It's not good. But in an enterprise environment, it might be mitigated. In order to do "Badness", a client will have to spoof an Access Point BSSID. I believe most of the vendors already do BSSID spoof detection. I'm not sure what type of response would be appropriate, (ie blackhole that BSSID, knocking that client off, but also knocking out 1 of your access points).
We'll have to see how the vendors individually, and as a whole, deal with this new problem. I do agree with some of the comments of the article that it seems as if this researcher was going for maximum exposure, as notifying the big 3 / 4 was never mentioned. (Never mind the standards body itself) Mike On Mon, Jul 26, 2010 at 5:59 PM, Chris Hart <ch...@northwestern.edu> wrote: > This is not good - It does not mention anything about keys that are > rotated. > > > > http://www.networkworld.com/newsletters/wireless/2010/072610wireless1.html > > > > > > > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
