lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAEW7ACkUBHwGOVT1FiZvAqVLgRTMWCqS55VHqtxGAWtEO8amvw@mail.gmail.com>
Date: Fri, 10 Feb 2012 14:41:37 -0500
From: Dan Kaminsky <dan@...para.com>
To: "Zach C." <fxchip@...il.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Linksys Routers still Vulnerable to Wps
	vulnerability.

According to the Reaver people, DD-WRT doesn't support WPS at all :)

On Fri, Feb 10, 2012 at 2:00 PM, Zach C. <fxchip@...il.com> wrote:

> Solution: use DD-WRT? Or is that vulnerable too? (Or are there worse
> problems? :))
> On Feb 10, 2012 10:12 AM, "Dan Kaminsky" <dan@...para.com> wrote:
>
>> "Fixing a vulnerability like this with all the bureoucratic, QA and legal
>> process wouldn't take no more than 2 weeks"
>>
>> If bureaucratic, QA, and legal issues emerge, you can't even get the
>> names of the people you need to speak to in less than 2 weeks, let alone
>> schedule a conference call. Fixing?  Heh.
>>
>> Aside from rate limiting WPS, there isn't much of a fix, and you can't
>> turn it off either.
>>
>> Sent from my iPhone
>>
>> On Feb 10, 2012, at 2:40 AM, farthvader@...h.ai wrote:
>>
>> Don't buy Linksys Routers they are vulnerable to Wifi unProtected Setup
>> Pin registrar Brute force attack.
>> No patch or workaround exist at the making of this post.
>>
>> Vulnerable list and alleged patch availability:
>> source:http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&articleid=25154
>>
>>  E1000      To Be Disclosed (aka we don't have idea)
>>  E1000 v2      To Be Disclosed
>>  E1000 v2.1      To Be Disclosed
>>  E1200 v1     early March
>>  E1200 v2     early March
>>  E1500     early March
>>  E1550     mid March
>>  E2000     To Be Disclosed
>>  E2100L     mid March
>>  E2500     early March
>>  E3000     To Be Disclosed
>>  E3200     early March
>>  E4200 v1     early March
>>  E4200 v2     To Be Disclosed
>>  M10     To Be Disclosed
>>  M20     To Be Disclosed
>>  M20 v2     To Be Disclosed
>>  RE1000     early March
>>  WAG120N     To Be Disclosed
>>  WAG160N     To Be Disclosed
>>  WAG160N v2     To Be Disclosed
>>  WAG310G     To Be Disclosed
>>  WAG320N     To Be Disclosed
>>  WAG54G2     To Be Disclosed
>>  WAP610N     To Be Disclosed
>>  WRT110     To Be Disclosed
>>  WRT120N     To Be Disclosed
>>  WRT160N v1     To Be Disclosed
>>  WRT160N v2     To Be Disclosed
>>  WRT160N v3     To Be Disclosed
>>  WRT160NL     To Be Disclosed
>>  WRT310N v1     To Be Disclosed
>>  WRT310N v2     To Be Disclosed
>>  WRT320N     To Be Disclosed
>>  WRT400N     To Be Disclosed
>>  WRT54G2 v1     To Be Disclosed
>>  WRT54G2 v1.3     To Be Disclosed
>>  WRT54G2 v1.5     To Be Disclosed
>>  WRT54GS2 v1     To Be Disclosed
>>  WRT610N v1     To Be Disclosed
>>  WRT610N v2     To Be Disclosed
>>  X2000     To Be Disclosed
>>  X2000 v2     To Be Disclosed
>>  X3000     To Be Disclosed
>>
>> The question is why a big company like Cisco/Linksys didn't release a
>> patch since almost 1 month and a half ?.
>>
>> Well i have circumstantial evidence that Cisco outsource some of their
>> Linksys firmware routers to other companies (Arcadyan for example.) in some
>> cases source code is only available through NDA's or not available at all.
>> That's why they are taking so long to release a fix to the WPS
>> vulnerability. Fixing a vulnerability like this with all the bureoucratic,
>> QA and legal process wouldn't take no more than 2 weeks. I found some GPL
>> violations by the way but this is beyond the scope of this message
>> (obfuscating firmware it's useless you now).
>>
>> I apologize if i offended someone but IT security it's serious business
>> specially if someone use your wifi to commit crimes.
>> This vulnerability contains public and very easy to use exploit code,
>> it's not a Denial of Service.
>>
>>
>> Farth Vader.
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ