Discussion on:

Security News Roundup: Security researchers to demonstrate WPA packet injection

This week's security events include news that there will be just two updates for Microsoft?s Patch Tuesday this month, of the appearance of an exploit for Adobe Reader spotted in- the-wild, Adobe releasing an update to resolve a ColdFusion vulnerability, and news that security researchers will demonstrate WPA packet injection for the first time.

The home router allows for mixed so except for one irregular device that requires wpa, everything is using wpa2.

From what I've read the attack vector is not for the weak at heart and is actually only one way. So I wouldn't be too worried as of yet.

If it can be done with a manual process now, it will become weaponized for the kiddies soon enough. I wouldn't react irrationally though either; for me, just a reason to clean up my outstanding weak connections at home. No need to wait until it's a five minute aircrack job.

Actually, I think the only outstanding gadget is getting WPA2 or WPA/AES working with wpa_supplicant under Backtrack2. Currently, it forces me to use wpa_psk (wpa/tkip) though any newer distribution seems to manage wpa2 without an issue.

I think it will be interesting on what exploits can come out of the packet injection. But yeah, I think its a good idea to just go to WPA2 if there is a choice. For pure WPA shops at the moment, I suppose waiting another few more days for more details won't hurt.

Regards,
Paul Mah.

It doesn't seem to be very far along yet, currently the best way would be to get ahold of a users laptop or throw in an autohack USB drive while their not looking at a coffe shop to recover the key.

Of course with pretty much any encryption except maybe using RADIUS with your WPA2 AES getting physical access to a machine would get your right in to the key.

Cheers,