"Fixing a vulnerability like this with all the bureoucratic, QA and legal process wouldn't take no more than 2 weeks"
If bureaucratic, QA, and legal issues emerge, you can't even get the names of the people you need to speak to in less than 2 weeks, let alone schedule a conference call. Fixing? Heh. Aside from rate limiting WPS, there isn't much of a fix, and you can't turn it off either. Sent from my iPhone On Feb 10, 2012, at 2:40 AM, farthva...@hush.ai wrote: > Don't buy Linksys Routers they are vulnerable to Wifi unProtected Setup Pin > registrar Brute force attack. > No patch or workaround exist at the making of this post. > > Vulnerable list and alleged patch availability: > source:http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&articleid=25154 > > E1000 To Be Disclosed (aka we don't have idea) > E1000 v2 To Be Disclosed > E1000 v2.1 To Be Disclosed > E1200 v1 early March > E1200 v2 early March > E1500 early March > E1550 mid March > E2000 To Be Disclosed > E2100L mid March > E2500 early March > E3000 To Be Disclosed > E3200 early March > E4200 v1 early March > E4200 v2 To Be Disclosed > M10 To Be Disclosed > M20 To Be Disclosed > M20 v2 To Be Disclosed > RE1000 early March > WAG120N To Be Disclosed > WAG160N To Be Disclosed > WAG160N v2 To Be Disclosed > WAG310G To Be Disclosed > WAG320N To Be Disclosed > WAG54G2 To Be Disclosed > WAP610N To Be Disclosed > WRT110 To Be Disclosed > WRT120N To Be Disclosed > WRT160N v1 To Be Disclosed > WRT160N v2 To Be Disclosed > WRT160N v3 To Be Disclosed > WRT160NL To Be Disclosed > WRT310N v1 To Be Disclosed > WRT310N v2 To Be Disclosed > WRT320N To Be Disclosed > WRT400N To Be Disclosed > WRT54G2 v1 To Be Disclosed > WRT54G2 v1.3 To Be Disclosed > WRT54G2 v1.5 To Be Disclosed > WRT54GS2 v1 To Be Disclosed > WRT610N v1 To Be Disclosed > WRT610N v2 To Be Disclosed > X2000 To Be Disclosed > X2000 v2 To Be Disclosed > X3000 To Be Disclosed > > The question is why a big company like Cisco/Linksys didn't release a patch > since almost 1 month and a half ?. > > Well i have circumstantial evidence that Cisco outsource some of their > Linksys firmware routers to other companies (Arcadyan for example.) in some > cases source code is only available through NDA's or not available at all. > That's why they are taking so long to release a fix to the WPS vulnerability. > Fixing a vulnerability like this with all the bureoucratic, QA and legal > process wouldn't take no more than 2 weeks. I found some GPL violations by > the way but this is beyond the scope of this message (obfuscating firmware > it's useless you now). > > I apologize if i offended someone but IT security it's serious business > specially if someone use your wifi to commit crimes. > This vulnerability contains public and very easy to use exploit code, it's > not a Denial of Service. > > > Farth Vader. > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
