If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Potential WIFI Router Vulnerability
http://www.datacenterjournal.com/it/...vulnerability/
If you are using a Wi-Fi router to provide access to your home, business or customers (such as in a coffee shop), then you need to take action to protect your network from a recently discovered security weakness. Discovered late last year (2011) by Stefan Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects numerous Wi-Fi devices from a range of vendors. Details of the vulnerability have been made public; in other words, hackers know about it and will, no doubt, exploit it in unprotected systems. more at the posted URL |
#2
|
|||
|
|||
Potential WIFI Router Vulnerability
On Sat, 14 Jan 2012 12:29:23 -0800, charles
wrote: http://www.datacenterjournal.com/it/...vulnerability/ If you are using a Wi-Fi router to provide access to your home, business or customers (such as in a coffee shop), then you need to take action to protect your network from a recently discovered security weakness. Discovered late last year (2011) by Stefan Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects numerous Wi-Fi devices from a range of vendors. Details of the vulnerability have been made public; in other words, hackers know about it and will, no doubt, exploit it in unprotected systems. more at the posted URL It's worse than that. Your printer may be vulnerable too. See http://www.youtube.com/watch?v=njVv7J2azY8 Regards, Eric Stevens |
#3
|
|||
|
|||
Potential WIFI Router Vulnerability
In message , Eric Stevens
writes On Sat, 14 Jan 2012 12:29:23 -0800, charles wrote: http://www.datacenterjournal.com/it/...from-the-wi-fi wps-vulnerability/ If you are using a Wi-Fi router to provide access to your home, business or customers (such as in a coffee shop), then you need to take action to protect your network from a recently discovered security weakness. Discovered late last year (2011) by Stefan Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects numerous Wi-Fi devices from a range of vendors. Details of the vulnerability have been made public; in other words, hackers know about it and will, no doubt, exploit it in unprotected systems. more at the posted URL It's worse than that. Your printer may be vulnerable too. See http://www.youtube.com/watch?v=njVv7J2azY8 1) Is something supposed to happen? 2) Wireless is more vulnerable than old-fashioned wires. It wasn't difficult to predict. All my printers are hard-wired, and switched off when not being used. -- The opinions given above may be mine. They might also just be what I feel like saying right now, okay? |
#4
|
|||
|
|||
Potential WIFI Router Vulnerability
In message , CyberDroog
writes On Sat, 14 Jan 2012 12:29:23 -0800, charles wrote: http://www.datacenterjournal.com/it/...from-the-wi-fi wps-vulnerability/ If you are using a Wi-Fi router to provide access to your home, business or customers (such as in a coffee shop), then you need to take action to protect your network from a recently discovered security weakness. Discovered late last year (2011) by Stefan Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects numerous Wi-Fi devices from a range of vendors. Details of the vulnerability have been made public; in other words, hackers know about it and will, no doubt, exploit it in unprotected systems. Rule of thumb: when implementing any password system, have your device respond with a simple "yes" or "no", rather than "you're getting warmer!" Three strikes and you're out (sometimes for half an hour). -- The opinions given above may be mine. They might also just be what I feel like saying right now, okay? |
#5
|
|||
|
|||
Potential WIFI Router Vulnerability
Alan Harding wrote:
In message , Eric Stevens writes On Sat, 14 Jan 2012 12:29:23 -0800, charles wrote: http://www.datacenterjournal.com/it/...from-the-wi-fi wps-vulnerability/ If you are using a Wi-Fi router to provide access to your home, business or customers (such as in a coffee shop), then you need to take action to protect your network from a recently discovered security weakness. Discovered late last year (2011) by Stefan Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects numerous Wi-Fi devices from a range of vendors. Details of the vulnerability have been made public; in other words, hackers know about it and will, no doubt, exploit it in unprotected systems. more at the posted URL It's worse than that. Your printer may be vulnerable too. See http://www.youtube.com/watch?v=njVv7J2azY8 1) Is something supposed to happen? 2) Wireless is more vulnerable than old-fashioned wires. It wasn't difficult to predict. All my printers are hard-wired, and switched off when not being used. You really should watch the video, as it is very informative. The printer vulnerability is not related to wireless at all, and switching it off when not in use is not significant. If you have an HP printer and do not want someone else to be able to see *everything* you print, take action: Verify the date of your printer's current firmware. 1) If the firmware is dated Dec 2011 or newer, your printer has already been infected, and cannot be repaired. It should be *replaced*. 2) If the firmware is date older than Dec 2011, obtain HP's latest firmware and install it. A few simple points the YouTube video presented: 1) Your printer does not need to be connected to the Internet to be infected. (Printing something as innocuous as a "greeting card" sent by a friend or downloaded from the Internet can infect the printer.) 2) Once infected, even a firewall protected printer can send data to virtually anywhere on the Internet. 3) The malicious software can *permanently* write itself into the boot code (in flash memory) and then prevent anyone from ever writing to flash memory again. -- Floyd L. Davidson http://www.apaflo.com/ Ukpeagvik (Barrow, Alaska) |
#6
|
|||
|
|||
Potential WIFI Router Vulnerability
Per Floyd L. Davidson:
Verify the date of your printer's current firmware. 1) If the firmware is dated Dec 2011 or newer, your printer has already been infected, and cannot be repaired. It should be *replaced*. FWIW, on my HP 5000, that consisted of Menu | INFORMATION MENU | PRINT CONFIGURATION and then looking at Printer Information | Firmware Datecode: on the resulting printout. Mine was "19980714 MB3.68" - with I'm assuming is July of 1998. 2) If the firmware is date older than Dec 2011, obtain HP's latest firmware and install it. Now to find a link.... -- Pete Cresswell |
#7
|
|||
|
|||
Potential WIFI Router Vulnerability
On 2012-01-14 15:29 , charles wrote:
http://www.datacenterjournal.com/it/...vulnerability/ If you are using a Wi-Fi router to provide access to your home, business or customers (such as in a coffee shop), then you need to take action to protect your network from a recently discovered security weakness. Discovered late last year (2011) by Stefan Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects numerous Wi-Fi devices from a range of vendors. Details of the vulnerability have been made public; in other words, hackers know about it and will, no doubt, exploit it in unprotected systems. more at the posted URL Don't use WPS. Use WEP2 / AES and only give the key to those you trust. Change it every few months. That doesn't fly well for a business (coffee shop, small motel/hotels, etc.) I've always wondered why schemes like WPS (or WEP for that matter) don't implement a "growing delay" deterrence when a given MAC address attempts authentication: Try once, fail, delay 1 second before next try Try again, fail, delay 2 seconds ... 4 8 16 etc. Such would defeat brute force attacks on even low number of attempt machines as described in the article. The iPhone PIN access (keypad) does something similar to that when the device is locked but reaches a "saturation" lockout after (IIRC) the 5th try and won't respond for an hour afterward (something along those lines). -- "We demand rigidly defined areas of doubt and uncertainty." Douglas Adams - (Could have been a GPS engineer). |
#8
|
|||
|
|||
Potential WIFI Router Vulnerability
On 2012-01-15 04:59 , Alan Harding wrote:
In message , CyberDroog writes On Sat, 14 Jan 2012 12:29:23 -0800, charles wrote: http://www.datacenterjournal.com/it/...from-the-wi-fi wps-vulnerability/ If you are using a Wi-Fi router to provide access to your home, business or customers (such as in a coffee shop), then you need to take action to protect your network from a recently discovered security weakness. Discovered late last year (2011) by Stefan Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects numerous Wi-Fi devices from a range of vendors. Details of the vulnerability have been made public; in other words, hackers know about it and will, no doubt, exploit it in unprotected systems. Rule of thumb: when implementing any password system, have your device respond with a simple "yes" or "no", rather than "you're getting warmer!" Three strikes and you're out (sometimes for half an hour). Just double a delay time. 1 sec, then 2, 4, 8, ... you'll get to the half hour pretty quick. -- "We demand rigidly defined areas of doubt and uncertainty." Douglas Adams - (Could have been a GPS engineer). |
#9
|
|||
|
|||
Potential WIFI Router Vulnerability
Alan Browne wrote:
Don't use WPS. Use WEP2 / AES and only give the key to those you trust. Change it every few months. Worse than that, some sites have been suggesting that disabling WPS on the web interface on some models of router does not actually disable WPS. Pete -- http://www.petezilla.co.uk |
#10
|
|||
|
|||
Potential WIFI Router Vulnerability
On Sun, 15 Jan 2012 09:57:23 +0000, Alan Harding
wrote: In message , Eric Stevens writes On Sat, 14 Jan 2012 12:29:23 -0800, charles wrote: http://www.datacenterjournal.com/it/...from-the-wi-fi wps-vulnerability/ If you are using a Wi-Fi router to provide access to your home, business or customers (such as in a coffee shop), then you need to take action to protect your network from a recently discovered security weakness. Discovered late last year (2011) by Stefan Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects numerous Wi-Fi devices from a range of vendors. Details of the vulnerability have been made public; in other words, hackers know about it and will, no doubt, exploit it in unprotected systems. more at the posted URL It's worse than that. Your printer may be vulnerable too. See http://www.youtube.com/watch?v=njVv7J2azY8 1) Is something supposed to happen? Yep: a YouTube video. 2) Wireless is more vulnerable than old-fashioned wires. It wasn't difficult to predict. All my printers are hard-wired, and switched off when not being used. Its a pity you werent able view the video. It describes how it is possible to infect a printer with malicious code by asking it to print an email (or other electronic) document which has been constructed to incorporate the malicious code. That's why the YouTube video is entitled "Print me if you dare". Regards, Eric Stevens |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Dear Potential D80 buyers | bmoag | Digital SLR Cameras | 14 | September 24th 06 02:01 AM |
IrfanView is not affected by the MS JPEG vulnerability. | norm | Digital Photography | 41 | January 16th 06 05:20 PM |
Irfan View WMF Vulnerability Looks You Shouldn't Use It with Unknown Images | [email protected] | Digital Photography | 47 | January 10th 06 06:04 PM |
Router informatie | Francois Hendrickx | Medium Format Photography Equipment | 6 | December 23rd 05 12:08 AM |
thousand $ potential | MoneyNow | General Equipment For Sale | 0 | January 7th 04 02:17 AM |