SGVLUG - general meeting yesterday - exploits for WEP and WPA
Attended the SGVLUG general meeting last night at Cal Tech. Was a very interesting presentation. The guest speaker presented about how eazy it was to compromise WiFi even if the connection was using WEP or WPA.
The exploits used publically available software, and a simple everday laptop.
For WEP it just took a few minutes to brute force caculate the key using IVD packets.
For WPA it took a bit longer, but for that exploit only have to wait for someone to attempt login to a WPA WiFi network. At that point there is a 4-way handshake that is done, and once it is captured, then a bit of brute force computation using a dictionary yields the exploit.
My take away from the presentation was that for anything sensitive, like online shopping, only use a hard-wired connection.
I will continue to just use WEP at home, as my goal there is simply to avoid neighbors from using my bandwidth, for everyday surfing.