lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5420812989513924086@unknownmsgid>
Date: Tue, 14 Feb 2012 10:57:37 +1030
From: Derek Grocke <derek@...rock.net>
To: chris nelson <sleekmountaincat@...il.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Linksys Routers still Vulnerable to Wps
	vulnerability.

That's definitely not a good thing if it's found to be the case across more
of the vendors.
Is it the intent of the of the column on the google docs spreadsheet (WPS
can be disabled and it stays off), to include confirmation of the retest
after the WPS setting has been disabled?

I wonder if everyone retested after the option was turned off? I hope so.

Thanks
Derek


On 14/02/2012, at 9:40 AM, chris nelson <sleekmountaincat@...il.com> wrote:

i believe that disabling wps on router still leaves some routers vulnerable
was reported on before.
from
http://arstechnica.com/business/news/2012/01/hands-on-hacking-wifi-protected-setup-with-reaver.ars
"Having demonstrated the insecurity of WPS, I went into the Linksys'
administrative interface and turned WPS off. Then, I relaunched Reaver,
figuring that surely setting the router to manual configuration would block
the attacks at the door. But apparently Reaver didn't get the memo, and the
Linksys' WPS interface still responded to its queries—once again coughing
up the password and SSID. "

the testing i did was in early-mid jan, ill verify my findings again. at
work now, but will let you know about config methods.

On Mon, Feb 13, 2012 at 2:57 PM, Dan Kaminsky <dan@...para.com> wrote:

> That's a fairly significant finding.  Can anyone else confirm the
> existence of devices that still fall to Reaver even when WPS is disabled?
>
> Chris, when you run:
>
> iw scan wlan0 | grep “Config methods”
>
> Do you see a difference in advertised methods?
>
>
> On Mon, Feb 13, 2012 at 3:58 PM, chris nelson <sleekmountaincat@...il.com>wrote:
>
>> i have tested reaver on a netgear and linksys (dont have model nos. with
>> me) with wps disabled and enabled. the wps setting did not matter and both
>> were vulnerable. was able to recover wpa2 passphrase in ~4 hrs on both.
>>
>>
>>
>>
>> On Mon, Feb 13, 2012 at 8:32 AM, Dan Kaminsky <dan@...para.com> wrote:
>>
>>> Steve while he's often derided goes into this very well.  Many cisco's
>>>> only stop advertising wps when it is "off" but wps actually still
>>>> exists...which means they are still easily hackable.
>>>>
>>>
>>> Have you directly confirmed a WPS exchange can occur even on devices
>>> that aren't advertising support?  That would indeed be a quick and dirty
>>> way to "turn the feature off".
>>>
>>>
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>
 _______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ