WPA2 vulnerability found

Expert analysis here: <a href="http://news.ycombinator.com/item?id=1541729" rel="nofollow">http://news.ycombinator.com/item?id=1541729</a><p>Jennifer's a friend of mine who knows her stuff when it comes to 802.1X, NAC and WiFi. It looks like it's only related to broadcast traffic, and you have to be authenticated. Also, I can't tell, but it sounds like it might be restricted to radius-authenticated networks (WPA / WPA2 Enterprise, not PSK like you'd find in a coffee shop)

Wow. If this is legit, this one is really bad. It covers this case:<p>1) Bob and Alice go to a coffee shop that uses WPA2, but gives the password to paying customers.<p>2) Alice uses the exploit to acquire Bob's PSK.<p>3) Alice records and decrypts all of Bob's traffic.

Basic concept:<p>Unicast traffic has safeguards against spoofing. Multicast does not. Spoof yourself as the AP, send out multicast traffic, and clients respond with unicast traffic <i>with their key</i>.<p>OK... seriously? <i>Session keys!</i> If you never send them out after negotiating them, the attacker would never get the key, and all your past traffic would still be secure.<p>The state of "security" with wireless communications continually strikes me as an ass-backwards place... wtf keeps going wrong? A couple standard, basic security techniques would seem to resolve nearly every cracking problem, and a large number of MITM ones too (certificates!).