'Re: [Full-disclosure] WiFi Protected Setup attack code posted'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] WiFi Protected Setup attack code posted
From:       Dan Kaminsky <dan () doxpara ! com>
Date:       2011-12-29 12:03:00
Message-ID: 151BE9B3-0B50-4AA4-8F02-D22177AB66E5 () doxpara ! com
[Download RAW message or body]

[Attachment #2 (--Apple-Mail-378134AD-D56A-46DC-B0A2-4FF0A3262222)]


WPS could have been fine, in that it would have forced an online attack that took an infeasible \
amount of time. 

It just didn't accomplish that.

My thinking is that they'll get this property back into WPS with some sort of blinding of the \
half-break state, but I haven't dug into the vuln enough to be sure. 

Sent from my iPhone

On Dec 29, 2011, at 11:38 AM, Gage Bystrom <themadichib0d@gmail.com> wrote:

> Is be surprised if anyone related to security actually thought WPS was remotely safe, bout \
> time some actually released a public tool to brute it though :P 
> On Dec 29, 2011 2:02 AM, "Craig Heffner" <cheffner@devttys0.com> wrote:
> Yesterday, Stefan published a paper describing a vulnerability in WPS that allows attackers \
> to recover WPA/WPA2 keys in a matter of hours \
> (http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/).
>  
> Code has been posted to implement the attack: \
> http://www.tacnetsol.com/news/2011/12/28/cracking-wifi-protected-setup-with-reaver.html 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


[Attachment #5 (unknown)]

<html><head></head><body bgcolor="#FFFFFF"><div>WPS could have been fine, in that it would have \
forced an online attack that took an infeasible amount of \
time.&nbsp;</div><div><br></div><div>It just didn't accomplish \
that.</div><div><br></div><div>My thinking is that they'll get this property back into WPS with \
some sort of blinding of the half-break state, but I haven't dug into the vuln enough to be \
sure.&nbsp;</div><div><br>Sent from my iPhone</div><div><br>On Dec 29, 2011, at 11:38 AM, Gage \
Bystrom &lt;<a href="mailto:themadichib0d@gmail.com">themadichib0d@gmail.com</a>&gt; \
wrote:<br><br></div><div></div><blockquote type="cite"><div><p>Is be surprised if anyone \
related to security actually thought WPS was remotely safe, bout time some actually released a \
public tool to brute it though :P</p> <div class="gmail_quote">On Dec 29, 2011 2:02 AM, "Craig \
Heffner" &lt;<a href="mailto:cheffner@devttys0.com">cheffner@devttys0.com</a>&gt; wrote:<br \
type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px \
#ccc solid;padding-left:1ex"> Yesterday, Stefan published a paper describing a vulnerability in \
WPS that allows attackers to recover WPA/WPA2 keys in a matter of hours (<a \
href="http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/" \
target="_blank">http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/</a>).<div>


<br></div><div>Code has been posted to implement the attack:&nbsp;<span \
style="background-color:rgb(255,255,255);font-family:Arial,sans-serif;font-size:13px;line-height:19px"><a \
href="http://www.tacnetsol.com/news/2011/12/28/cracking-wifi-protected-setup-with-reaver.html" \
target="_blank">http://www.tacnetsol.com/news/2011/12/28/cracking-wifi-protected-setup-with-reaver.html</a></span></div>


<br>_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" \
target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br> Hosted and \
sponsored by Secunia - <a href="http://secunia.com/" \
target="_blank">http://secunia.com/</a><br></blockquote></div> </div></blockquote><blockquote \
type="cite"><div><span>_______________________________________________</span><br><span>Full-Disclosure \
- We believe in it.</span><br><span>Charter: <a \
href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</a></span><br><span>Hosted \
and sponsored by Secunia - <a \
href="http://secunia.com/">http://secunia.com/</a></span></div></blockquote></body></html>



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic