Raul Siles

802.11_ (WiFi) Wireless Network Security
Whitepapers Tools Webs [Vulnerabilities] Books

Last update: January 8, 2008


"Security 617: Assessing and Securing Wireless Networks". Raul Siles. February 18 - 23, 2008. Prague, Czech Republic

Wireless Security Live CD Distributions (Jan' 08)

Whitepapers (Ordered by publishing date)
Your 802.11 Wireless Network has No ClothesW.A. Arbaugh, N. Shankar, Y.C.J. WanMarch, 2001
Weaknesses in the Key Scheduling Algorithm of RC4S. Fluhrer1, I. Mantin2, & A. ShamirAug, 2001
(In)Security of the WEP algorithm (paper)N. Borisov, I. Goldberg & D. Wagner 2001
Practical Exploitation of RC4 Weaknesses in WEP EnvironmentsDavid Hulton (Dachb0den)February 22, 2002
Seven Security Problems of 802.11 wirelessMatthew GastMay 24, 2002
Cracking WEPSeth FogieJuly 12, 2002
4 Simultaneous Channels Okay For 802.11b (whitepaper)J. Louderback (M. Burton)November, 2002
Layer 2 Analysis of WLAN Discovery Applications for Intrusion DetectionJoshua WrightNovember 8, 2002
Detecting Wireless LAN MAC Address SpoofingJoshua WrightJanuary 21, 2003
WPA - Wireless Security for the rest of usTim HigginsNovember 1, 2002
802.11 Security Series - Part II: The Temporal Key Integrity Protocol (TKIP)Jesse Walker2002
802.11 Security Series - Part III: AES-based Encapsulations of 802.11 DataJesse Walker2002
Diving into the 802.11i Spec: A TutorialDennis Eaton, IntersilNov 26, 2002
Top 3 Attack Tools Threatening Wireless LAN'sSANS WebcastMarch, 2003
802.11 Specifications (Part 11: Wireless LAN MAC and PHY)IEEE 802.11June 2003
Wireless - The Ever Changing Landscape of Network SecuritySANS WebcastJuly, 2003
Normativa Wireless en España (2003) SpanishJ. I. Gonzalez BrañaJuly, 2003
Wi-Fi Protected Access (WPA) NeedToKnow - Part IITim HigginsAugust 17, 2003
Pen Testing and Securing Wireless CommunicationsSANS WebcastOctober, 2003
Weakness in Passphrase Choice in WPA InterfaceRobert MoskowitzNovember 4, 2003
Debunking the Myth of SSID HidingRobert MoskowitzDecember 1, 2003
Channels, Power Levels, and Antenna Gains (802.11 a/b)Cisco2004
WLAN Security MonitorsFrank BulkMarch, 2004
802.11i specification (Amendment 6: MAC Security Enhancements)IEEE 802.11June 2004
Moser Informatik Auditor Security Collection (Auditor) - Product ReviewHumphrey CheungJuly 1, 2004
LEAP: A looming disaster in Enterprise Wireless LANsGeorge OuJuly 6, 2004
EAP-FAST: The LEAP and PEAP killer?George OuJuly 6, 2004
Surviving the Running Man Competition at Defcon 12Blackthorn SystemsJuly 30, 2004
Cracking the wireless security code (benchmarking 23 from 17)J. Snyder, R. ThayerOctober 4, 2004
Wireless Local Area Network Security - Obscurity Trough SecurityOUSPGOctober, 2004
WEP: Dead Again, Part 1Michael OssmannDecember 14, 2004
WLAN and Stealth IssuesOudot Laurent2005
Identifying and Responding to Wireless AttacksChris Hurley2005
Wireless LAN security guideGeorge OuJune, 2005
Design and Implementation of a Wireless IDSL. Butti & F. VeyssetFebruary, 2005
WEP: Dead Again, Part 2Michael OssmannMarch 8, 2005
Cracking Wi-Fi Protected Access (WPA), Part 1Seth FogieMarch 4, 2005
Cracking Wi-Fi Protected Access (WPA), Part 2Seth FogieMarch 11, 2005
Evasión de Filtros MAC en Redes 802.11 SpanishUniv. AndesMarch, 2005
The Feds can own your WLAN tooHumphrey CheungMarch 31, 2005
How To Crack WEP – Part 1: Setup & Network ReconHumphrey CheungMay 10, 2005
How To Crack WEP - Part 2: Performing the CrackHumphrey CheungMay 18, 2005
Overview of the WPA wireless security update in Windows XP *MicrosoftMarch 24, 2005
Microsoft Windows XP SP2 WPA2 supportMicrosoftMay 6, 2005
Mapping the 802.11 Protocol (poster)Matthew GastMay 20, 2005
128 Bit Wep cracking (Flash video)DigiMay, 2005
Weaknesses in Wireless LAN Session ContainmentJoshua WrightMay, 2005
Understanding the updated WPA and WPA2 standards * **George OuJune 2, 2005
Distributed Wireless Security MonitorsFrank BulkJune, 2005
Attacking WiFi nets with traffic injection (2nd Ed)Cedric BlancherJune, 2005
Void11 Mass De-Authentication (Flash video)DigiJune, 2005
WPA Cracking (Flash video)DigiJune, 2005
Rogue SquadronShmoo GroupJuly, 2005
Cracking WEP with WHAX (Flash video)Christophe DevineJuly, 2005
Cracking WPA with WHAX (Flash video)Christophe DevineJuly, 2005
Attacks on wireless clients: HotspottingMax MoserJuly, 2005
RF Fingerprinting for Intrusion Detection in Wireless NetworksJ. Hall, et.al.July, 2005
802.11 VLANs and Association RedirectionJohnny CacheSeptember, 2005
The Fragmentation Attack in PracticeAndrea BittauSeptember, 2005
Four Ways To Monitor Your Wireless NetworkSANS WebcastOctober, 2005
Migrating from WEP to WPA2SANS WebcastJanuary, 2006
Linux and wireless networkingLWNJanuary, 2006
Wi-Fi Security's Personal ProblemsAndy DornanMarch, 2006
Channel Sampling Strategies for Monitoring Wireless NetworksU. Deshpande et.al.April, 2006
How 802.11w will improve wireless security (TGw PAR and project)Joshua WrightMay, 2006
Hack the 802.11 MAC Protocol Exploit AnalysisAmilabsMay, 2006
New Methods of Spoof Detection in 802.11b Wireless NetworkingDouglas MadoryJune, 2006
Upside-Down-Ternet: fun with wirelessPete StevensJune, 2006
NIST Draft 800-97, Guide to IEEE 802.11i: Robust Security NetworksNISTJune, 2006
Wireless IDS/IPS: Safe Inside a BubbleFrank BulkJune, 2006
Cracking WiFi… Faster! (FPGAs)David HultonJune, 2006
Create a secure (WPA2-PSK) Linux-based WiFi APStoneLionJuly, 2006
Cool and Illegal Wireless Hotspot HacksDaniel V. HoffmanJuly, 2006
The "Janus Project": massive WiFi sniffingH. CheungAugust, 2006
(WiFi) Device Driversj. cache & D. MaynorAugust, 2006
Wi-Fi Advanced StealthF. Veysset & L. ButtiAugust, 2006
Faster PwninG Assured (FPGAs)D. Hulton & D. MonizAugust, 2006
802.11b Firmware-Level AttacksJ. Wright, M. KershawSeptember, 2006
WiMAX System OverviewRohde &SchwarzNovember, 2006
The Month of Kernel Bugs (MoKB) - 7 WiFi drivers vulnerabilitiesLMHNovember, 2006
Técnicas de Detección de Intrusiones en Redes 802.11 Spanish Asier MartínezNovember, 2006
Wireless Networking with Windows Vista in a Domain EnvironmentZ. AlexanderDecember, 2006
WiMAX security issuesJoshua WrightDecember, 2006
Windows client update to prevent the wireless advertising of the PNLMicrosoftJanuary, 2007
Wireless Forensics - Tapping the Air - Part IRaul SilesJanuary, 2007
Wireless Forensics - Tapping the Air - Part IIRaul SilesJanuary, 2007
Wave Bubble - A design for a self-tuning portable RF jammerLady AdaJanuary, 2007
Exploiting 802.11 Wireless Driver Vulnerabilities on WindowsJ. Cache, HD Moore, skapeJanuary, 2007
Learning About WMM and 802.11eChris GeaghanMarch, 2007
Extensible 802.11 Packet Flinging (LORCON)J. Wright, M. KershawMarch, 2007
Hacking the Airwaves with FPGAs (Schmoocon 07)h1kari (David Hulton)March, 2007
Issues with SSID cloaking and three risksJ. WrightMarch, 2007
Wi-Fi Advanced Fuzzing (handouts)Laurent ButtiMarch, 2007
RF Basics: Part 1Subbu PonnuswamyApril, 2007
802.11r: Wireless LAN Fast RoamingDave MoltaApril, 2007
Breaking 104 bit WEP in less than 60 seconds (RC4 maths)E. Tews, R. Weinmann and A. PyshkinApril, 2007
What else do you need not to use WEP anymore?Raul SilesApril, 2007
Breaking 40-bit WEP in less than 30 seconds?Raul SilesApril, 2007
AirDefense "WEP Cloaking": Perpetuating Flawed ProtocolsJ. WrightApril, 2007
How WiFi Ad-Hoc Networks are Like Zombies (Free Public WiFi) (Part II)J. WrightMay, 2007
Why VPN can’t replace Wi-Fi securityGeorge OuMay, 2007
Wi-Fi CERTIFIED™ 802.11n draft 2.0: Taking Wi-Fi® to the Next LevelWi-Fi AllianceMay, 2007
RIPPS: Detecting Unauthorized Wireless Hosts (pdf)C. Mano, et alMay, 2007
What MFP will do for your WLANJ. WrightMay, 2007
A secure Wireless LAN hotspot for anonymous usersGeorge OuJuly, 2007
The Emperor Has No Cloak – WEP Cloaking Exposed (humorous)Vivek RamachandranAugust, 2007
To WEP or not to WEP. That is the question!Raul SilesAugust, 2007
Abusing and Misusing Wireless CamerasSeth FogieSeptember, 2007
Five Wireless Threats You May Not KnowJ. WrightSeptember, 2007
WEP Caffe Latte Vulnerability (Toorcon9 presentation) AirTightOctober, 2007
Wireless Threats and Practical ExploitsJ. Wright (Aruba)October, 2007

Tools (WiFi SW tools) (wardrive.net) (Wi - f o o) (wirelessdefence))
The drivers supported by every tool have been listed after the tool name. The nomenclature used for naming the drivers is:
HostAP (H), Wlan-ng (W), Prism54 (P), Madwifi (M), Hermes/Orinoco (O), Ralink (R), RealTek (RT), Cisco Aironet (A), Intel Centrino (C)... If a specific tool supports almost all drivers, it is listed as all and if it is based on LORCON (multi-driver library) it appears as (L). If a tool simply requires to have a driver that support monitor mode, it is denoted by (RFMON).
The drivers and wireless chipset relationships is listed under the "Drivers (Linux)" section below.

Drivers (Linux)
Host APJouni MalinenHost AP driver for Intersil Prism2/2.5/3, hostapd, and WPA Supplicant
Wlan-ngAbsoluteValue SysComplete, standards based, wireless LAN system for Prism cards
AirJackM. Lynn, R. BairdDriver for 802.11(a/b/g) raw frame injection (essid_jack, wlan_jack...)
MADwifi-ngMichael RenzmannMultiband Atheros driver for WiFi cards
Prism54Luis R. RodriguezLinux driver for the 802.11g Prism (GT, Duette, Indigo) chipsets
IPW2100James KetrenosIntel Pro/Wireless 2100 Centrino (b)
IPW2200James KetrenosIntel Pro/Wireless 2200 BG Centrino (a/b/g, ipw2200 and ipw2915)
IPW3495Zhu YiIntel Pro/Wireless 3495 ABG adapter (a/b/g) (injection patch)
orinoco_csDavid GibsonLucent/Agere, Prism2 & Symbol Spectrum24 chipsets (CVS)
Hermes APHunzAP (BSS master) mode with Hermes/Orinoco cards under Linux
Broadcom 43xxBerliOSBroadcom 43xx Linux wireless driver (specification)
RTL8180Andrea MerelloLinux drivers for Realtek's WiFi cards
RT2x00Mark WallisLinux drivers for Ralink rt2400, rt2500, rt61 & rt73 chipsets (rt73/2570 enhanced)
airo_csCiscoLinux drivers for Cisco Aironet chipsets
Zydas (SF)MayneLinux driver for the ZyDAS ZD1211(b) 802.11a/b/g USB WLAN chip

LORCON
LORCON (Loss Of Radio CONnectivity) is a Linux-based wireless library for packet injection. Specifically, it is a generic library for injecting 802.11 frames, capable of injection via multiple driver frameworks, without forcing modification of the application code. It has been developed by dragorn (Mike Kershaw) and Joshua Wright.

LORCON has been ported to Ruby (ruby-lorcon) by H D Moore, and to Python (pylorcon) by Tom Wambold.


Suites (Multi-tool distributions)
AirbaseJohny CacheCollection of wireless tools: WEP cracking, traffic injection, libraries (libairware)...
jc-aircrack, jc-wepcrack, pcap-wepcrypt, prism-strip, simple-replay, pcap2air
WToolkit (Win)ToolcryptMultiple Windows wireless tools:
eth2wep, wanalyse, wdecrypt, wdump, wdupiv, wfilter, wgetkey, wmerge
aircrack (all)Christophe Devine802.11 sniffer and WEP key cracker for Win & Lx: (Version 2.41)
aireplay, airodump, aircrack, 802ether... (Original homepage is offline)
aircrack-ng (all)Set of tools for auditing wireless networks (Forums)
aircrack-ptw (all)WEP cracking improvements based on Klein's paper (PTW: Pychkine, Tews and Weinmann)

Traffic capture, network identification & analysis
Kismet (all)Mike Kershaw802.11 layer2 wireless network detector, sniffer, and IDS (gpsmap) (blog)
Kismet-newcore (all)Mike KershawKismet rewritten... + doomcube
Kismet for WindowsJosh WrightKismet for Windows useful to monitor WRT54G drones
gkismetAnton SolovyevA GUI Kismet client (Gnome/Gtk perl based)
Netstumbler (Win)Peter K. LeeA Wireless 802.11(b) Network Analyzer (stumbler.net)
AirTraf (W, A)Marius MilnerWindows tool to detect WLANs 802.11b/a/g (original)
Wellenreiter (H, A)Remote ExploitWireless network discovery and auditing tool
THC Wardrive (W)THCTool for mapping wireless networks with a GPS
WifiScanner (H, W)HSCTool for wireless nodes discovery
WiCrawl (all)Midnight RLAP auditing tool (Plug-ins)
FerretErrata SecurityWireless hotspot information leakage and correlation tool (Hamster/Sidejacking)
WiFiZooHernanWireless passive sniffer and correlation tool

Traffic injection
void11 (H)Reyk FloeterImplementation of some basic DoS 802.11b attacks (gvoid11, GUI)
airpwn (all, old:H)Bryan Burns (toast)Generic packet injection on an 802.11 network (DefCon 12). Now, based on LORCON!
airpwn (Windows)Joshua WrightGeneric packet injection on an 802.11 network (ShmooCon 07). Now, based on LORCON!
file2air (L)Joshua WrightA tool to inject packets into an 802.11 networks
rcovert (P, M)Laurent ButtiInitiates a covert channel over 802.11 nets (raw injection)
Wireshark patch (all)Asier MartínezWi-Fi frame injection patch for Wireshark
MDK3 (R)Pedro LarbigMulti-purpose tool for common unauthenticated attacks (& MDK2)
Zulu (R)mccoydComand line wireless frame injector

WEP
WEPCrack (RFMON)Anton T. RagerAn open source tool for breaking 802.11 WEP secret keys (original)
AirSnort (RFMON)SnaxAirSnort is a WLAN tool which recovers encryption keys (Forums)
WepLab (RFMON)J. I. Sánchez MartínTool to teach how WEP works, its vulnerbilities and to break WEP keys
WepAttackD. Blunk, A. GirardetWLAN open source Linux tool for breaking 802.11 WEP keys
WEPWedgie (airjack)Anton RagerTool for determining WEP keystreams and injecting traffic
chopchop (W)KoreKWEP attacks (inverse adaptive chosen plaintext attack, inductive)
afrag (R)Pedro LarbigImplementation of the Fragmentation Attack (rt2570)
WepOff (usage)S. GordeychikFake AP frag. attack tool against WEP-based wireless clients.

EAP, WPA, WPA2...
asleap (RFMON)Joshua WrightWeak (Cisco) LEAP password recovery tool (MS-CHAPv2). PPTP too.
coWPAttyJoshua WrightOffline WPA PSK Dictionary Attack Tool
wpa_attackT. TakahashiWPA Passive Dictionary Attack Overview
WPA supplicantJouni MalinenLinux WPA/WPA2/IEEE 802.1X Supplicant
Open1XGroupOpen Source Implementation of IEEE 802.1X
GRC's password generatorSteve GibsonWEP & WPA GRC's Ultra High Security Password Generator
WPA-PSK Key GeneratorKurtmWPA pre-shared key generator (Warewolf Labs)
SecureW2 (Win)Alfa & ArissThe powerful open source EAP-TTLS Client for Windows (& PocketPC)

WIDS (open-source)
AirSnareDigital MatrixWindows wireless intrusion detection for unfriendly MAC & DHCP requests
APToolsKirby Kuehl802.11b Rogue Access Point Detection
Snort-WirelessAndrew LockhartWireless extensions for Snort
WIDZMark OsborneWireless Intrusion Detection System, an IDS for 802.11 (Wi-Fi Honeypot)

Access Points (MITM)
ap-utilsBryan BurnsWireless Access Point utilities for Unix (using the SNMP protocol)
AirSnarf (H)The Shmoo GroupA rogue AP setup utility
Airsnarf Rogue SquadronThe Shmoo GroupA rogue AP implementation for the Linksys WRT54G
FakeAP (H)Black Alchemy Ent.802.11b access points counterfeit generator
rfakeap (P, M)Laurent ButtiEmulates IEEE 802.11 APs (wireless raw injection)
WKnockLaurent OudotWiFi AP (802.11) knocking tool

Clients (MITM)
HotspotterRemote ExploitAutomatic wireless client penetration
KARMA (M, H)Dino D. ZoviWireless Client Security Assessment Tools (auto net selection)
rglueap (P, M)Laurent ButtiCatches wireless stations searching for preferred ESSIDs
WiFiTAP (P, M, H, W, R, RT)Cedric BlancherDirect comm. with an associated station to an AP directly
Probemapper (P)ThinkSECURETool to detect and inspect probe requests

VPNs or Captive Portals
Wireless heartbeatWireless authentication access control system (Captive portal)
WicapBrian CaswellWireless authentication captive portal
SLANSecure LAN, VPN solution between client and service provider
ChillispotJens JakobsenOpen source captive portal or wireless LAN access point controller
NoCatAuthSchuyler ErleOpen source captive portal (Perl & C)
WiFiDogIle sans filA captive portal suite

Linux kernel
WiFi kernel stackJames KetrenosOpen source 802.11 network stack for the Linux kernel
WiFi stackDevicescapeLinux kernel alternative wireless GPL stack
WiFi softmacSIP SolutionsLinux kernel software MAC layer
NdisWrapperLinux LKM to load and run Ndis (Windows network driver API) drivers
DriverLoaderLinuxantCompatibility-wrapper for Windows NDIS drivers to run on Linux

Configuration
Wireless AssistantLinux scanning WiFi client tool (similar to Windows WZC) (NetGo)
Network ManagerRed HatLinux GUI network configuration utility
MAC changerAlvaro Lopez Ortega A GNU/Linux utility for viewing/manipulating the MAC address of NICs
SimpleMAC (Win)DukelupusWindows MAC address modifying utility
SMAC (Win)KLC Consulting, Inc.Windows MAC address modifying utility ($$)
Macsift (Win)Nathan TrueFree command-line MAC changing utility for Windows XP

PDAs
WiFiFoFum2Aspecto SoftwareWiFi scanner and war driving software for Pocket PC
MinistumblerPeter K. LeeA Wireless 802.11(b) Network Analyzer for PDAs
Pocket WarriorWi-Fi Surveying tool for the Pocket PC

Radio Frequency (RF)
WiSPY-ToolsMike KershawOpen-source tools for supporting the Wi-Spy USB device
Wi-Spy softwareMetageekWindows tools for supporting the Wi-Spy USB device

(Online) WiFi power calculators
Wireless CalculatorZytraxComplete Javascript WiFi system calculator
Wireless utilitiesElectro-comm Dist.Interactive Wireless Network Design Analysis Utilities
Communications utilitiesCSGCommunications Converters and Calculators

WiFi-related tools
WPA-PSK lookup tablesChurch of WifiChurch of Wifi WPA-PSK Rainbow Tables
RainbowtablesShmooPrecomputed rainbow tables (password hashes) - torrent -
Rainbowcrack-onlineCommercial pre-generated hash tables
CrypToolTUD, DBFree tool to apply and analyze cryptographic mechanisms
Libro de criptografia SpanishJorge RamióLibro Electronico de Seguridad Informatica y Criptografia

Live CDs
BackTrackRemote-ExploitSlackware-based Live CD
SkyRidrNico DarrowWiFi FreeFall Toolkit (Auditor CD-based)
WiFiSlaxSeguridadWirelessWireless Auditing Live CD (BT-based) - Spanish
WiFiWaySeguridadWirelessWireless Auditing Live CD
RussixRuss & SteveWireless Auditing Live CD
RussixRuss & SteveWireless Auditing Live CD
OSWA-AssistantThinkSECUREWireless Auditing Live CD

Webs

WiFi standards (protocols, security...)
IEEE 802.11IEEEIEEE 802.11 group (timelines)
IEEE wirelessIEEEIEEE wireless standards development (Wireless World)
IETFIETFInternet Engineering Task Force
Wi-Fi AllianceWi-Fi Alliance
WPAWi-Fi AllianceWi-Fi Protected Access
WPA2Wi-Fi AllianceWi-Fi Protected Access 2
Wi-Fi SecurityWi-Fi AllianceWi-Fi security recommendations

WiFi Portals & Webs (mostly security-related)
CIS WiFiCISCIS Benchmark for Wireless Infrastructure
Default wireless settingsRemote ExploitWireless default settings and related vulnerability listx
Wi-Fi PlanetThe source for Wi-Fi business & technology
The Linux Wireless LAN HowtoJean TourrilhesOpen Source project sponsored by Hewlett Packard
Wireless Extensions & ToolsJean TourrilhesOpen Source project sponsored by Hewlett Packard
The Unofficial 802.11 SecurityBernard AbobaThe Unofficial 802.11 Security Web Page
Wi-Fi Dog of War Mini How-ToBeetleLaptop for wireless assessments
Wireless hacksO'ReillyWireless hacks articles from the book
Wireless LAN SecurityJacco TunnissenWardriving & Warchalking
Wardriving.comFredWardriving portal
WarchalkingWarchalking information
George Ou blogGeorge OuWireless news and articles
WirelessDefenceWireless site for 802.11a/b/g WLAN Security
WiFi Geek PortalAll your WLAN belong to us...
Slashdot WiFi newsUpdated wireless news from Slashdot
Tom's Networking - WirelessTom's Networking wireless related articles
WiFipediaOUSPG/FrontierFree source of WLAN-related information
Wireless SecurityC. Peikari, S. FogieWiFi Security articles (Informit.com)
Wireless NetworkingMicrosoftWiFi Windows resources
NetworkWorld - Wireless SecurityNetworkWorldWiFi Security column
Seguridad WirelessHWAGMWireless security Spanish
The EdgeArubaOnline Secure Mobility community brought to you by Aruba Networks

Interesting WiFi usages
iSPOTSHow Wireless Technology is Changing Life on the MIT Campus
Skyhook WirelessWireles positioning system (WPS) to get the location of any Wi-Fi device (Loki)
Project MAPMAP (Measure, Analyze, Protect) framework to address attacks on WiFi networks

Antennas
Antenna on the Cheap Rob Flickenger(er, Chip) July, 2001. Spanish
Pringles modified802.11b Homebrew Antenna Shootout - 2/14/2
Cantenna Andrew S. ClappCantenna - yagi design for 802.11b wireless application
Building CantennaJulian HoThinkSecure
Antenna calculatorLincomaticA circular waveguide calculator for designing "cantennas"
Cantenna calculatorThinkSecure
Defcon Wifi Shootout 2005Defcon 13New world record for unamplified wireless networking!!

Wireless security groups
The Shmoo GroupInformation security research and development
Trifinite GroupResearch in wireless communications and related areas

Wireless Forums
Kismet ForumsKismet
Netstumbler ForumsNetstumbler
Church of WiFi ForumsChurch of WiFi
Aircrack ForumsAircrack
SF Wireless Security SecurityFocus Wireless Security mailing-list
Remote Exploit ForumsBackTrack, WHAX, Auditor CD...
Wi-Foo ForumsWi-Foo book
Wi-Spy ForumsMetageek

Wireless hardware
WLAN Adapter Chipset DirectoryAbsoluteValue Sys.List of WLAN adpaters/cards and their chipset
Hardware comparisonSeattle WirelessKismet
WiFi cards listndiswrapperWiFi cards, chipset and details
WiFi certified productsWiFi AllianceCompany, type & capabilities
Linux Incompatibility ListDavid N. WeltonLinux cards that do NOT work with Linux
Auditor CD compatibility ListAuditor CDAuditor CD WiFi compatible hardware (laptops, USBs and cards)
Linux cards compatibility ListWerner HeuserLinux PCMCIA/CF/CardBus Card Survey (sorted by Manufacturer)
Linux wireless LAN supportHJ HeinsWireless Adapter Chipset Directory
Wireless cards supportseguridadwireless.netWireless cards comparisson table Spanish
Atheros Customer Products DatabaseAtherosAtheros wireless cards mapping

Linksys firmwares
The following is a list of third-party firmwares that work on the open-source Linksys WRT54G access point. Details are available in the Linksys GPL source code center. If you have problems updating the firmware (or restoring the previous version), follow the revival guide:
Sveasoft Alchemy & Talisman, OpenWrt, HyperWRT, WiFiBox, Airsnarf Rogue Squadron, Ewrt, DD-WRT, EarthLink IPv6, Sputnik Hotspot, BatBox
If you are interested in running Kismet on the WRT54G, check this.

Wireless DB and maps
Node DBInternet wireless access mapping around the globe
World Wide Wardrive projectWWWDGenerating awareness of the wireless insecurities
WiGLE (Stats)arkasha & bobzillaWireless Geographic Logging Engine
Wi-Fi Hotspot listThe Definitive WiFi HotSpot Directory
Wi-Fi MapsWardriving Maps and Hotspot Locator (US)
Municipal WiFiMunicipal wireless project worldwide
JiwireWireless hotspots search enginee
Madrid Wireless Spanish (freenetworks)MadridConstruyendo comunidades de redes inalámbricas
Red Libre SpanishComunidad de acceso libre a las redes wireless
WiFi Sniffer Lycos.esBuscador de Hotspots en España
WiFi FON FONMovimiento FON de acceso libre a Internet (Blog)
Los gatos usan WiFi Ciudad wirelessBlog sobre tecnologías WiFi
Observatorio Wireless IWE-XObservatorio para la evolución del WiFi en España
GPS VisualizerFree on-line utility that creates maps and profiles from GPS data

[Vulnerabilities]
This section lists some of the latest, most interesting (IMHO), WiFi vulnerabilities announced. They do not affect a single product, but a whole OS, or they are a design flaw. The main resource and database for Wireless Vulnerabilities and Exploits is WVE.
802.11 Association RedirectionJohnny CacheSeptember 1, 2005
Microsoft Windows Silent Adhoc Network AdvertisementSimple Nomad (NMRC)January 14, 2006
WEP-Client-Communication-Dumbdown (WCCD) vulnerabilityC. Low & J. Ho (ThinkSECURE)January 15, 2006
.........
NOTE: With the recent series of WiFi drivers (& others) vulnerabilities, it is imposible to keep this list updated. Go to WVE!!

Books
802.11 securityBruce Potter, Bob Fleck (O'Reilly)December 2002
Wi-Foo. The secrets of wireless hackingA. Vladimirov, K. Gavrilenko, A. Mikhailovsky (Addison Wesley)June 2004
802.11 Wireless Networks: The Definitive Guide (2nd Ed)Matthew Gast (O'Reilly)April 2005
Wireless networking in the developing world (wiki)WNDWJanuary 2006
WarDriving and Wireless Penetration TestingChris Hurley at.al. (Syngress)December 2006
Wireshark & Ethereal Network Protocol Analyzer ToolkitA. Orebaugh at.al. (Syngress) - Chapter 5 & 6 -December 2006
Linksys WRT54G Ultimate HackingP. Asadoorian, L. Pesce (Syngress) TE: Raul SilesJune 2007