John Navas
02-26-08, 07:50 PM
<http://www.channelregister.co.uk/2008/02/26/wpa_enterprise_pwnage/>
Businesses using some of the more advanced methods for securing
connections to Wi-Fi access points need to take a hard look at the
configuration settings of client computers. So say researchers who
have documented a simple way to impersonate trusted networks.
The attack works on access points that use the Wi-Fi Protected Access
(WPA) in concert with Protected Extensible Authentication Protocol
(PEAP) or other so-called Extensible Authentication Protocols (EAPs).
Such technologies use public-key certificates to authenticate a
trusted network to a laptop or other connected device and provide an
encrypted SSL tunnel through which the two can communicate.
Problem is, laptops running Windows, OS X and various versions of
Linux frequently have the security settings mis-configured, according
to researchers Brad Antoniewicz and Josh Wright. Using a program
called FreeRADIUS-WPE (short for FreeRADIUS Wireless Pwnage Edition),
it's easy to dupe the clients into connecting to imposter networks
and giving up critical information, they say.
[MORE]
--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
Businesses using some of the more advanced methods for securing
connections to Wi-Fi access points need to take a hard look at the
configuration settings of client computers. So say researchers who
have documented a simple way to impersonate trusted networks.
The attack works on access points that use the Wi-Fi Protected Access
(WPA) in concert with Protected Extensible Authentication Protocol
(PEAP) or other so-called Extensible Authentication Protocols (EAPs).
Such technologies use public-key certificates to authenticate a
trusted network to a laptop or other connected device and provide an
encrypted SSL tunnel through which the two can communicate.
Problem is, laptops running Windows, OS X and various versions of
Linux frequently have the security settings mis-configured, according
to researchers Brad Antoniewicz and Josh Wright. Using a program
called FreeRADIUS-WPE (short for FreeRADIUS Wireless Pwnage Edition),
it's easy to dupe the clients into connecting to imposter networks
and giving up critical information, they say.
[MORE]
--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>