Go Back   Technibble Forums > Technical Discussions > Security, Viruses and Trojans

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 01-01-2012, 03:44 PM
AliceKlaar's Avatar
AliceKlaar AliceKlaar is offline
 
Join Date: Nov 2010
Location: I can see Liberty enlightening the World
Posts: 152
AliceKlaar has a spectacular aura aboutAliceKlaar has a spectacular aura about
Default WiFi Protected Setup WPS- Security Alert

There is a security weakness with WiFi Protected Setup (WPS) that allows the 8 digit PIN (effectively 7 digits plus checksum) to be brute forced in two parts due to protocol handling errors similar to the old 2*7 !=14 Lanman password implementation.
Basically after the first 4 digits have been sent the access point reports an incorrect PIN with EAP-NACK This allows a 0000-9999 atack followed by a similar 000-999 (+ checksum ). This reduces the keyspace from 99.999.999 to only 11,000.

Stefan Viehböck discovered this fault and has released POC code, whitepaper and a video demonstration,on his site ( http://sviehb.wordpress.com/2011/12/...vulnerability/ ). Craig Heffner of Tactical Network Solutions has independently discovered the vulnerability and has also released a bruteforce tool.

There is a US-CERT http://www.kb.cert.org/vuls/id/723755 that cites disabling WPS as a workaround

This info released to public domain 2011-12-27
Reply With Quote
  #2  
Old 01-01-2012, 07:24 PM
phaZed's Avatar
phaZed phaZed is offline
 
Join Date: Nov 2010
Location: Richmond, VA
Posts: 1,507
phaZed has a spectacular aura aboutphaZed has a spectacular aura about
Default

Yay! I hate WPS anyway! Now I can truthfully tell people it sucks.
__________________

Aaron Heidlebaugh
Computer Technician / Owner
www.AaronsPCSupport.com
804-307-4465 (Call or Text)
Laptop LCD repair | DC Power Jack Repair | Virus Removal
Desktop Repair | Hardware | Software | Troubleshooting
Reply With Quote
  #3  
Old 01-01-2012, 09:45 PM
4ycr's Avatar
4ycr 4ycr is offline
 
Join Date: Jun 2010
Location: West Lothian, Scotland
Posts: 1,444
4ycr has a spectacular aura about4ycr has a spectacular aura about
Send a message via Skype™ to 4ycr
Default

It's something I have never used. I have always done it manually
Reply With Quote
Reply

Tags
security, wifi, wps

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:42 AM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.