Wi-Fi Security

Last week at Defcon 20, Moxie Marlinspike released chapcrack, a tool that implements a new attack against MS-CHAPv2. It was widely reported as an attack on WPA2-Enterprise, but it’s not. In fact, from a Wi-Fi perspective, there’s nothing to see here.There’s been a great deal of coverage of the...

In the world of cool Wi-Fi features, Aerohive's Private Pre-Shared Key is one that should get so much more airtime (haha, pun intended) but instead often ends up as one more awesome Aerohive feature mentioned in passing.The fact that our engineering team was able to provide a highly-secure,...

Last week, my original post on the Wi-Fi Protected Setup (WPS) brute-force attack promised a follow-up. In the meantime, I appeared as a guest on episode 2 of the No Strings Attached podcast with Dan Cybulskie and Andrew vonNagy.In some of the discussions I’ve had since then, it appears that...

One of the Wi-Fi industry’s greatest accomplishments is the way that security went from being a major topic of interest ten years ago to a quality that is accepted as an inherent part of Wi-Fi. Wi-Fi Protected Access (WPA) had a great deal to do with that sea of change in my opinion.The upshot of...

In July, Aerohive announced a new addition to our line-up of enterprise 802.11n wireless access points: the 3-spatial stream HiveAP 330 and HiveAP 350. Although there is a lot to like about them, today I want to dig down further into the radio card design that Devin first touched on in his post...

When talking about security on Wi-Fi networks, I will sometimes open with a statement like, “I have been around this industry so long that I remember when WEP (Wired Equivalent Privacy) was secure.” I also remember using products that didn’t implement the “optional” WEP because it was too taxing for...

I’ve written previously about the possibilities for gigabit Wi-Fi coming with the future 802.11ac and 802.11adstandards. In today’s post, I’ll be taking a closer look about what that raw speed means for security. (As far as the title goes, well, let’s just say that in the mid-1980s, I was just...

Reading John Cox’s recent article in NetworkWorld about Wi-Fi security made me pause, and think about how much the Wi-Fi Alliance has done to improve security on wireless LANs. My work with Wi-Fi began about a decade ago, when I brought my first AP home. It was a 2 Mbps AP, and it was powerful and...

I was recently elected chair of the Security Marketing task group at the Wi-Fi Alliance, and one of the projects we are working on could benefit from data on the deployment of different types of security.  That is, what fraction of wireless networks are open/WEP/WPA/WPA2? In the past, the task group...

As I said in my last post, Firesheep is a slick GUI that makes it point-and-click easy to run an HTTP hijacking attack.  It’s not really a Wi-Fi vulnerability, so the real solution to this problem is to tell your Web service vendors to use SSL or TLS to secure the session end-to-end.  (In the last...