Security Weekly
Content

Still Using WEP, or Are You?

“ThinkSECURE has discovered that certain well-known wireless chipsets, using vulnerable drivers under the Windows XP operating system and when configured to use WEP with Open Authentication, can be tricked by a 802.11-based wireless client adapter operating in master mode (“the attacker”) to discard the WEP settings and negotiate a post-association conection with the attacker in the clear.”

I’d like to start by saying that this attack is not known to work against WPA or WPA2(802.11i) protected networks. So, if you are still using WEP, its time to implement WPA. Of course, this may mean that you need a hardware upgrade. The cost of Wireless gear has dropped dramatically. You can get a completely new wireless setup at home for cheap:
Linksys WRT54G, $39.00 from buy.com
Linksys WPC54G PCMCIA 802.11G wireless adapter, $39.00 from buy.com
The above two items are also shipped free, so for $80.00 you can get an entirely new wireless setup. Not bad.
.com

Full Article

Original Advisory

Paul Asadoorian

Paul Asadoorian is currently the Principal Security Evangelist for Eclypsium, focused on firmware and supply chain security awareness. Paul’s passion for firmware security extends back many years to the WRT54G hacking days and reverse engineering firmware on IoT devices for fun. Paul and his long-time podcast co-host Larry Pesce co-authored the book “WRTG54G Ultimate Hacking” in 2007, which fueled the firmware hacking fire even more.

Paul has worked in technology and information security for over 20 years, holding various security and engineering roles in a lottery company, university, ISP, independent penetration tester, and security product companies such as Tenable.
In 2005 Paul founded Security Weekly, a weekly podcast dedicated to hacking and information security. Paul grew Security Weekly into a network of security podcasts spanning multiple topics, such as application security and business. It has been estimated that Paul has conducted over 1,000 interviews with security professionals and hosted more than 1,000 podcast episodes in cybersecurity. In 2020 Security Weekly was acquired by the Cyberrisk Alliance.

Paul is still the host of one of the longest-running security podcasts, Paul’s Security Weekly, he enjoys coding in Python, telling everyone he uses Linux as his daily driver, poking at the supply chain, and reading about UEFI and other firmware-related technical topics.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.