[kwlug-disc] Firesheep: Open WiFi cookie stealing for the masses ...

Paul Nijjar paul_nijjar at yahoo.ca
Wed Nov 3 14:10:39 EDT 2010


On Wed, Nov 03, 2010 at 01:19:44PM -0400, Adam Glauser wrote:
> On 03/11/2010 12:40 PM, Khalid Baheyeldin wrote:
>>
>> More specifically, it quotes this:
>>
>> http://en.wikipedia.org/wiki/IEEE_802.11i-2004#The_Four-Way_Handshake
>
> I think Lori mentioned this earlier, but it seems that the session key*  
> is not securely exchanged.  It seems that WPA-PSK and WPA2-PSK (aka  
> -Personal) add the additional effort of capturing these handshake  
> packets.  Firesheep may not automate this yet, but it perhaps it could.

[...]

>
> In any case, it seems that using WPA2-EAP is the way to go from a  
> security standpoint, but is probably impracticable for most AP  
> administrators.

Good luck implementing it at a coffee shop. You would need every user
to register with the access point. At that point you should probably
consolidate authentication the way the Toronto Wireless people do. 

> **
> More detail here:  
> http://superuser.com/questions/156869/can-other-people-on-an-encrypted-wi-fi-ap-see-what-youre-doing

This is helpful, but I still don't understand the attack. Say you have
the handshake. Now what? I thought one of the goals of WPA is to
protect against replay attacks. 

Does the laptop authenticating to the access point have any totally
private key that is not reconstructible in WPA1? Is this different in
WPA2?

I am still unclear as to whether there are any helpful steps I should
be taking on our network. 

- Paul


-- 
http://pnijjar.freeshell.org 




More information about the kwlug-disc_kwlug.org mailing list