Search
Securing K-12 WiFi - A Scary Movie Blog
Posted by Louise Peter on Oct 31, 2017

It is a classic urban legend horror scene - a young woman is home alone (she is usually a babysitter). She receives creepy phone calls asking "Have you checked the kids?" The babysitter calls the police and the police set up watch outside the house to keep the babysitter safe. The police trace the phone calls and to their horror, they discover that the calls are not coming from another location, but they are coming from inside the house.

Recent Posts

Posts by Topic

see all
free-on-demand-webinars.png
About One CVE at the Tail End of KRACK: 13088
Posted by Hemant Chaskar on Oct 27, 2017

In my last video blog on KRACK attack, I explained the technical details of workings and countermeasures for 9 out of 10 CVEs. The one I did not discuss in detail was CVE-2017-13088. At the time there wasn't enough information available on it and though it looked like the twin of CVE-2017-13087, due to differences between how group keys are distributed in MFP mode versus non-MFP mode, it required separate consideration.  After receiving more details from the researcher (@vanhoefm), I am prepared to share  information about CVE-2017-13088 and the appropriate countermeasures.

WPA2 Vulnerability.png
WPA2 Key Reinstallation Vulnerabilities (KRACK) Explained
Posted by Hemant Chaskar on Oct 16, 2017

Researchers from the University of Leuven (@vanhoefm and team) have discovered flaws in WPA2 implementation in clients and APs. These flaws create vulnerabilities for replay and decryption attacks on packets transferred over WiFi links. They have named them KRACKs (Key Reinstallation AttaCKs). Both 802.1x (EAP) and PSK (password) based networks are affected. These vulnerabilities have been cataloged under 10 CVEs. In the series of videos below, I explain these CVEs in detail with Vivek Ramachandran, Founder and CEO of Pentester Academy.