Re: Perpetuating weak wireless security

Bravo. Awesome idea! I love the aspect of releasing it to the masses in 
a venue such as DefCon before giving it to customers for a large scale 
implementation. I look forward to seeing it in action.

Cheers
-Nick

Nico Darrow wrote:
> I completely agree. It has always been a good practice for security
> companies to allow public scruitiny and peer review of their technology.
> Our current plan is to have an independent auditing company test and
> verify the technology once it is publicly released. 
>
> Then I'd love to setup a hack-the-wep event (maybe at Defcon as a
> capture the flag event) where I'll pony up a prize for anyone who can
> successfully decode the message. I may even give away one of my Nemesis
> boxes (handheld wireless auditing box) as a prize. Good idea Joshua :-P
>
> -Nico Darrow
>
> -----Original Message-----
> From: Joshua Wright [mailto:jwright@xxxxxxxxxxx] 
> Sent: Tuesday, May 08, 2007 11:22 AM
> To: Nico Darrow; wifisec@xxxxxxxxxxxxxxxxx
> Subject: Re: Perpetuating weak wireless security
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Nico!
>
> Nico Darrow wrote:
>   
> > Guys, I was the orignal designer of the WEP Cloaking feature released
> >  by AirDefense. I can field any questions you guys may have on it.
> >
> > I can assure you it works. Here are couple points on the technology.
> >     
>
> <snip>
>
>   
> > 2. You can't filter the traffic out, we have several dynamic engines 
> > to circumvent filtering. We've had several independent teams attempt 
> > to pentest even with the real WEP key and they have failed. I've 
> > already been through signal strength filtering, retry filtering, 
> > sequence filtering, client filtering, distributed sniffing, etc etc.
> >     
>
> <snip>
>
>   
> > Now, I'm sure someone smart will figure out some super-clever way to 
> > bypass it but AirDefense has multiple layers of protection. We will
> > of course refine the technology as it gets deployed and used in the
> > field.
> >     
>
> For a long time, the Cisco Okena folks had a server on the Internet that
> was unpatched with a big sign labeled "hack me".  Anyone was welcome to
> attack the system, and if they were successful, Cisco used the results
> to improve their product, much like Nico is describing here.
>
> Nico, is there any chance AirDefense would make a packet capture
> available of WEP Cloaking in action, maybe interspersed with legitimate
> frames (around 200K frames or so) for people to take a look at?
> Something that would be a practical representation of a legitimate
> attack?  If you wanted to make it fun, you could even use something like
> a netcat listener and client to stream a message across for people to
> try and retrieve. :)
>
> Thanks!
>
> - -Josh
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
>
> iQIVAwUBRkCVqjWX3FIa1TkuAQLXxg/+L8k3Cy2lGW5tqOjBrT1stLyTWuWLM8/g
> lXJqy/6Ln1ePh1aEpbR1dkDhyYmo6yNd4ybzShKXa+DArFWrIgVtLJ4TJ7x6GXjt
> RxKVTeLlObN5gTTSuHtLpk4UA1le3ANdcVzVBz/tCFa1nXCszy9NipyftfbakENF
> zyr6oDf4yyzlAQgmXZe9WK+9N73MPHEB48UxLMpCn0WrD31oWLpoO9nlDqh1yS/g
> 1zmWfgdKntML85EnGRUakg2+RpWx5tMqENlHlHxzR2hpW2gcvlsFZjQwC77aCHXa
> nqnijGP9hipr/qnWHeBIyGHDNjoqY3JE/ZIKYo6TA3aS4wn5cT/4bsWlPUXNQsmQ
> PKnrkcnhUamqg4KMfckQ3NenHcmlxOZwz99B/Rx2K2DXyaEkgnDNZPHKHaYo9G8z
> ZSpxz3QVDsJlqJUyAqT2M6rdjGeT/Wp4OhhcH8tUhv0e5rzrRYp6MTZ2kc3DOYC3
> /k0VUSi/dm7jXdvvZpdTqIaLMRBE5w1Td8yXlk6c/CCT/j7eR1X9ZynU9oeRhiB9
> 1Dn7Mf1jwoIiXQqByhWpUzY+8FBQbUGXKL98Z0GCnCQP3XOe9ezTljtI5XDkQnWQ
> iy+Mrb8cjnzlUCRJ4Yo7i7msAg7COsMr9HKmC05KuWTV7P4b2W+rYRoAvdBVkex8
> IQV9Cd+oc+c=
> =aC+O
> -----END PGP SIGNATURE-----

____________________________________________________________
PREVENT ACCESSING DANGEROUS WEBSITES - Protect your computer with Free Web Security Guard! 
More information at http://www.inbox.com/wsg