News WPS Vulnerability

If you have a router and use WPS you may want to go into your routers GUI to disable WPS for now until your router manufacturer (if on the list) provides a firmware update.

A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8 digit PIN is correct.
The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on some wireless routers makes this brute force attack that much more feasible.

Click to expand...

More info and router manufactures affected are at the source.

:source: Source: US-Cert

I never really liked WPS - maybe because I never took the time to fully understand it..

This kinda dropped right off the radar, which is weird because probably 99% of the routers that would have been effected still are. The scary part is that your router can be potentially exploited by this vulnerability even if it is not active on your router, just having it as part of the firmware is enough in some cases. Only way to know is try and crack your routers password. 🙂

Here is a write up on it @ Lifehacker: How to Crack a Wi-Fi Network's WPA Password with Reaver