Potential WIFI Router Vulnerability

Discussion in 'Digital Photography' started by charles, Jan 14, 2012.

  1. charles

    charles Guest

    http://www.datacenterjournal.com/it/protect-your-network-from-the-wi-fi-wps-vulnerability/



    If you are using a Wi-Fi router to provide access to your home,
    business or customers (such as in a coffee shop), then you need to
    take action to protect your network from a recently discovered
    security weakness. Discovered late last year (2011) by Stefan
    Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects
    numerous Wi-Fi devices from a range of vendors. Details of the
    vulnerability have been made public; in other words, hackers know
    about it and will, no doubt, exploit it in unprotected systems.

    <more at the posted URL>
     
    charles, Jan 14, 2012
    #1
    1. Advertising

  2. charles

    CyberDroog Guest

    On Sat, 14 Jan 2012 12:29:23 -0800, charles <>
    wrote:

    >http://www.datacenterjournal.com/it/protect-your-network-from-the-wi-fi-wps-vulnerability/
    >
    >If you are using a Wi-Fi router to provide access to your home,
    >business or customers (such as in a coffee shop), then you need to
    >take action to protect your network from a recently discovered
    >security weakness. Discovered late last year (2011) by Stefan
    >Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects
    >numerous Wi-Fi devices from a range of vendors. Details of the
    >vulnerability have been made public; in other words, hackers know
    >about it and will, no doubt, exploit it in unprotected systems.


    Rule of thumb: when implementing any password system, have your device
    respond with a simple "yes" or "no", rather than "you're getting warmer!"

    --
    Why isn't the word gullible in the dictionary?
     
    CyberDroog, Jan 15, 2012
    #2
    1. Advertising

  3. charles

    Alan Harding Guest

    In message <>, Eric Stevens
    <> writes
    >On Sat, 14 Jan 2012 12:29:23 -0800, charles <>
    >wrote:
    >
    >>http://www.datacenterjournal.com/it/protect-your-network-from-the-wi-fi
    >>wps-vulnerability/
    >>
    >>If you are using a Wi-Fi router to provide access to your home,
    >>business or customers (such as in a coffee shop), then you need to
    >>take action to protect your network from a recently discovered
    >>security weakness. Discovered late last year (2011) by Stefan
    >>Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects
    >>numerous Wi-Fi devices from a range of vendors. Details of the
    >>vulnerability have been made public; in other words, hackers know
    >>about it and will, no doubt, exploit it in unprotected systems.
    >>
    >><more at the posted URL>

    >
    >It's worse than that. Your printer may be vulnerable too. See
    >http://www.youtube.com/watch?v=njVv7J2azY8


    1) Is something supposed to happen?

    2) Wireless is more vulnerable than old-fashioned wires. It wasn't
    difficult to predict. All my printers are hard-wired, and switched off
    when not being used.

    --
    The opinions given above may be mine. They might also
    just be what I feel like saying right now, okay?
     
    Alan Harding, Jan 15, 2012
    #3
  4. charles

    Alan Harding Guest

    In message <>, CyberDroog
    <> writes
    >On Sat, 14 Jan 2012 12:29:23 -0800, charles <>
    >wrote:
    >
    >>http://www.datacenterjournal.com/it/protect-your-network-from-the-wi-fi
    >>wps-vulnerability/
    >>
    >>If you are using a Wi-Fi router to provide access to your home,
    >>business or customers (such as in a coffee shop), then you need to
    >>take action to protect your network from a recently discovered
    >>security weakness. Discovered late last year (2011) by Stefan
    >>Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects
    >>numerous Wi-Fi devices from a range of vendors. Details of the
    >>vulnerability have been made public; in other words, hackers know
    >>about it and will, no doubt, exploit it in unprotected systems.

    >
    >Rule of thumb: when implementing any password system, have your device
    >respond with a simple "yes" or "no", rather than "you're getting warmer!"


    Three strikes and you're out (sometimes for half an hour).

    --
    The opinions given above may be mine. They might also
    just be what I feel like saying right now, okay?
     
    Alan Harding, Jan 15, 2012
    #4
  5. Per Floyd L. Davidson:
    >Verify the date of your printer's current firmware.
    >
    > 1) If the firmware is dated Dec 2011 or newer, your
    > printer has already been infected, and cannot
    > be repaired. It should be *replaced*.


    FWIW, on my HP 5000, that consisted of Menu | INFORMATION MENU |
    PRINT CONFIGURATION and then looking at Printer Information |
    Firmware Datecode: on the resulting printout.

    Mine was "19980714 MB3.68" - with I'm assuming is July of 1998.


    > 2) If the firmware is date older than Dec 2011,
    > obtain HP's latest firmware and install it.


    Now to find a link....
    --
    Pete Cresswell
     
    (PeteCresswell), Jan 15, 2012
    #5
  6. charles

    Peter Chant Guest

    Alan Browne wrote:

    > Don't use WPS. Use WEP2 / AES and only give the key to those you trust.
    > Change it every few months.


    Worse than that, some sites have been suggesting that disabling WPS on the
    web interface on some models of router does not actually disable WPS.

    Pete

    --
    http://www.petezilla.co.uk
     
    Peter Chant, Jan 15, 2012
    #6
  7. charles

    CyberDroog Guest

    On Sun, 15 Jan 2012 10:14:05 -0500, Alan Browne
    <> wrote:

    >Don't use WPS. Use WEP2 / AES and only give the key to those you trust.
    > Change it every few months.


    WPA2/AES

    Running better firmware, such as DD-WRT helps also. One very simple thing
    you can do is simply to turn down the radio power so your system isn't a
    bright, shining beacon.

    --
    There are indeed a great many more things in life than money; and it is
    money that gives us access to most of them.

    - Terry Eagleton
     
    CyberDroog, Jan 16, 2012
    #7
  8. charles

    Alan Harding Guest

    In message <>, Eric Stevens
    <> writes
    >On Sun, 15 Jan 2012 09:57:23 +0000, Alan Harding
    ><> wrote:
    >
    >>In message <>, Eric Stevens
    >><> writes
    >>>On Sat, 14 Jan 2012 12:29:23 -0800, charles <>
    >>>wrote:
    >>>
    >>>>http://www.datacenterjournal.com/it/protect-your-network-from-the-wi-fi
    >>>>wps-vulnerability/
    >>>>
    >>>>If you are using a Wi-Fi router to provide access to your home,
    >>>>business or customers (such as in a coffee shop), then you need to
    >>>>take action to protect your network from a recently discovered
    >>>>security weakness. Discovered late last year (2011) by Stefan
    >>>>Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects
    >>>>numerous Wi-Fi devices from a range of vendors. Details of the
    >>>>vulnerability have been made public; in other words, hackers know
    >>>>about it and will, no doubt, exploit it in unprotected systems.
    >>>>
    >>>><more at the posted URL>
    >>>
    >>>It's worse than that. Your printer may be vulnerable too. See
    >>>http://www.youtube.com/watch?v=njVv7J2azY8

    >>
    >>1) Is something supposed to happen?

    >
    >Yep: a YouTube video.
    >>
    >>2) Wireless is more vulnerable than old-fashioned wires. It wasn't
    >>difficult to predict. All my printers are hard-wired, and switched off
    >>when not being used.

    >
    >Its a pity you werent able view the video. It describes how it is
    >possible to infect a printer with malicious code by asking it to print
    >an email (or other electronic) document which has been constructed to
    >incorporate the malicious code. That's why the YouTube video is
    >entitled "Print me if you dare".


    It worked this time. It was fascinating stuff -- not at all what I
    expected, much worse! I don't have any HPs, but I can't think of a
    reason why it couldn't affect my printers, router, etcetera. My only
    question is, do microwaves have embedded chips?

    --
    The opinions given above may be mine. They might also
    just be what I feel like saying right now, okay?
     
    Alan Harding, Jan 16, 2012
    #8
  9. charles

    John A. Guest

    On Mon, 16 Jan 2012 10:33:48 +0000, Alan Harding
    <> wrote:

    >In message <>, Eric Stevens
    ><> writes
    >>On Sun, 15 Jan 2012 09:57:23 +0000, Alan Harding
    >><> wrote:
    >>
    >>>In message <>, Eric Stevens
    >>><> writes
    >>>>On Sat, 14 Jan 2012 12:29:23 -0800, charles <>
    >>>>wrote:
    >>>>
    >>>>>http://www.datacenterjournal.com/it/protect-your-network-from-the-wi-fi
    >>>>>wps-vulnerability/
    >>>>>
    >>>>>If you are using a Wi-Fi router to provide access to your home,
    >>>>>business or customers (such as in a coffee shop), then you need to
    >>>>>take action to protect your network from a recently discovered
    >>>>>security weakness. Discovered late last year (2011) by Stefan
    >>>>>Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects
    >>>>>numerous Wi-Fi devices from a range of vendors. Details of the
    >>>>>vulnerability have been made public; in other words, hackers know
    >>>>>about it and will, no doubt, exploit it in unprotected systems.
    >>>>>
    >>>>><more at the posted URL>
    >>>>
    >>>>It's worse than that. Your printer may be vulnerable too. See
    >>>>http://www.youtube.com/watch?v=njVv7J2azY8
    >>>
    >>>1) Is something supposed to happen?

    >>
    >>Yep: a YouTube video.
    >>>
    >>>2) Wireless is more vulnerable than old-fashioned wires. It wasn't
    >>>difficult to predict. All my printers are hard-wired, and switched off
    >>>when not being used.

    >>
    >>Its a pity you werent able view the video. It describes how it is
    >>possible to infect a printer with malicious code by asking it to print
    >>an email (or other electronic) document which has been constructed to
    >>incorporate the malicious code. That's why the YouTube video is
    >>entitled "Print me if you dare".

    >
    >It worked this time. It was fascinating stuff -- not at all what I
    >expected, much worse! I don't have any HPs, but I can't think of a
    >reason why it couldn't affect my printers, router, etcetera. My only
    >question is, do microwaves have embedded chips?


    Haven't watched the vid yet, but I recall hearing about HP printers
    being hacked into acting as web proxies etc. back in the 90s. I
    thought the had fixed that.

    Now that I think of it, though, that was done via telnet or some such
    interface, not a printed file. Though there were config commands that
    could be sent by printing. I once got a frown from my manager when I
    changed the READY status message on the display to INSERT 25 CENTS.
     
    John A., Jan 16, 2012
    #9
  10. charles

    Alan Harding Guest

    In message <>, Eric Stevens
    <> writes
    >On Mon, 16 Jan 2012 10:33:48 +0000, Alan Harding
    ><> wrote:
    >>In message <>, Eric Stevens
    >><> writes
    >>>On Sun, 15 Jan 2012 09:57:23 +0000, Alan Harding
    >>><> wrote:
    >>>>In message <>, Eric Stevens
    >>>><> writes
    >>>>>On Sat, 14 Jan 2012 12:29:23 -0800, charles <>
    >>>>>wrote:
    >>>>>
    >>>>>>http://www.datacenterjournal.com/it/protect-your-network-from-the-wi-fi
    >>>>>>wps-vulnerability/
    >>>>>>
    >>>>>>If you are using a Wi-Fi router to provide access to your home,
    >>>>>>business or customers (such as in a coffee shop), then you need to
    >>>>>>take action to protect your network from a recently discovered
    >>>>>>security weakness. Discovered late last year (2011) by Stefan
    >>>>>>Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects
    >>>>>>numerous Wi-Fi devices from a range of vendors. Details of the
    >>>>>>vulnerability have been made public; in other words, hackers know
    >>>>>>about it and will, no doubt, exploit it in unprotected systems.
    >>>>>>
    >>>>>><more at the posted URL>
    >>>>>
    >>>>>It's worse than that. Your printer may be vulnerable too. See
    >>>>>http://www.youtube.com/watch?v=njVv7J2azY8
    >>>>
    >>>>1) Is something supposed to happen?
    >>>
    >>>Yep: a YouTube video.
    >>>>
    >>>>2) Wireless is more vulnerable than old-fashioned wires. It wasn't
    >>>>difficult to predict. All my printers are hard-wired, and switched off
    >>>>when not being used.
    >>>
    >>>Its a pity you werent able view the video. It describes how it is
    >>>possible to infect a printer with malicious code by asking it to print
    >>>an email (or other electronic) document which has been constructed to
    >>>incorporate the malicious code. That's why the YouTube video is
    >>>entitled "Print me if you dare".

    >>
    >>It worked this time. It was fascinating stuff -- not at all what I
    >>expected, much worse! I don't have any HPs, but I can't think of a
    >>reason why it couldn't affect my printers, router, etcetera. My only
    >>question is, do microwaves have embedded chips?

    >
    >Are they on your network?


    No, but I did set it on fire last week, and, bearing in mind the initial
    press coverage...

    --
    The opinions given above may be mine. They might also
    just be what I feel like saying right now, okay?
     
    Alan Harding, Jan 16, 2012
    #10
  11. Floyd L. Davidson <> wrote:

    > If you have an HP printer and do not want someone else to
    > be able to see *everything* you print, take action:


    > Verify the date of your printer's current firmware.


    > 1) If the firmware is dated Dec 2011 or newer, your
    > printer has already been infected, and cannot
    > be repaired. It should be *replaced*.


    > 2) If the firmware is date older than Dec 2011,
    > obtain HP's latest firmware and install it.


    .... thereby setting the firmware to a date newer than Dec 2011.
    Then do Check 1) again and ...

    -Wolfgang
     
    Wolfgang Weisselberg, Jan 17, 2012
    #11
  12. charles

    Contrarian Guest

    In alt.support.depression Floyd L. Davidson <> wrote:

    > If you have an HP printer and do not want someone else to
    > be able to see *everything* you print, take action:


    wow. If and when I get a printer...

    > 3) The malicious software can *permanently* write itself
    > into the boot code (in flash memory) and then prevent
    > anyone from ever writing to flash memory again.
     
    Contrarian, Jan 17, 2012
    #12
  13. Floyd L. Davidson <> wrote:
    > Wolfgang Weisselberg <> wrote:
    >>Floyd L. Davidson <> wrote:


    >>> If you have an HP printer and do not want someone else to
    >>> be able to see *everything* you print, take action:


    >>> Verify the date of your printer's current firmware.


    >>> 1) If the firmware is dated Dec 2011 or newer, your
    >>> printer has already been infected, and cannot
    >>> be repaired. It should be *replaced*.


    >>> 2) If the firmware is date older than Dec 2011,
    >>> obtain HP's latest firmware and install it.


    >>... thereby setting the firmware to a date newer than Dec 2011.
    >>Then do Check 1) again and ...


    > That would be a bit stupid!


    That could easily happen without any stupidity.

    > Follow the instructions and don't try
    > making your own until you actually understand the problem.


    Ah, but you *have* to note that these instructions are not
    idempotent. Failing to do that causes no end of problems and
    trouble.

    > And you missed the point. If you have not upgraded the firmware
    > as specified there is only one reason the date would show that it
    > has already been upgraded: you've been infected.


    You're assuming a great many things in that sentence that may
    or may not be true. I'll leave it to you to write down a
    trivial example where your instructions could cause a printer
    to be wrongly declared infected.

    -Wolfgang
     
    Wolfgang Weisselberg, Jan 18, 2012
    #13
  14. charles

    jill Guest

    On Jan 14, 12:29 pm, charles <> wrote:
    > http://www.datacenterjournal.com/it/protect-your-network-from-the-wi-...
    >
    > If you are using a Wi-Fi router to provide access to your home,
    > business or customers (such as in a coffee shop), then you need to
    > take action to protect your network from a recently discovered
    > security weakness. Discovered late last year (2011) by Stefan
    > Viehböck, this vulnerability in Wi-Fi Protected Setup (WPS) affects
    > numerous Wi-Fi devices from a range of vendors. Details of the
    > vulnerability have been made public; in other words, hackers know
    > about it and will, no doubt, exploit it in unprotected systems.
    >
    > <more at the posted URL>


    this happened to me
     
    jill, Jan 19, 2012
    #14
  15. Floyd L. Davidson <> wrote:
    > Wolfgang Weisselberg <> wrote:
    >>Floyd L. Davidson <> wrote:


    >>> And you missed the point. If you have not upgraded the firmware
    >>> as specified there is only one reason the date would show that it
    >>> has already been upgraded: you've been infected.


    >>You're assuming a great many things in that sentence that may
    >>or may not be true. I'll leave it to you to write down a
    >>trivial example where your instructions could cause a printer
    >>to be wrongly declared infected.


    > We've already discovered such a case: give a good set of
    > instructions to a fool who doesn't follow them.


    True: I gave you good instructions and you didn't follow them.

    (Hint: What happens when more than one person communally own a
    HP printer and more than one of them follow your bad instructions?
    It's obvious you did never thought about that --- you'd be a
    terrible programmer. Or instruction writer.)

    > And there is
    > no reasonable solution that is legal (eradication of fools being
    > highly illegal, so you're safe).


    Yep, I'm safe from prison or worse since I only attempt legal
    solutions. Though I'm not always reasonable --- here I am,
    attempting to teach something to a fool, worse, a learning
    resistant and offensive fool.

    -Wolfgang
     
    Wolfgang Weisselberg, Jan 21, 2012
    #15
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bootstrap Bill

    Job potential for MCSD.net?

    Bootstrap Bill, Feb 20, 2004, in forum: Microsoft Certification
    Replies:
    2
    Views:
    513
    DalePres
    Mar 6, 2004
  2. Network Guru

    my potential next car

    Network Guru, Jan 28, 2004, in forum: MCSE
    Replies:
    18
    Views:
    825
    Consultant
    Jan 30, 2004
  3. Michael
    Replies:
    2
    Views:
    4,076
    Michael
    Sep 4, 2003
  4. Martina

    Entfalte dein Potential

    Martina, Oct 13, 2004, in forum: Computer Support
    Replies:
    0
    Views:
    393
    Martina
    Oct 13, 2004
  5. Robert11
    Replies:
    4
    Views:
    2,016
    Ralph W. Phillips
    Dec 1, 2004
Loading...

Share This Page