| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 12 Feb 2012 10:11:24 -0500 From: Rob Fuller <jd.mubix@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Linksys Routers still Vulnerable to Wps vulnerability. I've tested a 6 models of Linksys, all of them appear to disable WPS completely as soon as a single wireless setting is set. I assume this would be the reason Cisco/Linksys aren't putting much stock in 'fixing' it further. If anyone has any experience to contradict this or have a modification to current tools to circumvent what I've perceived as disabled, I, as I'm sure Craig, would be very interested. -- Rob Fuller | Mubix Certified Checkbox Unchecker Room362.com | Hak5.org On Sat, Feb 11, 2012 at 4:23 PM, <farthvader@...h.ai> wrote: > _________________________________________________________________________ > "Use Tomato-USB OS on them." > _________________________________________________________________________ > > Besides you void warranty... > list of DD-WRT Supported routers: > > E1000 supported > E1000 v2 supported > E1000 v2.1 supported > E1200 v1 ??? > E1200 v2 ??? > E1500 ??? > E1550 ??? > E2000 supported > E2100L supported > E2500 not supported > E3000 supported > E3200 supported > E4200 v1 not supported yet > E4200 v2 not supported > M10 ???? > M20 ???? > M20 v2 ???? > RE1000 ???? > WAG120N not supported > WAG160N not supported > WAG160N v2 not supported > WAG310G not supported > WAG320N not supported > WAG54G2 not supported > WAP610N not supported > WRT110 not supported > WRT120N not supported > WRT160N v1 supported > WRT160N v2 not supported > WRT160N v3 supported > WRT160NL supported > WRT310N v1 supported > WRT310N v2 not supported yet > WRT320N supported > WRT400N supported > WRT54G2 v1 supported > WRT54G2 v1.3 supported > WRT54G2 v1.5 not supported > WRT54GS2 v1 supported > WRT610N v1 supported > WRT610N v2 supported > X2000 not supported > X2000 v2 not supported > X3000 not supported. > > _________________________________________________________________________ > > "Fixing? Heh. > > Aside from rate limiting WPS, there isn't much of a fix, and you can't turn it off either." > _________________________________________________________________________ > > What about removing WuPS entirely? > > WuPS is a total failure because: > > 1. Even if everything is fine 8 digits long is very weak because once you got the pin after 7 month - 2 years for example, you are completely pwned. > > 2. Pin number is fixed you can't change it to a longer number or maybe a string like "omgponnies" > > 3. Setting up a WPA2 password manually it's a piece of cake (even with keypad only cell phones), if some people are lazy, you don't have to weakening the security of a strong protocol. > > Farth Vader > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists