Nice!  Sure saves time, if they truly have the setup to handle it, as they claim.  (Wouldn't surprise me, and was bound to show up, sooner or later.)

Then again, there's no guarantee, still, that it'll be in a dictionary (the smart ones WON'T use dictionary words, or even easy permutations...)

That is ture hayabusa.

That brings up one the ironic things about pentesting. Failing to break in is a good thing. Unfortunately, companies don't know whether the failure to break in was due to good security or a poor pentest. Luckily, standards are being adopted.

@jsm725 - Personally, I'd strip the pcap down to only the auth packets needed to crack the WPA.  Additionally, one would HOPE, anyway, that any IP's in the pcap are internal, and that there's nothing publicly indentifiable in there.  This is all assuming I use their service, to begin with.

That's my take, anyway...

@WCNA - agreed, and good that folks are working towards some standards.  Either way, though, if I were to hire someone to pentest me, I'd want a detail of their methods and attacks they attempted, so I could decide, for myself, about the 'quality' of the services they performed.  A GOOD pentest report WILL include the technical details and steps, for the technical folks to review, afterwards.

I agree with all comments so far. and yes as long you have a good team in place your wifi should be fine.

So should companies invest in or configuare better security for there wifi ? or should they still think WPA/WPA2 is fine to keep them safe.

I know a lot of companies that have there wifi setup with WPA2 and that is about as far as it goes.

Hey guys this topic truly interest me since im from the howardforums.com and we are discussing ways of bypassing the wpa2 key for wifi tethering on the samsung galaxy indulge and seems no one has been able to get around it i dont suppose any of ya might know a way to get around this if not then i suppose we will have to keep looking around.