View Single Post
  #59   Spotlight this post!  
Unread 13-07-2012, 20:13
techhelpbb's Avatar
techhelpbb techhelpbb is offline
Registered User
FRC #0011 (MORT - Team 11)
Team Role: Mentor
 
Join Date: Nov 2010
Rookie Year: 1997
Location: New Jersey
Posts: 1,624
techhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond reputetechhelpbb has a reputation beyond repute
Re: [FRC Blog] Einstein Report Released

Quote:
Originally Posted by nukemknight View Post
I know the report is long, but I urge everyone who wants to make a statement about the report read the entire report first. There have already been multiple posts in this thread containing false assumptions.
I saw this already as I've read it three times. I consider my statement correct.

They assumed that the AirTight system was going to trap such attempts and they assumed wrongly.

The point remains that it's highly likely that there are many other things that AirTight won't trap (2 other that I am acutely aware of) that are not already discussed in this report.

In short, yes you can read this that I limit my concerns to deauth but frankly the solution isn't to fix one problem in AirTight and think that it's now fool proof security. That's the sort of thinking that created the problem.

They need to completely reconsider how they transit the really important traffic. Custom solutions in their context could mean anything (including loading existing hardware with DD-WRT or OpenWRT which itself is not free of exploit).

The long term risk is that all the focus sits on this particular vector of attack and polite offloading of all security concerns to AirTight continues to leave exposed other vectors of attack. It's not about blame at this point. FIRST has gotten more blame than they deserve in some ways and AirTight doesn't make robot WiFi security products specifically for FIRST. It is just about suggesting that AirTight has only that issue which is wrong and is what this report basically does. It's not the be-all-and-end-all of security solutions (almost nothing ever is regardless of what sales says).

Last edited by techhelpbb : 13-07-2012 at 20:50.
Reply With Quote