[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
From: Sanguinarious Rose <SanguineRose@xxxxxxxxxxxxxxxxx>
Date: Sun, 12 Feb 2012 15:42:39 -0700

On Sat, Feb 11, 2012 at 2:23 PM,  <farthvader@xxxxxxx> wrote:
> _________________________________________________________________________
> "Use Tomato-USB OS on them."
> _________________________________________________________________________
>
> Besides you void warranty...
> list of DD-WRT Supported routers:
>
>  E1000        supported
>  E1000 v2     supported
>  E1000 v2.1   supported
>  E1200 v1     ???
>  E1200 v2     ???
>  E1500        ???
>  E1550        ???
>  E2000        supported
>  E2100L       supported
>  E2500        not supported
>  E3000        supported
>  E3200        supported
>  E4200 v1     not supported yet
>  E4200 v2     not supported
>  M10          ????
>  M20          ????
>  M20 v2       ????
>  RE1000       ????
>  WAG120N      not supported
>  WAG160N      not supported
>  WAG160N v2   not supported
>  WAG310G      not supported
>  WAG320N      not supported
>  WAG54G2      not supported
>  WAP610N      not supported
>  WRT110       not supported
>  WRT120N      not supported
>  WRT160N v1   supported
>  WRT160N v2   not supported
>  WRT160N v3   supported
>  WRT160NL     supported
>  WRT310N v1   supported
>  WRT310N v2   not supported yet
>  WRT320N      supported
>  WRT400N      supported
>  WRT54G2 v1   supported
>  WRT54G2 v1.3 supported
>  WRT54G2 v1.5 not supported
>  WRT54GS2 v1  supported
>  WRT610N v1   supported
>  WRT610N v2   supported
>  X2000        not supported
>  X2000 v2     not supported
>  X3000        not supported.
>
> _________________________________________________________________________
>
> "Fixing?  Heh.
>
> Aside from rate limiting WPS, there isn't much of a fix, and you can't turn 
> it off either."
> _________________________________________________________________________
>
> What about removing WuPS entirely?
>
> WuPS is a total failure because:
>
> 1. Even if everything is fine 8 digits long is very weak because once you got 
> the pin after 7 month - 2 years for example, you are completely pwned.
>

I can't see someone sitting outside my house for 7 months let alone 2
years trying to get my PIN for my router.

> 2. Pin number is fixed you can't change it to a longer number or maybe a 
> string like "omgponnies"
>

A valid point and easy security improvement

> 3. Setting up a WPA2 password manually it's a piece of cake (even with keypad 
> only cell phones), if some people are lazy, you don't have to weakening the 
> security of a strong protocol.
>

People are lazy by default and I see it honestly as their fault for
not taking simple precautions or god forbid reading up a bit.

> Farth Vader
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
  - From: William Warren

References:
- Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
  - From: farthvader

Prev by Date: Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
Next by Date: [Full-disclosure] [TEHTRI-Security] 0days at HITB Amsterdam 2012
Previous by thread: Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
Next by thread: Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
Index(es):
- Date
- Thread