cancel
Showing results for 
Search instead for 
Did you mean: 

Severe flaw in WPA2 - cracked

marko_teklic
New Contributor
153 REPLIES 153

phil_lochner_61
New Contributor III
Ruckus, you better get your crap together and resolve this. You're already being snickered at in a few of the sysadmin mailing lists I'm part of.

In a couple more days those snickers are going to turn into turn into something much more damaging. Because you're such a big player in the wifi market, you're already getting mocked for not having a fix ready when it was announced, but at least right now you're lumped in with tons of other companies.

As the days go on those other companies are going to deliver their patches and you're going to be left out in the rain, tossing excuses and copy pasta to frustrated sysadmins with leftover end of year budgets they'll rightfully decide to spend somewhere else.

We love our Ruckus products but your lack of progress in this matter means to be secure, we may have to turn off our products, and we can't have that in our organization, so we're simply forced to switch vendors.

affant_communic
New Contributor
Is it safe to assume that Ruckus doesn't give a damn about their paying customers right? Since the patches are no were to be seen... I would like to ask the community for Ubiquity recommendations since we'll most likely be moving over. 

it_registration
Contributor
I'm sure this will not be a popular comment but, I think some of these comments are blown way out of proportion.  I also am not happy about Ruckus's delay of response and available firmware updates given the lead time they've been given.  But they don't have it.  I wouldn't apply the new code immediately anyway until some of you bled on it.  I'm willing to bet that most of us have bigger security issues to deal with than a proof of concept hack on a single device, which requires them to be physically on-site, setup a rogue AP and write there own code for the exploit, as the code to exploit the vulnerablity isn't in the wild, then they might gain access to someones facebook feed.  LOL

In addition can I borrow some of your budget dollars so I can jump vendors whenever I'm unhappy with their performance.  Thats a luxury that I cannot afford, time or money wise.   🙂

I hope you don't work in an industry where you need to meet compliance or privacy regulations Todd, because the effort or proximity required for the attack doesn't mean anything at all to the overseeing organizations. I would imagine folks interested in taking advantage of this already have a wifi pineapple and a kali linux machine - maybe even some code to work off of now that smarter nerds know exactly how this all works. It's not hard to make a business case to deploy new WAPs when you already own the expensive ones from the vendor that is slow to respond to security incidents.

Hi Jesse, please don't take this comment as me defending Ruckus, it isn't, but if you are 'unlucky' enough to work in a sector that requires yo to meet privacy and or compliance regulations then you most likely have a fully functioning and very highly tuned WIDS/WIPS which will give you more protection to this issue than some of the other guys posting on here. 

On the basis that all this vendor bashing seems to be falling on deaf ears, on the basis that no one other than Michael from the vendor has bothered to comment on their own forum and we still dont have a patch. I would suggest that the tit for tat between users is pointless.

Remember, we all want the same thing.

Maybe we would be better spending our time offering advice to each other on how to mitigate the threat in the meat time until a patch is released because ultimately, it will come out before anyone on this thread has a chance to switch vendor.