Showing results for 
Search instead for 
Do you mean 
Reply
counsil
Posts: 88
Registered: ‎04-02-2009

Re: Urgent: WPS vulnerability fix ETA?

...and greatly increase the timeout betweens tries.  Most especially after a few wrong entries.

somms
Posts: 129
Registered: ‎03-20-2008

Re: Urgent: WPS vulnerability fix ETA?


sabretooth wrote:

somms wrote:

ARCHANGEL_06 wrote:

What you forget to read about is that it's a problem with the STANDARD and not the brand. I'm not surprised you are upset.



http://support.netgear.com/app/answers/detail/a_id/19824/~/how-do-netgear-home-routers-defend-wifi-p...

 

Meanwhile certain brands CAN and DO actually disable WPS unlike Linksys/Cisco's gimped firmware which can't...

 



All they have to do (along with the other vendors) it accept all eight digits at once instead of four at a time.  They should not even acknowledge any correct sequence until all 8 digits are correct.


Too bad that this can't be done as this would break WPS since the registrar has to prove itself to the enrollee after only the first four digits.  WPS is just a total fail!



FTTH

Member of the Professional Aviation Safety Specialists Union!
Frenchblake
Posts: 1
Registered: ‎02-06-2012

Re: Urgent: WPS vulnerability fix ETA?

[ Edited ]

Read this : Firmware Modification

 

Does someone have tried it ?

 

Blake

Gonzoatlarge
Posts: 13
Registered: ‎01-22-2012

Re: Urgent: WPS vulnerability fix ETA?

I understand tha Cisco is not at fault in regards to the WPS flaw itself.

My frustration stems form the fact that the UI implies that WPS can be disabled yet, and as confirmed by Cisco level 2 support, this switch does NOTHING!

NOTHING!!! Hoe can CISCO developers do that? What other functionality is a placebo? Am I really using AES?

I would have returned the router on day one had I known I could not disable WPS. Some of us knew long before the flaw was made public that WPS was a bad idea. 

Shame on them for misleading us. 

Gonzoatlarge
Posts: 13
Registered: ‎01-22-2012

Re: Urgent: WPS vulnerability fix ETA?

what would you do if you bought a car that has a 4x4 button and you later found out it does nothing? 

Gonzoatlarge
Posts: 13
Registered: ‎01-22-2012

Re: Urgent: WPS vulnerability fix ETA?

Blake : I have not. However, after reading, it seems more complicated than flashing Open source firmware.
Expert
sabretooth
Posts: 5,319
Registered: ‎11-11-2008

Re: Urgent: WPS vulnerability fix ETA?


somms wrote:

Too bad that this can't be done as this would break WPS since the registrar has to prove itself to the enrollee after only the first four digits.  WPS is just a total fail!



I believe that standard is now defunct.

Sap2543
Posts: 23
Registered: ‎01-10-2012

Re: Urgent: WPS vulnerability fix ETA?

[ Edited ]

I'm wondering if Symantec can patch it's PCAnywhere and Norton AV software, et al - after finding out in mid January that hackers have the source code and might release it - then why can't Cisco fix the routers so Reaver can't hack them by disabling WPS.  It doesn't take 3 months to roll out a fix.  Go ahead Cisco, keep dragging your feet on this one - Obviously security it not too important to you.

somms
Posts: 129
Registered: ‎03-20-2008

Re: Urgent: WPS vulnerability fix ETA?

Noticed the mods are cracking down so lets try this again.  Linksys will post a wonderful fix.  The fix will be good and all will be right with the world once again!:smileyhappy:



FTTH

Member of the Professional Aviation Safety Specialists Union!
Sap2543
Posts: 23
Registered: ‎01-10-2012

Re: Urgent: WPS vulnerability fix ETA?

"Linksys will post a wonderful fix" - wonderful would be sooner than at least 3 months - like how about tomorrow or by Friday?

 

If linksys doesn't like the posts then delete them but folks are not happy with the timetable.  A friend of mine bought a linksys router the other day.  I asked him which one and looked it up and sure enough, it has WPS and the 8 digit pin on the bottom.  I asked him if he knew it could be hacked with Reaver and I told him the soonest it could be patched was in April.  He was not too happy about that and said he would not have purchased the router if he had known.  Of course, Cisco doesn't want to tell anybody so consumers can make the right decision.  What about a consumer notice about it Cisco or better yet a recall from the stores until they are patched?  OK, I'm stuck with this router with a hole but selling them and not telling folks about the WPS vulnerability is just no good.

 

And finally, "the fix will be good and all will be right with the world once again"?  Maybe you haven't been keeping scored but the hackers and crooks are having a field day out in the real world.  I know you mean well but every level of computer security is very serious business.