working crack, describes a way to use a backwards-compatible part of TKIP to exploit a weakness that remains from WEP. ARP packets and similarly short packets can be decoded. Longer packets are likely still safe, and TKIP hasn't been cracked. Don't believe the hype, but the exploit is still notable."

Comment Not what the RSA survey was about (Score 2, Interesting) 88

by eggboard (#25547331) Attached to: London Is Still World's Wi-Fi Access Point Capital

I had a briefing from RSA about this survey (writing it up for Ars Technica), and the wardriving that was done was not for the purpose of counting. Rather, it was a subsample of the city: a route that went through business and residential neighborhoods, and that has been driven consistently in London for 4 years. The same route in Paris has been driven for 4 years, and in New York for 7 years.
Security

Submission + - Apple's DNS clients still flawed after exploit fix (tidbits.com)

Submitted by
Glenn Fleishman
Glenn Fleishman writes: "Despite Apple releasing its security update yesterday that includes a fix for the underlying flaw in DNS resulting from insufficient port randomization, the SANS Institute notes in their blog that at least 10.5.4 Leopard client software continues to use sequential UDP ports, making them susceptible to DNS poisoning. While servers are most vulnerable, because a poisoned server cache affects hundreds to millions of clients, Dan Kaminsky's disclosure so far makes it clear that clients are equally vulnerable, just much higher-hanging fruit. With servers patched, attackers would likely see if they could mass target clients with popular Web sites, like Google and banking and ecommerce sites. I've written up the full explanation along with instructions on testing in a Mac, Unix, or Linux environment whether your DNS client is vulnerable."
Cellphones

Submission + - Free SMS on iPhone 3G via AOL IM Client (tidbits.com)

Submitted by
Glenn Fleishman
Glenn Fleishman writes: "Jeff Carlson has discovered that you can bypass the 20 cent per message or $5 to $20 per month fees for SMS (text messaging) with the iPhone 3G and AT&T by using AOL's downloadable instant message client for iPhone 2.0, which is free. Just like the full-blown AOL IM system, you can add buddies that are the phone numbers of cell phones you want to send SMS to, and you establish a two-way conduit. The recipient still pays for SMS (if they have a fee) on their end, but if it's another iPhone user, you could coordinate with them via SMS to use instant messaging instead."
Cellphones

Submission + - 2G iPhones Can Use Old Plans When Sold (tidbits.com)

Submitted by
Glenn Fleishman
Glenn Fleishman writes: "AT&T released a ton of information today about their pricing for the iPhone 3G, and even provided a PDF with instructions on wiping a 2G iPhone that you might want to dump in favor of the newer model. However, there was no detail about the cost of 2G pricing plans for reactivated phones. AT&T confirmed for me this afternoon that a sold or given-away 2G iPhone still qualifies for the earlier 2G pricing plans: that's starting at $20 for unlimited EDGE data plus 200 incoming/outgoing text messages. The iPhone 3G costs $30 per month for unlimited data (HSPA, EDGE, etc.), but you have to pay 20 cents a message for SMS, or buy a plan starting at $5 per month for 200 messages. This is good news for the secondary market in reselling the first iPhones."
Wireless Networking

Submission + - T-Mobile Sues Starbuck over Free Wi-Fi Deal (wifinetnews.com)

Submitted by
Glenn Fleishman
Glenn Fleishman writes: "T-Mobile sent me the text of a lawsuit they filed yesterday against Starbucks. The telecom firm alleges that Starbucks didn't involve it in any discussions to launch their free loyalty program Wi-Fi service this week with AT&T. AT&T is taking over hot-spot operation from T-Mobile, but market by market over the course of 2008. T-Mobile told me that Starbucks is essentially giving away something that isn't theirs. T-Mobile has sued to halt the two-hours-a-day of free service, and is asking for money to cover losses. This might sound like sour grapes, but T-Mobile still operates most of the network, and says that the terms they agreed to with Starbucks and AT&T for the transition and with AT&T for bilateral roaming don't cover this situation at all. Maybe free access in exchange for buying a cup of joe every 30 days was too good to be true (this soon)."

Slashdot Top Deals

I've got all the money I'll ever need if I die by 4 o'clock. -- Henny Youngman

Close