BF-SIRT Newsletter 2018-32
A new method has been found to make cracking WPA/WPA2 easier
The makers of Hashcat found a simpler way to gather the Pairwise Master Key Identifier (PMKID) from WPA/WPA2-secured wifi network. Before this method was discovered an attacker would have to wait for a user to authenticate, and then steal the 4-way handshake of the user. This new method is a “client-less attack”, meaning it can gather all the information needed without anyone using the network. This can significantly speed up the process of obtaining the PMKID.
The good news is that the passwords still needs to be cracked by brute force or dictionary attack, so if you are using a secure password this is still a non-trivial process. It also only works on Pre-Shared Key (PSK), meaning using other authentication methods should be safe.
Top 5 Security links
- Flaw in BIND Security Feature Allows DoS Attacks
- Bypassing and exploiting Bucket Upload Policies and Signed URLs
- Windows 10 Enterprise Getting “InPrivate Desktop” Sandboxed Execution Feature
- Expect API Breaches to Accelerate
- Let’s Encrypt Is Now Officially Trusted by All Major Root Programs