Friday, August 3, 2012 by
Last week at Defcon 20, Moxie Marlinspike released chapcrack,
a tool that implements a new attack against
. It was widely reported as an attack on
WPA2-Enterprise, but it’s not. In fact, from a Wi-Fi perspective,
there’s nothing to see here.There’s been a great deal of coverage of the...
Friday, January 20, 2012 by
In the world of cool Wi-Fi features, Aerohive's
Private Pre-Shared Key
is one that should get so much more
airtime (haha, pun intended) but instead often ends up as one more
feature mentioned in
passing.The fact that our engineering team was able to provide a
Tuesday, January 10, 2012 by
Last week, my
on the Wi-Fi Protected Setup (WPS) brute-force
attack promised a follow-up. In the meantime, I appeared as a guest
on episode 2 of the
No Strings Attached
podcast with Dan Cybulskie
and Andrew vonNagy
.In some of the discussions I’ve had since then, it appears that...
Friday, January 6, 2012 by
One of the Wi-Fi industry’s greatest accomplishments is the way
that security went from being a major topic of interest ten years
ago to a quality that is accepted as an inherent part of Wi-Fi.
Wi-Fi Protected Access (WPA) had a great deal to do with that sea
of change in my opinion.The upshot of...
Thursday, September 1, 2011 by
In July, Aerohive announced a new addition to our line-up of
wireless access points
: the 3-spatial stream HiveAP 330
. Although there is a lot to like about them, today I want
to dig down further into the radio card design that Devin first
touched on in his post...
Tuesday, August 16, 2011 by
When talking about security on Wi-Fi networks, I will sometimes
open with a statement like, “I have been around this industry so
long that I remember when WEP
(Wired Equivalent Privacy) was
secure.” I also remember using products that didn’t implement the
“optional” WEP because it was too taxing for...
Thursday, February 17, 2011 by
about the possibilities for gigabit Wi-Fi
coming with the future 802.11ac
standards. In today’s post, I’ll be taking a closer look about
what that raw speed means for security. (As far as the title
goes, well, let’s just say that in the mid-1980s, I was just...
Friday, January 28, 2011 by
Reading John Cox’s recent article
about Wi-Fi security
made me pause, and think about how much the Wi-Fi
has done to improve security on wireless LANs.
My work with Wi-Fi began about a decade ago, when I brought my
first AP home. It was a 2 Mbps AP, and it was powerful and...
Thursday, December 16, 2010 by
I was recently elected chair of the Security Marketing task
group at the Wi-Fi Alliance
, and one of the projects we are
working on could benefit from data on the deployment of different
types of security.
That is, what fraction of wireless networks are
In the past, the task group...
Wednesday, November 3, 2010 by
As I said in my last post
is a slick GUI
that makes it point-and-click easy to run an HTTP hijacking
attack. It’s not really a Wi-Fi vulnerability, so the real
solution to this problem is to tell your Web service vendors
to use SSL or TLS to secure the session end-to-end. (In the