They always knew it could be done; that a hacker with enough time and processing power could watch your WPA-protected wireless network and, eventually, decrypt your precious datas. In under 15 minutes, though? "Inconceivable!" those hypothetical security experts would say -- but they're about to get a lesson from WiFi wizard Erik Tews. He'll be giving a presentation next week at the PacSec Conference in Tokyo, describing the "mathematical breakthrough" that, he says, enables him to crack WPA-TKIP in 12 to 15 minutes. There are some limitations, as the data sent from a connected device to the compromised router is apparently still safe, but anything headed t'other way is wide open, and could even be supplanted by bogus bits sent from a Cheetos-munching hacker slouching in a rusty Ford Taurus in the parking lot. Don't believe us? Tews was the guy able to crack WEP in under a minute last year, ironically advising people to switch to WPA ASAP at the time. We can only assume WPA2 is next.

We hate to be bearers of bad news, but it looks like those of you squeaking by on a WEP-protected or unprotected wireless router have yet another reason to undertake the difficult task of selecting "WPA" on that router admin screen. A team of researchers at Indiana University have published a paper on how easily malware could spread through a densely populated area, with unprotected routers providing zero resistance, and WEP moderately more, while WPA proved generally unhackable. The spread of the malware was alarmingly similar to a biological virus, and while no such router "WiFi flu" has yet been developed by nefarious types, it's probably only a matter of time before something of its ilk takes a city by storm. In test attacks, after the initial infection phase, 10-55 percent of the routers were infected. We can do better, people. Oh, and to the guy upstairs: thanks for all the WiFi these years, those torrents will probably never be traced back to you, so don't worry.

Oh my, the 5-0 won't like this one bit. Meet The Slurpr, a WiFi access point which aggregates up to six "available" (read: unprotected) 54Mbps WiFi channels into one bigazz, "free" connection. It's the latest invention by Dutch hacker, Mark Hoekstra and his new sidekick (or is it the other way around?) Boris. Of course, use of the Slurpr in its current incarnation will likely violate wardriving laws in at least few countries. So the inclusion of Mark's next feature -- 64/128-bit WEP-cracking -- could well land you in a Turkish prison. Still interested, Billy? Then head on over to Mark's site where you can pre-order the €999 / $1,347 box today.

[Via Bomega]

Last fall, NEC took its WARPSTAR lineup into the realm of draft-N with the Aterm WR8200N, and thanks to all this Draft 2.0 hubbub that's going around, apparently it figured now would be a good time to hop on the next bandwagon. The Aterm WR8400N four-port router and Aterm WL300NC PCMCIA card both tout theoretical transfer rates of around 300Mbps, are backwards compatible with 802.11a/b/g devices, support "Multi SSID" / WEP / WAP protocols, and can automatically detect and connect to signals in both the 2.4GHz and 5GHz bands. No word just yet on price nor availability, but we're sure it'll get lost in the crowd of similar alternatives before too long anyway.

[Via Impress]

It's not too tough these days to find a router with HD streaming in its arsenal, but D-Link is aiming for a slightly different set with its dual-band Xtreme N Duo MediaBridge. Essentially, this liaison connects to your existing router in order to add 5GHz 802.11n abilities to your setup, which purportedly "helps avoid interference by allowing the user to use the 5GHz frequency band to provide a stable high-performance wireless link for streaming HD video." Clearly designed with the DIR-655 in mind, this device also allows up to five Ethernet-enabled media devices to become attached on a separate unit for even more high-definition WiFi streaming. Notably, the DAP-1555 itself doesn't seem to double as an Ethernet router, and unfortunately, you'll have to wait until the thing ships in Q3 to find out how much it'll dent your wallet.

[Via SmallNetBuilder

It's no secret that WEP isn't quite the cat's pajamas anymore when it comes to WiFi security, but the aging protocol is still used in a good many networks -- 59% in a recent survey of a large German city -- and has just been hacked beyond repair by a few security analysts. Back in 2001 when WEP was originally hacked, it took around 4 million packets of data to crack a security key. Later hacks have managed to use significantly less packets and hack a system in minutes. However, a recent development by the folks at Darmstadt University of Technology in Germany have managed to extract a 104-bit WEP key in three seconds, using a 1.7GHz Pentium M processor. It takes under a minute to collect the necessary 40,000 - 85,000 packets of data, and the hack could potentially be carried out by a strolling cellphone or PDA user. The obvious move is to switch your network to WPA, but if you've got old school hardware holding you back, there are a few security programs that can foil the attack on WEP -- for now.

For those of you who happen to be in the predicament of owning a svelte hybrid cellular / WiFi phone, yet can't get cellphone service back in the boondocks where you reside, Actiontec is kicking out a range-extending router to help you make and receive calls on your mobile handset via WiFi. Touted as a "world's first," the Wireless FMC Router acts a standard four-port 802.11b/g/n router, supports WPA2 / WEP, and comes with a rather robust firewall to keep your conversations guarded from snoopers. Additionally, it facilitates call switching between the mobile and home WiFi networks as users move in and out of the house, giving you the option to connect via your cellular network or over VoIP with the same handset and same number. Aside from acting as a "middleman between the broadband and cellular networks," it can connect / drop from the WiFi / mobile networks on-the-fly while conversing, and can purportedly support "all major carriers" as well. So if you're thinking of consolidating the amount of phone numbers attached to your name, and don't mind picking up a hybrid handset, this multifaceted router will be able to simplify your conversations for $179.99 when it lands in Q2.

What's better than TRENDnet's pre-802.11n gear? How about an 802.11b/g-compliant device that you can actually rest assured works with basically every other piece of WiFi kit out there? The TEW-445UB is a 108Mbps-capable wireless USB 2.0 / 1.1 adapter which sports a fairly small 2.8- x 2.1- x 0.7-inch enclosure and plays nice with Windows only. Aside from supporting "Super G" technology and WEP / WPA encryption, it boasts a high power output for up to 23dBm of range, a detachable 2dBi antenna, and claims to cover "50 to 100" meters indoors while blanketing "150 to 300" meters outside. While nothing here is particularly revolutionary, the respectable $72 pricetag fits the package quite well, and it should be showing up in stores real soon.

You've heard of black hat hackers and white hat hackers, but what about leather hat hackers? Meet the first: Kyle Williams. This creative genius has built the ultimate network hacking PC, the "Janus Project," which can focus its eight WiFi cards to break your standard WEP encryption in under five minutes. Beyond that, it can sniff 300 WiFi networks simultaneously, store and continuously encrypt all the data with AES 256-bit keys. In addition, the Janus Project has an instant off switch, which requires a USB key that has a 2000-bit passkey and a separate password to regain access. What's under the hood? Williams packed an Ubuntu Linux machine running on a 1.5GHz VIA C7 processor with an Acer 17-inch screen into that snazzy little rugged yellow box. Oh, and the closed case is waterproof too, in case you need to transport Janus Project on a whitewater raft to your next hacking hotspot. We don't doubt someone will.

[Via The Raw Feed]

If you're looking for the perfect camera to take on your next vacation to the Amazon rainforest or Sahara desert, look no further than Ricoh's upcoming Caplio 500SE; like the 500G that preceded it, this 8 megapixel ruggedized shooter also sports a water-, shock-, and dust-resistant casing, but throws in some sweet wireless action to offload your pics no matter where you are. The high end Model W not only features a WEP- and WAP-secured WiFi radio like several other products on the market, but is one of the first imaging devices to also include Bluetooth 2.0 in the mix. No hotspot? No problem -- just transfer the pics over to your smartphone and release them onto the Internet wherever a cellular connection is available. Besides the dual radios, you're getting a 3x optical zoom, 2.5-inch LCD, 26MB of internal memory (enhanced via SD), and rather underwhelming QVGA video capture that may not even include sound. Still, this is a hell of a package (both in terms of its feature set and its weight: 482 grams fully loaded) with a price to match -- ¥130,200 ($1,100) for the Model W and ¥115,500 ($990) for the WiFi-less Model B when they ship sometime this winter and September 1st, respectively.

[Via The Raw Feed and dottocomu]

Setting up a secure wireless network is no easy task, due in part to the array of confusing, conflicting, and sometimes even downright ineffectual (we're looking at you, WEP) solutions to the problem. Enter the WiFi Alliance's WiFi Protected Setup, or WPS, a program slated for release later this year that aims to ease the process of securing home users' wireless networks and is intended to play nice with any WiFi-enabled consumer electronic device (say, a DAP or a camera), as long as the device passes a mandatory lab test first. Tapping into the home user's "I don't care how it works, as long as it does" mentality, WPS will make secure connections as simple as pushing a button on the WiFi-enabled device and the router that it is connecting to, although a PIN-based method is also part of the specification. The new system is similar to Buffalo Technology's Airstation One-Touch Secure System, however, unlike AOSS, WPS is an entirely non-proprietary specification that will fit right into the heterogeneous world of WiFi. Lets just hope wireless chipset and consumer electronics manufacturers get behind WPS and show some love to the peeps that don't know their WEPs from their wallets.

[Via The Register]

We sure wish we'd had Linksys' WTR54GS travel router a few months ago at CES, where press room Ethernet connections were few and far between, and the single venue offering free WiFi seemingly devoid of techs to keep the network running. Mobile Tech Today also seems to think that this 802.11b/g router would have served us well, providing both basic SecureEasySetup-compatible WEP and WPA encryption along with more advanced Stateful Packet Inspection (SPI) and browser-based fine tuning options for regulating traffic. With four out five stars from MTT, the only downside to this 5.2-ounce router is its range, due mostly to the internal antenna, but when you're sitting five feet away from it in your hotel room that probably won't matter too much.

Late last year we told you about Westchester County Executive Andy Spano's law, which proposed making it illegal for Westchester County business to have open WiFi. Well, guess what: it passed. Granted, we've learned a few things about this law that makes us a little less sketch; for example, it only applies to WiFi networks of businesses that store customer credit cards or financial information -- or, to a lesser degree, cafes and hotels and the like, which if operating an open WiFi hotspot, must now post signage advising patrons to use a firewall and be wary of their network security. And even when the law goes into effect in six months it'll just be wrist-slaps: a third-offense business risks receiving a paltry $500 fine. Granted, we have no idea how Westchester plans to enforce scofflaw companies who won't change their default SSIDs (how you gonna identify who's got the Linksys?), install firewalls on servers, and implement WEP or WPA crypto, but we will definitely be keeping an eye out for city positions that read something like: "looking for hacker experienced in wardriving and snarfing / must know kismet, snort, nmap, like tools."

[Via Ars Technica]