lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAEW7ACnpUm+vV=jSVa17j181C8fkN+XxPug0yYtBiEWqE=YBdA@mail.gmail.com>
Date: Mon, 13 Feb 2012 19:16:11 -0500
From: Dan Kaminsky <dan@...para.com>
To: Ian Hayes <cthulhucalling@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Linksys Routers still Vulnerable to Wps
	vulnerability.

Well, what this all tells me is that my process of simply checking for
advertised configuration methods understates the number of nodes actually
vulnerable.  Reaver should be modifiable into an active scanner, at least.

On Mon, Feb 13, 2012 at 7:09 PM, Ian Hayes <cthulhucalling@...il.com> wrote:

> On Mon, Feb 13, 2012 at 1:57 PM, Dan Kaminsky <dan@...para.com> wrote:
> > That's a fairly significant finding.  Can anyone else confirm the
> existence
> > of devices that still fall to Reaver even when WPS is disabled?
>
> The Netgear N750 definitely does. I can rummage through my Box'o'Stuff
> and see if I have any more wireless APs...
>
> It looks like the Belkin routers don't. After disabling WPS, reaver
> just hung after hitting the channel the AP was on. Re-enabling, reaver
> went right to work.
>
> Just in case anyone hasn't figured out how to use it yet, I did an
> in-house presentation a few weeks ago:
>
>
> http://www.n2netsec.com/site/index.php?option=com_content&view=section&layout=blog&id=5&Itemid=89
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ