Just morbidly curious, what did you use for the SSID? On Feb 12, 2012 5:31 PM, "Derek" <[email protected]> wrote:
> They should at least consider providing an option to disable the static > pin only or disable it after an hour if the future is activated by the user. > > Seems to be something that could be included in a future firmware update. > > For a vendor to provide another mechanism for a user to get remotely > hacked (within wireless TX/RX range) and not address it in a reasonable > amount of time, exposes the less technical user, who is was intended to > help in the first place. > > It would be interesting to see if this feature went through a technical > security risk assessment and if so, how the static pin was rationalised for > public release. > > I setup an isolated vulnerable device and had attack traffic within 2 days > of it being activated. I did make the SSID very attractive, but the war > drivers are certainly getting out of the house again. > > > Thanks > Derek > > > On 13/02/2012, at 1:47, Rob Fuller <[email protected]> wrote: > > > I've tested a 6 models of Linksys, all of them appear to disable WPS > > completely as soon as a single wireless setting is set. I assume this > > would be the reason Cisco/Linksys aren't putting much stock in > > 'fixing' it further. If anyone has any experience to contradict this > > or have a modification to current tools to circumvent what I've > > perceived as disabled, I, as I'm sure Craig, would be very interested. > > > > -- > > Rob Fuller | Mubix > > Certified Checkbox Unchecker > > Room362.com | Hak5.org > > > > > > > > On Sat, Feb 11, 2012 at 4:23 PM, <[email protected]> wrote: > >> > _________________________________________________________________________ > >> "Use Tomato-USB OS on them." > >> > _________________________________________________________________________ > >> > >> Besides you void warranty... > >> list of DD-WRT Supported routers: > >> > >> E1000 supported > >> E1000 v2 supported > >> E1000 v2.1 supported > >> E1200 v1 ??? > >> E1200 v2 ??? > >> E1500 ??? > >> E1550 ??? > >> E2000 supported > >> E2100L supported > >> E2500 not supported > >> E3000 supported > >> E3200 supported > >> E4200 v1 not supported yet > >> E4200 v2 not supported > >> M10 ???? > >> M20 ???? > >> M20 v2 ???? > >> RE1000 ???? > >> WAG120N not supported > >> WAG160N not supported > >> WAG160N v2 not supported > >> WAG310G not supported > >> WAG320N not supported > >> WAG54G2 not supported > >> WAP610N not supported > >> WRT110 not supported > >> WRT120N not supported > >> WRT160N v1 supported > >> WRT160N v2 not supported > >> WRT160N v3 supported > >> WRT160NL supported > >> WRT310N v1 supported > >> WRT310N v2 not supported yet > >> WRT320N supported > >> WRT400N supported > >> WRT54G2 v1 supported > >> WRT54G2 v1.3 supported > >> WRT54G2 v1.5 not supported > >> WRT54GS2 v1 supported > >> WRT610N v1 supported > >> WRT610N v2 supported > >> X2000 not supported > >> X2000 v2 not supported > >> X3000 not supported. > >> > >> > _________________________________________________________________________ > >> > >> "Fixing? Heh. > >> > >> Aside from rate limiting WPS, there isn't much of a fix, and you can't > turn it off either." > >> > _________________________________________________________________________ > >> > >> What about removing WuPS entirely? > >> > >> WuPS is a total failure because: > >> > >> 1. Even if everything is fine 8 digits long is very weak because once > you got the pin after 7 month - 2 years for example, you are completely > pwned. > >> > >> 2. Pin number is fixed you can't change it to a longer number or maybe > a string like "omgponnies" > >> > >> 3. Setting up a WPA2 password manually it's a piece of cake (even with > keypad only cell phones), if some people are lazy, you don't have to > weakening the security of a strong protocol. > >> > >> Farth Vader > >> > >> _______________________________________________ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
