lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAEW7ACkjHg8JBnzqNeapoC-4cPQpib0VKGBtD30wuKGxvQ_JJA@mail.gmail.com>
Date: Sun, 12 Feb 2012 16:55:10 -0500
From: Dan Kaminsky <dan@...para.com>
To: Rob Fuller <jd.mubix@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Linksys Routers still Vulnerable to Wps
	vulnerability.

Interesting.  Do you know if they stop advertising WPS support after they
disable it?

On Sun, Feb 12, 2012 at 10:11 AM, Rob Fuller <jd.mubix@...il.com> wrote:

> I've tested a 6 models of Linksys, all of them appear to disable WPS
> completely as soon as a single wireless setting is set. I assume this
> would be the reason Cisco/Linksys aren't putting much stock in
> 'fixing' it further. If anyone has any experience to contradict this
> or have a modification to current tools to circumvent what I've
> perceived as disabled, I, as I'm sure Craig, would be very interested.
>
> --
> Rob Fuller | Mubix
> Certified Checkbox Unchecker
> Room362.com | Hak5.org
>
>
>
> On Sat, Feb 11, 2012 at 4:23 PM,  <farthvader@...h.ai> wrote:
> > _________________________________________________________________________
> > "Use Tomato-USB OS on them."
> > _________________________________________________________________________
> >
> > Besides you void warranty...
> > list of DD-WRT Supported routers:
> >
> >  E1000        supported
> >  E1000 v2     supported
> >  E1000 v2.1   supported
> >  E1200 v1     ???
> >  E1200 v2     ???
> >  E1500        ???
> >  E1550        ???
> >  E2000        supported
> >  E2100L       supported
> >  E2500        not supported
> >  E3000        supported
> >  E3200        supported
> >  E4200 v1     not supported yet
> >  E4200 v2     not supported
> >  M10          ????
> >  M20          ????
> >  M20 v2       ????
> >  RE1000       ????
> >  WAG120N      not supported
> >  WAG160N      not supported
> >  WAG160N v2   not supported
> >  WAG310G      not supported
> >  WAG320N      not supported
> >  WAG54G2      not supported
> >  WAP610N      not supported
> >  WRT110       not supported
> >  WRT120N      not supported
> >  WRT160N v1   supported
> >  WRT160N v2   not supported
> >  WRT160N v3   supported
> >  WRT160NL     supported
> >  WRT310N v1   supported
> >  WRT310N v2   not supported yet
> >  WRT320N      supported
> >  WRT400N      supported
> >  WRT54G2 v1   supported
> >  WRT54G2 v1.3 supported
> >  WRT54G2 v1.5 not supported
> >  WRT54GS2 v1  supported
> >  WRT610N v1   supported
> >  WRT610N v2   supported
> >  X2000        not supported
> >  X2000 v2     not supported
> >  X3000        not supported.
> >
> > _________________________________________________________________________
> >
> > "Fixing?  Heh.
> >
> > Aside from rate limiting WPS, there isn't much of a fix, and you can't
> turn it off either."
> > _________________________________________________________________________
> >
> > What about removing WuPS entirely?
> >
> > WuPS is a total failure because:
> >
> > 1. Even if everything is fine 8 digits long is very weak because once
> you got the pin after 7 month - 2 years for example, you are completely
> pwned.
> >
> > 2. Pin number is fixed you can't change it to a longer number or maybe a
> string like "omgponnies"
> >
> > 3. Setting up a WPA2 password manually it's a piece of cake (even with
> keypad only cell phones), if some people are lazy, you don't have to
> weakening the security of a strong protocol.
> >
> > Farth Vader
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ