Submitted by ebw on Fri, 01/06/2012 - 15:15
Something slightly more interesting than the usual "Microsoft fails again" from US-CERT. The alert identifier is: TA12-006A
Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
Systems Affected: Most Wi-Fi access points that support Wi-Fi Protected Setup (WPS) are affected.
Overview: Wi-Fi Protected Setup (WPS) provides simplified mechanisms to configure secure wireless networks. The external registrar PIN exchange mechanism is susceptible to brute force attacks that could allow an attacker to gain access to an encrypted Wi-Fi network.
- Description -- WPS uses a PIN as a shared secret to authenticate an access point and a client and provide connection information such as WEP and WPA passwords and keys. In the external registrar exchange method, a client needs to provide the correct PIN to the access point.
An attacking client can try to guess the correct PIN. A design vulnerability reduces the effective PIN space sufficiently to allow practical brute force attacks. Freely available attack tools can recover a WPS PIN in 4-10 hours.
For further details, please see Vulnerability Note VU#723755 and further documentation by Stefan Viehbock and Tactical Network Solutions.
- Impact -- An attacker within radio range can brute-force the WPS PIN for a vulnerable access point. The attacker can then obtain WEP or WPA passwords and likely gain access to the Wi-Fi network. Once on the network, the attacker can monitor traffic and mount further attacks.
- Solution
- Update Firmware -- Check your access point vendor's support website for updated firmware that addresses this vulnerability. Further information may be available in the Vendor Information section of VU#723755 and in a Google spreadsheet called WPS Vulnerability Testing.
- Disable WPS -- Depending on the access point, it may be possible to disable WPS. Note that some access points may not actually disable WPS when the web management interface indicates that WPS is disabled.
- References
The most recent version of the US-CERT announcement is here.
Submitted by ebw on Wed, 01/04/2012 - 10:54
1. There will be at least one militarist on the November general election ballot, at top-of-ticket.
That's pretty certain.
2. ICANN's Board will select yet another stuffed shirt for CEO.
Seems likely, the job description contains far too much fluff, and the selection process has been outsourced to a UK firm that trades on promoting wankers.
3. One of the FTC or ICANN will be "realigned".
That's the "iffy" bit.
Submitted by ebw on Sun, 12/18/2011 - 20:05
Announced on DPRK state television.
Submitted by ebw on Fri, 12/16/2011 - 19:49
A birthday ... present. The FTC wrote Steve Crocker and Rod Beckstrom. In a nutshell, the no-policy-but-cash framework that has been ICANN's registry policy since the 2004 round does not amuse.
Link or upload when I've a spare moment.
Submitted by ebw on Fri, 12/16/2011 - 09:17
The Article 32 hearing for PFC Bradley Manning will begin today (December 16, 2011) at Fort Meade, Maryland. The hearing is expected to last approximately five days. With the exception of those limited times where classified information is being discussed, the hearing will be open to the public.
Private Manning is represented by David E. Coombs (J.D. Idaho) who's practice specializes in representing members of the United States Army facing criminal and adverse administrative actions.
Submitted by ebw on Mon, 12/12/2011 - 18:36
Courtesy of Karl Duboist, an Opera developer
FBI: Carrier IQ files used for "law enforcement purposes"
A recent FOIA request to the Federal Bureau of Investigation for "manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ" was met with a telling denial. In it, the FBI stated it did have responsive documents - but they were exempt under a provision that covers materials that, if disclosed, might reasonably interfere with an ongoing investigation.
Submitted by ebw on Tue, 12/06/2011 - 05:57
It was a so-so speech. Those of us confined to a gate waiting area for the prior five hours moved towards the CNN monopoly monitor (interrupted every 15m by the TSA "This is a special announcement" loop). The delay irritated important people used their cell phones to "just touch base" with some family or business contacts. For the rest of the gate area he had our complete attention for just about an hour.
I was waiting for a reference to the Glass–Steagall Act of 1932. It wasn't there.
Submitted by ebw on Mon, 12/05/2011 - 15:37
An interesting summary in le monde. She's planning on leaving Foggy Bottom in January, replaced by John Kerry (queue another electoral campaign in Mass).
Submitted by ebw on Mon, 12/05/2011 - 12:28
Greenpeace has carried out a pervasive pentest of the commercial nuclear powered electrical generating stations in France. The government and the industry is disputing the extent of the pentest. Sarko is calling the action (which shows that a bunch of hippies can enter a future Fukashima equipped with a tsunami or a banner to the effect that Kilroy was Here) irresponsible, so the task should have been left to a responsible armed organ of a hostile state or non-state actor. Going non-linear, the spokes-creature for Young UMP, Maxime Buizard, twitted that the Greenpeace activists should be shot as terrorists. He's since recovered a modicum of sanity and may support arrest and trial before execution of critics of the party in power.
Links to le monde's coverage.
Neutrios pass though walls of lead and lies with ease.
Submitted by ebw on Mon, 12/05/2011 - 12:16
At a regional conference, speaking as a private person. By way of context, see wikipedia.
Pages
