| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4F3902B9.3090500@emmanuelcomputerconsulting.com> Date: Mon, 13 Feb 2012 07:31:53 -0500 From: William Warren <hescominsoon@...anuelcomputerconsulting.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Linksys Routers still Vulnerable to Wps vulnerability. On 2/12/2012 5:42 PM, Sanguinarious Rose wrote: > On Sat, Feb 11, 2012 at 2:23 PM,<farthvader@...h.ai> wrote: >> _________________________________________________________________________ >> "Use Tomato-USB OS on them." >> _________________________________________________________________________ >> >> Besides you void warranty... >> list of DD-WRT Supported routers: >> >> E1000 supported >> E1000 v2 supported >> E1000 v2.1 supported >> E1200 v1 ??? >> E1200 v2 ??? >> E1500 ??? >> E1550 ??? >> E2000 supported >> E2100L supported >> E2500 not supported >> E3000 supported >> E3200 supported >> E4200 v1 not supported yet >> E4200 v2 not supported >> M10 ???? >> M20 ???? >> M20 v2 ???? >> RE1000 ???? >> WAG120N not supported >> WAG160N not supported >> WAG160N v2 not supported >> WAG310G not supported >> WAG320N not supported >> WAG54G2 not supported >> WAP610N not supported >> WRT110 not supported >> WRT120N not supported >> WRT160N v1 supported >> WRT160N v2 not supported >> WRT160N v3 supported >> WRT160NL supported >> WRT310N v1 supported >> WRT310N v2 not supported yet >> WRT320N supported >> WRT400N supported >> WRT54G2 v1 supported >> WRT54G2 v1.3 supported >> WRT54G2 v1.5 not supported >> WRT54GS2 v1 supported >> WRT610N v1 supported >> WRT610N v2 supported >> X2000 not supported >> X2000 v2 not supported >> X3000 not supported. >> >> _________________________________________________________________________ >> >> "Fixing? Heh. >> >> Aside from rate limiting WPS, there isn't much of a fix, and you can't turn it off either." >> _________________________________________________________________________ >> >> What about removing WuPS entirely? >> >> WuPS is a total failure because: >> >> 1. Even if everything is fine 8 digits long is very weak because once you got the pin after 7 month - 2 years for example, you are completely pwned. >> > I can't see someone sitting outside my house for 7 months let alone 2 > years trying to get my PIN for my router. > >> 2. Pin number is fixed you can't change it to a longer number or maybe a string like "omgponnies" >> > A valid point and easy security improvement > >> 3. Setting up a WPA2 password manually it's a piece of cake (even with keypad only cell phones), if some people are lazy, you don't have to weakening the security of a strong protocol. >> > People are lazy by default and I see it honestly as their fault for > not taking simple precautions or god forbid reading up a bit. > >> Farth Vader >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ actually you only need to uges the first 4 then it's child's play. Tools that are out now guess this in seconds not years. wps is a total failure by its very design. http://twit.tv/show/security-now/337 Steve while he's often derided goes into this very well. Many cisco's only stop advertising wps when it is "off" but wps actually still exists...which means they are still easily hackable. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists