Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Digital Photography > Potential WIFI Router Vulnerability

Reply
Thread Tools

Potential WIFI Router Vulnerability

 
 
charles
Guest
Posts: n/a
 
      01-14-2012
http://www.datacenterjournal.com/it/...vulnerability/



If you are using a Wi-Fi router to provide access to your home,
business or customers (such as in a coffee shop), then you need to
take action to protect your network from a recently discovered
security weakness. Discovered late last year (2011) by Stefan
Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects
numerous Wi-Fi devices from a range of vendors. Details of the
vulnerability have been made public; in other words, hackers know
about it and will, no doubt, exploit it in unprotected systems.

<more at the posted URL>
 
Reply With Quote
 
 
 
 
CyberDroog
Guest
Posts: n/a
 
      01-15-2012
On Sat, 14 Jan 2012 12:29:23 -0800, charles <(E-Mail Removed)>
wrote:

>http://www.datacenterjournal.com/it/...vulnerability/
>
>If you are using a Wi-Fi router to provide access to your home,
>business or customers (such as in a coffee shop), then you need to
>take action to protect your network from a recently discovered
>security weakness. Discovered late last year (2011) by Stefan
>Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects
>numerous Wi-Fi devices from a range of vendors. Details of the
>vulnerability have been made public; in other words, hackers know
>about it and will, no doubt, exploit it in unprotected systems.


Rule of thumb: when implementing any password system, have your device
respond with a simple "yes" or "no", rather than "you're getting warmer!"

--
Why isn't the word gullible in the dictionary?

 
Reply With Quote
 
 
 
 
Alan Harding
Guest
Posts: n/a
 
      01-15-2012
In message <(E-Mail Removed)>, Eric Stevens
<(E-Mail Removed)> writes
>On Sat, 14 Jan 2012 12:29:23 -0800, charles <(E-Mail Removed)>
>wrote:
>
>>http://www.datacenterjournal.com/it/...from-the-wi-fi
>>wps-vulnerability/
>>
>>If you are using a Wi-Fi router to provide access to your home,
>>business or customers (such as in a coffee shop), then you need to
>>take action to protect your network from a recently discovered
>>security weakness. Discovered late last year (2011) by Stefan
>>Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects
>>numerous Wi-Fi devices from a range of vendors. Details of the
>>vulnerability have been made public; in other words, hackers know
>>about it and will, no doubt, exploit it in unprotected systems.
>>
>><more at the posted URL>

>
>It's worse than that. Your printer may be vulnerable too. See
>http://www.youtube.com/watch?v=njVv7J2azY8


1) Is something supposed to happen?

2) Wireless is more vulnerable than old-fashioned wires. It wasn't
difficult to predict. All my printers are hard-wired, and switched off
when not being used.

--
The opinions given above may be mine. They might also
just be what I feel like saying right now, okay?
 
Reply With Quote
 
Alan Harding
Guest
Posts: n/a
 
      01-15-2012
In message <(E-Mail Removed) >, CyberDroog
<(E-Mail Removed)> writes
>On Sat, 14 Jan 2012 12:29:23 -0800, charles <(E-Mail Removed)>
>wrote:
>
>>http://www.datacenterjournal.com/it/...from-the-wi-fi
>>wps-vulnerability/
>>
>>If you are using a Wi-Fi router to provide access to your home,
>>business or customers (such as in a coffee shop), then you need to
>>take action to protect your network from a recently discovered
>>security weakness. Discovered late last year (2011) by Stefan
>>Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects
>>numerous Wi-Fi devices from a range of vendors. Details of the
>>vulnerability have been made public; in other words, hackers know
>>about it and will, no doubt, exploit it in unprotected systems.

>
>Rule of thumb: when implementing any password system, have your device
>respond with a simple "yes" or "no", rather than "you're getting warmer!"


Three strikes and you're out (sometimes for half an hour).

--
The opinions given above may be mine. They might also
just be what I feel like saying right now, okay?
 
Reply With Quote
 
(PeteCresswell)
Guest
Posts: n/a
 
      01-15-2012
Per Floyd L. Davidson:
>Verify the date of your printer's current firmware.
>
> 1) If the firmware is dated Dec 2011 or newer, your
> printer has already been infected, and cannot
> be repaired. It should be *replaced*.


FWIW, on my HP 5000, that consisted of Menu | INFORMATION MENU |
PRINT CONFIGURATION and then looking at Printer Information |
Firmware Datecode: on the resulting printout.

Mine was "19980714 MB3.68" - with I'm assuming is July of 1998.


> 2) If the firmware is date older than Dec 2011,
> obtain HP's latest firmware and install it.


Now to find a link....
--
Pete Cresswell
 
Reply With Quote
 
Peter Chant
Guest
Posts: n/a
 
      01-15-2012
Alan Browne wrote:

> Don't use WPS. Use WEP2 / AES and only give the key to those you trust.
> Change it every few months.


Worse than that, some sites have been suggesting that disabling WPS on the
web interface on some models of router does not actually disable WPS.

Pete

--
http://www.petezilla.co.uk
 
Reply With Quote
 
CyberDroog
Guest
Posts: n/a
 
      01-16-2012
On Sun, 15 Jan 2012 10:14:05 -0500, Alan Browne
<(E-Mail Removed)> wrote:

>Don't use WPS. Use WEP2 / AES and only give the key to those you trust.
> Change it every few months.


WPA2/AES

Running better firmware, such as DD-WRT helps also. One very simple thing
you can do is simply to turn down the radio power so your system isn't a
bright, shining beacon.

--
There are indeed a great many more things in life than money; and it is
money that gives us access to most of them.

- Terry Eagleton

 
Reply With Quote
 
Alan Harding
Guest
Posts: n/a
 
      01-16-2012
In message <(E-Mail Removed)>, Eric Stevens
<(E-Mail Removed)> writes
>On Sun, 15 Jan 2012 09:57:23 +0000, Alan Harding
><(E-Mail Removed)> wrote:
>
>>In message <(E-Mail Removed)>, Eric Stevens
>><(E-Mail Removed)> writes
>>>On Sat, 14 Jan 2012 12:29:23 -0800, charles <(E-Mail Removed)>
>>>wrote:
>>>
>>>>http://www.datacenterjournal.com/it/...from-the-wi-fi
>>>>wps-vulnerability/
>>>>
>>>>If you are using a Wi-Fi router to provide access to your home,
>>>>business or customers (such as in a coffee shop), then you need to
>>>>take action to protect your network from a recently discovered
>>>>security weakness. Discovered late last year (2011) by Stefan
>>>>Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects
>>>>numerous Wi-Fi devices from a range of vendors. Details of the
>>>>vulnerability have been made public; in other words, hackers know
>>>>about it and will, no doubt, exploit it in unprotected systems.
>>>>
>>>><more at the posted URL>
>>>
>>>It's worse than that. Your printer may be vulnerable too. See
>>>http://www.youtube.com/watch?v=njVv7J2azY8

>>
>>1) Is something supposed to happen?

>
>Yep: a YouTube video.
>>
>>2) Wireless is more vulnerable than old-fashioned wires. It wasn't
>>difficult to predict. All my printers are hard-wired, and switched off
>>when not being used.

>
>Its a pity you werent able view the video. It describes how it is
>possible to infect a printer with malicious code by asking it to print
>an email (or other electronic) document which has been constructed to
>incorporate the malicious code. That's why the YouTube video is
>entitled "Print me if you dare".


It worked this time. It was fascinating stuff -- not at all what I
expected, much worse! I don't have any HPs, but I can't think of a
reason why it couldn't affect my printers, router, etcetera. My only
question is, do microwaves have embedded chips?

--
The opinions given above may be mine. They might also
just be what I feel like saying right now, okay?
 
Reply With Quote
 
John A.
Guest
Posts: n/a
 
      01-16-2012
On Mon, 16 Jan 2012 10:33:48 +0000, Alan Harding
<(E-Mail Removed)> wrote:

>In message <(E-Mail Removed)>, Eric Stevens
><(E-Mail Removed)> writes
>>On Sun, 15 Jan 2012 09:57:23 +0000, Alan Harding
>><(E-Mail Removed)> wrote:
>>
>>>In message <(E-Mail Removed)>, Eric Stevens
>>><(E-Mail Removed)> writes
>>>>On Sat, 14 Jan 2012 12:29:23 -0800, charles <(E-Mail Removed)>
>>>>wrote:
>>>>
>>>>>http://www.datacenterjournal.com/it/...from-the-wi-fi
>>>>>wps-vulnerability/
>>>>>
>>>>>If you are using a Wi-Fi router to provide access to your home,
>>>>>business or customers (such as in a coffee shop), then you need to
>>>>>take action to protect your network from a recently discovered
>>>>>security weakness. Discovered late last year (2011) by Stefan
>>>>>Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects
>>>>>numerous Wi-Fi devices from a range of vendors. Details of the
>>>>>vulnerability have been made public; in other words, hackers know
>>>>>about it and will, no doubt, exploit it in unprotected systems.
>>>>>
>>>>><more at the posted URL>
>>>>
>>>>It's worse than that. Your printer may be vulnerable too. See
>>>>http://www.youtube.com/watch?v=njVv7J2azY8
>>>
>>>1) Is something supposed to happen?

>>
>>Yep: a YouTube video.
>>>
>>>2) Wireless is more vulnerable than old-fashioned wires. It wasn't
>>>difficult to predict. All my printers are hard-wired, and switched off
>>>when not being used.

>>
>>Its a pity you werent able view the video. It describes how it is
>>possible to infect a printer with malicious code by asking it to print
>>an email (or other electronic) document which has been constructed to
>>incorporate the malicious code. That's why the YouTube video is
>>entitled "Print me if you dare".

>
>It worked this time. It was fascinating stuff -- not at all what I
>expected, much worse! I don't have any HPs, but I can't think of a
>reason why it couldn't affect my printers, router, etcetera. My only
>question is, do microwaves have embedded chips?


Haven't watched the vid yet, but I recall hearing about HP printers
being hacked into acting as web proxies etc. back in the 90s. I
thought the had fixed that.

Now that I think of it, though, that was done via telnet or some such
interface, not a printed file. Though there were config commands that
could be sent by printing. I once got a frown from my manager when I
changed the READY status message on the display to INSERT 25 CENTS.
 
Reply With Quote
 
Alan Harding
Guest
Posts: n/a
 
      01-16-2012
In message <(E-Mail Removed)>, Eric Stevens
<(E-Mail Removed)> writes
>On Mon, 16 Jan 2012 10:33:48 +0000, Alan Harding
><(E-Mail Removed)> wrote:
>>In message <(E-Mail Removed)>, Eric Stevens
>><(E-Mail Removed)> writes
>>>On Sun, 15 Jan 2012 09:57:23 +0000, Alan Harding
>>><(E-Mail Removed)> wrote:
>>>>In message <(E-Mail Removed)>, Eric Stevens
>>>><(E-Mail Removed)> writes
>>>>>On Sat, 14 Jan 2012 12:29:23 -0800, charles <(E-Mail Removed)>
>>>>>wrote:
>>>>>
>>>>>>http://www.datacenterjournal.com/it/...from-the-wi-fi
>>>>>>wps-vulnerability/
>>>>>>
>>>>>>If you are using a Wi-Fi router to provide access to your home,
>>>>>>business or customers (such as in a coffee shop), then you need to
>>>>>>take action to protect your network from a recently discovered
>>>>>>security weakness. Discovered late last year (2011) by Stefan
>>>>>>Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects
>>>>>>numerous Wi-Fi devices from a range of vendors. Details of the
>>>>>>vulnerability have been made public; in other words, hackers know
>>>>>>about it and will, no doubt, exploit it in unprotected systems.
>>>>>>
>>>>>><more at the posted URL>
>>>>>
>>>>>It's worse than that. Your printer may be vulnerable too. See
>>>>>http://www.youtube.com/watch?v=njVv7J2azY8
>>>>
>>>>1) Is something supposed to happen?
>>>
>>>Yep: a YouTube video.
>>>>
>>>>2) Wireless is more vulnerable than old-fashioned wires. It wasn't
>>>>difficult to predict. All my printers are hard-wired, and switched off
>>>>when not being used.
>>>
>>>Its a pity you werent able view the video. It describes how it is
>>>possible to infect a printer with malicious code by asking it to print
>>>an email (or other electronic) document which has been constructed to
>>>incorporate the malicious code. That's why the YouTube video is
>>>entitled "Print me if you dare".

>>
>>It worked this time. It was fascinating stuff -- not at all what I
>>expected, much worse! I don't have any HPs, but I can't think of a
>>reason why it couldn't affect my printers, router, etcetera. My only
>>question is, do microwaves have embedded chips?

>
>Are they on your network?


No, but I did set it on fire last week, and, bearing in mind the initial
press coverage...

--
The opinions given above may be mine. They might also
just be what I feel like saying right now, okay?
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Chaining WiFi Router To Single PC's Firewall Router? (PeteCresswell) Wireless Networking 4 11-25-2005 06:01 PM
WiFi router connected to a wired router? Chris Burson Wireless Networking 3 11-17-2005 07:03 PM
Dell True Mobile 1300"G" WiFi Card/Notebook and Hotel WiFi and WiFii Hot Spots Mike Computer Support 5 06-17-2004 04:09 AM
Asp.Net.Vulnerability: Asp.Net buffer overflows (potential security problems) Dinis Cruz ASP .Net Security 1 10-17-2003 07:48 AM
Asp.Net.Vulnerability: Win32 API calls (potential security problems) Dinis Cruz ASP .Net Security 1 10-17-2003 07:48 AM



Advertisments