WPA2 and private browsing called into question

With the Black Hat conference taking place later this week it seems apt that there are some interesting security problems being announced that are worth keeping an eye on.

Firstly, it's been discovered that many "private" browser sessions are in fact nothing of the sort, and that hackers could gain access to sites visited, despite claims to the contrary by many firms.

A report on the New Scientist web site claims that researcher Collin Jackson from the Carnegie Mellon University in Pittsburgh found ways that hackers could detect which sites were visited even with the security mode enabled.

A hacker could, "guess what sites you've been to based on traces left behind", Jackson is reported as saying.

Secondly, a wireless security researcher from AirTight Networks claims to have discovered a vulnerability in the WPA2 security protocol for Wi-Fi protection that compromises user security, which has been termed Hole 196.

Md Sohail Ahmad explained that the Hole 196 loophole allows malicious users to bypass private key encryption and authentication to sniff and decrypt data from other users, scan Wi-Fi devices and install malware.

Although AirTight acknowledged that to exploit this vulnerability a hacker would have to be on the same network, corporate thieving and espionage is a key concern to many large corporations, making the threat very real.

The vulnerability has been given the name Hole 196 as it relates to a line on page 196 of the IEEE 802.11 Revised Standard published in 2007 from which the exploit is made possible.
Ahmad will be demonstrating the vulnerability at the Black Hat Arsenal (and again at DEFCON18) in a presentation wonderfully titled "WPA Too?!" on 29 July.