Security

Dec 15 2016

News - CPCR guide for DIY survelience system

I've been leaning heavilty towards building a DIY NVR solution. If you've also thought about it, but weren't quite sure where to start - this is a great guide, even if you opt not to go with the hardware they selected.

Feb 18 2014

News - ASUS is not fixing a security flaw in their Router Automatically

ASUS is not fixing a problem that is considered a security flaw in any of their recent firmware Asus Logoupdates. Do you have any of the features enabled that help with remote access to your files? Do you have Samba enabled? You are also opening up yourself to this vulnerability. Security experts are trying to contact ASUS to see if they are planning on fixing the issue, but no response yet. The “hacker” can see the entire hard drive that is connected to the router, even if you don’t have it shared out publicly. This goes for a bunch of ASUS routers and ASUS is slowly coming out with some patches but they have to manually fix the issues. Check out the link below from CNET.

"These types of attacks could be prevented if security was a higher priority in the router manufacturers software development life cycle," Holcomb said. "At the end of the day, this is just the tip of the iceberg; with the amount of vulnerable network hardware comprising the internet infrastructure, people should count on more large scale attacks."

CNET

Mar 08 2012

News - Wi-Fi Alliance Finally Responds to WPS Vulnerability

WPS LogoA couple of months ago, security researchers released details about a security vulnerability in Wi-Fi Protected Setup, the pin-based system for quickly and easily adding new devices to a Wi-Fi network. As it turns out, routers with WPS enabled are susceptible to a brute force attack that allows interested hackers access to the network in just a couple of hours. In a recent statement, the Wi-Fi Alliance has announced that they have changed their testing and certification requirements in response to the vulnerability. Unfortunately, anyone who has already purchased a WPS-equipped router is left waiting for a fix from the manufacturer or forced to disable WPS, an option that is evidently not effective with all routers. 

While it sounds like the Wi-Fi Alliance will be taking care of the security hole on future devices, the statement doesn't address how it plans to do so, nor does it show that it is taking any steps to rectify the issue on old routers. By default, many devices ship with WPS enabled, and for now the only way to prevent an attack is to disable the feature. 

The Verge

Dec 31 2011

News - Wi-Fi Protected Setup Vulnerability Leaves Home Networks Exposed

WPS LogoFor the most part, people seem to fall into one of two categories when it comes to setting up their home networks. There are the control freaks such as myself who like to set everything up manually, perhaps even going so far as to provide static ip addresses for each new device. Then there are the folks who set their networks up for ease of use, expecting most functions to occur without administrative interaction. For those folks, Wi-Fi Protected Setup has been a godsend, enabling devices to easily join and leave the home network with minimal oversight. Technologies such as WPS have certainly made it easier for mainstream users to take advantage of their home networks and we have increasingly seen media streamers and networked home theater devices adopt WPS to spur mainstream adoption.

Unfortunately, a serious vulnerability has been found in WPS that makes brute force attacks relatively easy to run. Indeed, for the majority of routers an attacker could brute force WPS in just 2-4 hours. I know the odds of anyone wanting to access my home network are vanishingly small, but then again the whole reason I secure my network is to avoid that remote possibility. The worst part is that there is no fix right now, prompting experts to recommend turning off WPS. Should the issue be correctable by a software fix, it will require users to update their router's firmware. I already turn of WPS on my router simply because I do not use it, but are there any WPS users out there who feel like this a serious concern?

In his tests, Viehböck found that an authentication attempt takes between 0.5 and 3 seconds and the majority of routers don't implement lock-down periods after several consecutive failed WPS authentication attempts. Only one router from Netgear slowed its responses to failed authentication attempts in order to mitigate against the attack, but that only extended the attack time to a day or so -- otherwise it can take 2-4 hours.

TechSpot

Updated:

Turns out that Viehbock wasn't the only researcher looking into this issue. Researchers at Tactical Network Solutions have been conducting similar research and have now released an open source tool for conducting WPS attacks. I think I might have to try and see if I can hack into my router.

Now the company has released an open-source version of its tool, Reaver, which Heffner says is capable of cracking the PIN codes of routers and gaining access to their WPA2 passwords "in approximately 4 [to] 10 hours." 

Ars Technica

Syndicate content
Website design by Yammm Software
Powered by Drupal