I don't usually post vulnerability reports but...

Jan. 11th, 2012 07:01 pm
eve11: (Default)
[personal profile] eve11
This one might (a) not quite get to the mainstream and (b) affect a lot of you out there in cyberspace, if you have a wireless router. To quote a co-worker:

"If you have a reasonably new (last 5 years) wireless router, you probably don't really have security, even if you configured yourself for encryption. If you care about this at all (and you should), root around in the config and turn "Wi-Fi Protected Security" (WPS) off ASAP."

http://www.uscert.gov/cas/techalerts/TA12-006A.html
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2012-01-12 02:04 am (UTC)
From: [identity profile] stlscape.livejournal.com
Thanks for the heads up on this.

Date: 2012-01-12 03:34 am (UTC)
From: [identity profile] snonsumr.livejournal.com
Shared in the usual places. Thanks for the heads-up.
Edited Date: 2012-01-12 03:34 am (UTC)

Date: 2012-01-12 08:05 pm (UTC)
From: [identity profile] skurtchasor.livejournal.com
Point of note: WPS actually stands for Wi-Fi Protected Setup (not Security). I wouldn't normally be so nitpicky, but your coworker seems to imply that there is OMG NO SECURITY AT ALL, when in actuality the other encryption and security protocols are still working just fine (as far as we know).

The ironic thing is that WPS seems to be designed for people who are effectively tech illiterate to begin with (come on, is it that hard to set up a WPA key?), so this could be a potentially huge problem.

Date: 2012-01-13 04:23 am (UTC)
eve11: (Default)
From: [personal profile] eve11
Noted. It actually says the right thing on the alert. I think the point is, though, that if this is enabled, one can brute-force root your wireless router, thus stealing your WPA or WEP keys and rendering moot any other security measures you decide to put on it or have it enact.
Edited Date: 2012-01-13 04:23 am (UTC)

Date: 2012-01-14 07:10 pm (UTC)
From: [identity profile] skurtchasor.livejournal.com
I'm hardly an expert, but I would think that using WPS would require the router to broadcast the WPA/WEP key so that the client device could use it in the future. So instead of setting your own password/key, you rely on a pregenerated one (which is full of problems even without this current WPS fiasco).

Yet another reason why one of the first things you should do on a new router is disable wireless administration/remote management, unless you're planning to bury your router under a layer of concrete or otherwise deny yourself physical access to it.

Date: 2012-01-16 06:11 am (UTC)
From: [identity profile] arthurfrdent.livejournal.com
Tanks, I passed it along... heh, I use a hardwire still... how steam powered of me, eh? :devil:
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

eve11: (Default)
eve11

December 2022

S M T W T F S
    123
45678910
11121314151617
18192021222324
25262728293031

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Jan. 24th, 2026 10:55 am
Powered by Dreamwidth Studios