background preloader

Wi-Fi Protected Setup Flaws Make Wireless Network Brute-force Attacks Feasible

Wi-Fi Protected Setup Flaws Make Wireless Network Brute-force Attacks Feasible
Design flaws in the Wi-Fi Protected Setup (WPS) wireless standard can make it easier for attackers to obtain access codes for secured wireless networks by brute force. The vulnerabilities identified by security researcher Stefan Viehbock affect a large number of WPS-enabled routers and wireless access points. The WPS standard was created in 2007 by the Wi-Fi Alliance in order to provide non-technical users with a simple method of setting up wireless networks. The standard supports several Wi-Fi authentication methods including one that requires pushing a physical button on the router and one that uses a predefined PIN number printed on a sticker by the device manufacturer. The PIN-based method is mandatory for WPS-certified devices, which support it by default. Devices that are WPS-capable, but aren't certified, are also likely to use the method. The WPS PIN is an eight-digit random number. The main problem lies with how devices respond to failed WPS authentication attempts. The U.S.

http://www.pcworld.com/article/247090/wifi_protected_setup_flaws_make_wireless_network_bruteforce_attacks_feasible.html

Related:  Hacking tutorials sites & toolsvinifritzemNetworking

Computer acting funny? It may be infected with a virus! One great thing about computers is that they often warn us when something is wrong. Sometimes they suddenly slow down to a crawl, other times they start to freeze up or even crash for what seems to be no reason at all. Most of the time though, there is a reason why our computers start to act funny. One of those reasons is due to malware and viruses. No one likes to have a computer virus, but if you do happen to catch one, it’s important to know the warning signs so that you can take care of the problem as soon as possible. Below, you’ll find 10 signs to look out for on your computer that may prove your computer is infected with a virus.

IPv6: The security risks to business Predictions about when the world will end are about as consistent as the predictions about when IPv4 internet addresses will finally run out, but some IT security professionals say that is really the least of our worries. A much bigger concern, they say, should be the security holes that will open up in many business organisations as the world moves over to internet protocol version six (IPv6). This is an important aspect of the changeover that has been lost in all the hype around how IPv4 is about to run out of IP addresses assigned to each internet-connected device because of the explosion of internet users, devices and web services. IPv6 will solve this problem because it provides over four billion times more addresses than IPv4, but in solving that problem, it could expose businesses to cyber attacks as hackers use IPv6 to bypass security controls and filters designed and configured for IPv4 traffic. IPv6 attacks likely to increase with adoption Security advantages of IPv6

6 free network vulnerability scanners Though you may know and follow basic security measures on your own when installing and managing your network and websites, you'll never be able to keep up with and catch all the vulnerabilities by yourself. Vulnerability scanners can help you automate security auditing and can play a crucial part in your IT security. They can scan your network and websites for up to thousands of different security risks, producing a prioritized list of those you should patch, describe the vulnerabilities, and give steps on how to remediate them. Some can even automate the patching process. + ALSO ON NETWORK WORLD 8 free Wi-Fi security tools +

John the Ripper password cracker John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance. This version integrates lots of contributed patches adding GPU support (OpenCL and CUDA), support for a hundred of additional hash and cipher types (including popular ones such as NTLM, raw MD5, etc., and even things such as encrypted OpenSSH private keys, ZIP and RAR archives, PDF files, etc.), as well as some optimizations and features. Unfortunately, its overall quality is lower than the official version's.

4 Keys To A Data Security Strategy Organizations must prepare for the inevitable security breach and focus on protecting sensitive corporate data. Here are some ideas to build on. If you’re an IT pro, protecting your company’s security may have recently become part of your job description. This probably didn’t come as a surprise -- more than 40% of companies suffered a breach last year, according to the Ponemon Institute. Maintaining a secure environment is no longer a question of locking down the perimeter or eliminating the chance of an attack. Working with Open Shortest Path First (OSPF) Routing Protocol Because Open Shortest Path First (OSPF) is an open standard protocol, many people have contributed to its design and thousands upon thousands of people have reviewed it. In this section,some functional components of this interior gateway protocol (IGP) and its use in your networks will be highlighted. Because every IGP behaves slightly differently from other IGPs, you should be familiar with a few OSPF terms that are used with the protocol before jumping into the configuration commands. This section attempts to clarify the major terms and concepts you should be familiar with.

Scanning the Internet with Nmap (Defcon 16) Tutorial Scanning The Internet With Nmap (Defcon 16) Description: How would you like to scan millions of hosts on the Internet and catalog all the interesting insights? This is exactly what Fyodor, the author of Nmap or Network Mapper did last summer. Thankfully, he then went on to share his finding with the community at Defcon 16 in his talk titled "Nmap: Scanning the Internet".

HTG Explains: The Difference Between WEP, WPA, and WPA2 Wireless Encryption (and Why It Matters) Even if you know you need to secure your Wi-Fi network (and have already done so), you probably find all the encryption acronyms a little bit puzzling. Read on as we highlight the differences between encryption standards like WEP, WPA, and WPA2–and why it matters which acronym you slap on your home Wi-Fi network. What Does It Matter?

Related: