[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAPGeVWPrbfb1KeRD2TwN=8DrX=7PSF9vu8xb6=c-nHT682zmag@mail.gmail.com>
Date: Sun, 12 Feb 2012 15:42:39 -0700
From: Sanguinarious Rose <SanguineRose@...ultusTerra.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Linksys Routers still Vulnerable to Wps
vulnerability.
On Sat, Feb 11, 2012 at 2:23 PM, <farthvader@...h.ai> wrote:
> _________________________________________________________________________
> "Use Tomato-USB OS on them."
> _________________________________________________________________________
>
> Besides you void warranty...
> list of DD-WRT Supported routers:
>
> E1000 supported
> E1000 v2 supported
> E1000 v2.1 supported
> E1200 v1 ???
> E1200 v2 ???
> E1500 ???
> E1550 ???
> E2000 supported
> E2100L supported
> E2500 not supported
> E3000 supported
> E3200 supported
> E4200 v1 not supported yet
> E4200 v2 not supported
> M10 ????
> M20 ????
> M20 v2 ????
> RE1000 ????
> WAG120N not supported
> WAG160N not supported
> WAG160N v2 not supported
> WAG310G not supported
> WAG320N not supported
> WAG54G2 not supported
> WAP610N not supported
> WRT110 not supported
> WRT120N not supported
> WRT160N v1 supported
> WRT160N v2 not supported
> WRT160N v3 supported
> WRT160NL supported
> WRT310N v1 supported
> WRT310N v2 not supported yet
> WRT320N supported
> WRT400N supported
> WRT54G2 v1 supported
> WRT54G2 v1.3 supported
> WRT54G2 v1.5 not supported
> WRT54GS2 v1 supported
> WRT610N v1 supported
> WRT610N v2 supported
> X2000 not supported
> X2000 v2 not supported
> X3000 not supported.
>
> _________________________________________________________________________
>
> "Fixing? Heh.
>
> Aside from rate limiting WPS, there isn't much of a fix, and you can't turn it off either."
> _________________________________________________________________________
>
> What about removing WuPS entirely?
>
> WuPS is a total failure because:
>
> 1. Even if everything is fine 8 digits long is very weak because once you got the pin after 7 month - 2 years for example, you are completely pwned.
>
I can't see someone sitting outside my house for 7 months let alone 2
years trying to get my PIN for my router.
> 2. Pin number is fixed you can't change it to a longer number or maybe a string like "omgponnies"
>
A valid point and easy security improvement
> 3. Setting up a WPA2 password manually it's a piece of cake (even with keypad only cell phones), if some people are lazy, you don't have to weakening the security of a strong protocol.
>
People are lazy by default and I see it honestly as their fault for
not taking simple precautions or god forbid reading up a bit.
> Farth Vader
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists