Security: Connect the Dots–Ongoing

This article will be an ongoing list of interesting articles in the security arena, none earth-shattering (which will have separate articles), but each one a dot that might connect to other data. Please add other news in the comments or write editor at dciematools.com 

15 August–Welcome to the future: cloud-based WPA cracking is here

Cloud computing is the latest effort to put data off site, to let professionals handle the IT details, or to put large amounts of data close to the user, while allowing the users to concentrate on their application. Dolby, for example, uses the well-regarded Salesforce solution (as do many large corporations) to monitor equipment and solutions in the field. Thus it is news…and really really really points to the need for using excellent passwords.

In 2008, I speculated about the future of distributed security cracking. That future has arrived, in the form of a $17 “cloud” based service provided through the efforts of a security researcher known as Moxie Marlinspike. It is effective against pre-shared key deployments of both WPA and WPA2 wireless networks.

The mechanism used involves captured network traffic, which is uploaded to the WPA Cracker service and subjected to an intensive brute force cracking effort. As advertised on the site, what would be a five-day task on a dual-core PC is reduced to a job of about twenty minutes on average. …Because it is a dictionary attack using a predefined 135-million-word list, there is no guarantee that you will crack the WPA key, but such an extensive dictionary attack should be sufficient for any but the most specialized penetration testing purposes.

If you opt to use the service, you will of course leave a money trail via Amazon Payments — which is probably a bad idea if you are attempting to gain unauthorized access to a secured network illegally. For the good guys testing the security of a client’s network, however, this is an incredibly handy tool to have at one’s disposal.

It gets even better. If you try the standard 135-million-word dictionary and do not crack the WPA encryption on your target network, there is an extended dictionary that contains an additional 284 million words. In short, serious brute force wireless network encryption cracking has become a retail commodity.


 

Please report any security news which you think that community could benefit from in the comments.

Leave a Reply