placeholder for the koufax awards images and anchors.
koufax awards
campaigns block
this space currently blank
User login
Syndicate
gmo block
placeholder to a GMO page
cobell litegation
link to mb's cobell work
icann links
Recent blog posts
- 5th WT/ICT Policy Forum
- Extremism in the pursuit of ... gun lobby hegemony
- The present tense of "vergangenheitsbewältigung" is ...
- The Greek Crisis is not economic, it is cultural
- We write Law Profs too (draft)
- We write Campaign Managers
- Dr. Renda opines in the WSJ
- 2011 was a bad year for civil society on the net
- Request for Proposal (RFP) SA1301-12-RP-IANA Cancelled
- Friday Freedoms
Center for Sustainability Law
some text
Native sTLD Project
some words here
Wi-Fi Protected Setup Vulnerable to Brute-Force Attack
Something slightly more interesting than the usual "Microsoft fails again" from US-CERT. The alert identifier is: TA12-006A
Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
Systems Affected: Most Wi-Fi access points that support Wi-Fi Protected Setup (WPS) are affected.
Overview: Wi-Fi Protected Setup (WPS) provides simplified mechanisms to configure secure wireless networks. The external registrar PIN exchange mechanism is susceptible to brute force attacks that could allow an attacker to gain access to an encrypted Wi-Fi network.
- Description -- WPS uses a PIN as a shared secret to authenticate an access point and a client and provide connection information such as WEP and WPA passwords and keys. In the external registrar exchange method, a client needs to provide the correct PIN to the access point.
An attacking client can try to guess the correct PIN. A design vulnerability reduces the effective PIN space sufficiently to allow practical brute force attacks. Freely available attack tools can recover a WPS PIN in 4-10 hours.
For further details, please see Vulnerability Note VU#723755 and further documentation by Stefan Viehbock and Tactical Network Solutions.
- Impact -- An attacker within radio range can brute-force the WPS PIN for a vulnerable access point. The attacker can then obtain WEP or WPA passwords and likely gain access to the Wi-Fi network. Once on the network, the attacker can monitor traffic and mount further attacks.
- Solution
- Update Firmware -- Check your access point vendor's support website for updated firmware that addresses this vulnerability. Further information may be available in the Vendor Information section of VU#723755 and in a Google spreadsheet called WPS Vulnerability Testing.
- Disable WPS -- Depending on the access point, it may be possible to disable WPS. Note that some access points may not actually disable WPS when the web management interface indicates that WPS is disabled.
- References
- Vulnerability Note VU#723755
- Wi-Fi Protected Setup PIN brute force vulnerability
- Cracking WiFi Protected Setup with Reaver
- WPS Vulnerability Testing
The most recent version of the US-CERT announcement is here.
Register a Domain
placeholder block for the registrar function.
hosting
Yes. We host blogs. Available choices are drupal, movable type, wordpress, and django.
vis3
vis3
Recent comments