A compilation of links to inspiration, news, information, articles, editorials, commentary, entertainment, events, occurrences, resources, photographs, videos, quotes, contoversy, and conditions of interest to Pete Moss.

Search This Blog


Google
 


NEWS AND ANNOUNCEMENTS

*** All progress is experimental ~ John Jay Chapman ***

Top News

Real Clear Politics

Voice of Ameica - News

____________________________

Drudge Top Stories

Popular Science - New Technology, Science News, The Future Now

Entrepreneur.com - Small Business News and Articles - Latest Articles

Markets


WORLD CLOCK

Tropics Watch

hurricane satellite map

Latest Hurricane Info: [Link Me to NOAA]

[See The Latest Computer Models]
[DHL WORLD CLOCK]

[RADAR]


Latest Links & Articles Some older links may have expired

Miami, FL

Live From The International Space Station

Thursday, December 29, 2011

A chink in the armor of WPA/WPA2 WiFi security



A chink in the armor of WPA/WPA2 WiFi security

posted Dec 29th 2011 1:01pm by 
filed under: security hackswireless hacks
Looks like your WiFi might not be quite as secure as you thought it was. A paper recently published by [Stefan Viehböc] details a security flaw in the supposedly robust WPA/WPA2 WiFi security protocol. It’s not actually that protocol which is the culprit, but an in-built feature called Wi-Fi Protected Setup. This is an additional security protocol that allows you to easily setup network devices like printers without the need to give them the WPA passphrase. [Stephan's] proof-of-concept allows him to get the WPS pin in 4-10 hours using brute force. Once an attacker has that pin, they can immediately get the WPA passphrase with it. This works even if the passphrase is frequently changed.
Apparently, most WiFi access points not only offer WPS, but have it enabled by default. To further muck up the situation, some hardware settings dashboards offer a disable switch that doesn’t actually do anything!
It looks like [Stephan] wasn’t the only one working on this exploit. [Craig] wrote in to let us know he’s already released software to exploit the hole.

No comments: