wpa
Latest
Microsoft already has a fix for that severe WiFi security exploit (updated)
The "Krack Attack" WiFi encryption security flaw is more than a little frightening, but you should already be relatively safe if you're using a recent Windows PC. Microsoft has released a patch that fixes the vulnerability on all supported versions of Windows (effectively, 8 or later). Windows isn't as susceptible to the flaw as Linux-based platforms like Android, which don't demand a unique encryption key, but this fix may have a significant impact simply through the sheer ubiquity of Windows in the computing world.
Netgear's Universal WiFi Range Extender now available for balding home networks
Few things in life are more aggravating than WiFi dead spots -- especially when you've just settled in to stream the latest Game of Thrones episode, after a long and excruciating week of tech blogging. Good thing that Netgear's Universal WiFi Range Extender, first spotted at this year's CES, is now available for shipping. This discrete white cube promises to bring connectivity to remote regions of your lair by automatically mirroring the wireless signal emitted from your gateway. Just use the device's LED indicator to find the area where the extender would optimize its reach, plug it into any ol' AC outlet, and those ugly pockets of wireless death will suddenly spring back to life (think of it as Rogaine for your WiFi router). It also supports 802.11 b/g/n and is compatible with WEP, WPA and WPA2 security standards, in case you were wondering. You can find the extender at retailers located all over this green Earth, where it'll be priced at around $90. If that tickles your fancy, head past the break for the full PR.
FaceNiff makes Facebook hacking a portable, one-tap affair (video)
Remember Firesheep? Well, the cookie snatching Firefox extension now has a more portable cousin called FaceNiff. This Android app listens in on WiFi networks (even ones encrypted with WEP, WPA, or WPA2) and lets you hop on to the accounts of anyone sharing the wireless connection with you. Right now it works with Facebook, Twitter, YouTube, and Nasza-Klasa (a Polish Facebook clone), but developer Bartosz Ponurkiewicz promises more are coming. You'll need to be rooted to run FaceNiff -- luckily, we had such a device laying around and gave the tap-to-hack app a try. Within 30 seconds it identified the Facebook account we had open on our laptop and had us posting updates from the phone. At least with Firesheep you had to sit down and open up a laptop, now you can hijack Twitter profiles as you stroll by Starbucks and it'll just look like you're sending a text message (but you wouldn't do that... would you?). One more image and a video are after the break.
ElcomSoft turns your laptop into a one-touch WiFi cracking system
It's been a few years since we checked in with Elcomsoft's Wireless Security Auditor WiFi cracking software. As you'd expect, things have become easier, much easier. Elcomsoft now has an all-in-one solution that will locate wireless networks, intercept data packets, and crack WAP/WPA2 PSK passwords from any modern laptop with a discrete ATI AMD or NVIDIA graphics card. Here's the quote IT nerds will surely we love: Today, ElcomSoft is integrating a wireless sniffer into Elcomsoft Wireless Security Auditor. The integrated sniffer turns Elcomsoft Wireless Security Auditor into a one-button, all-in-one solution ready to be used by corporate security officers without specific experience in information security. Call us crazy, but if you're a C-level security officer with no specific information security experience then maybe you shouldn't be sniffing people's data packets. Then again, we're sure ElcomSoft will happily sell their $1,199 pro software or $399 standard edition to any hacker willing to pay, white hat or not.
Nintendo DSi XL review
Since Nintendo first asserted sole domination over the handheld gaming market with the release of the paperback-sized Game Boy in 1989, the company has striven time and again to make its pocket systems smaller, meeting fantastic financial success along the way. Nintendo did it with the Game Boy Pocket, the Advance SP, the Micro, the DS Lite and again ever so slightly with the DSi -- the last even at the expense of backwards compatibility and battery life. Now, for the first time in the company's history, it's made an existing platform bigger, with questionable reasons as to why. Does the Nintendo DSi XL squash its predecessors flat? Or is Nintendo compensating for something? Find out inside. %Gallery-89058%
WPA networks cracked in just under a minute, researchers claim
To think it was just a few months ago that we thought taking 15 minutes to crack WPA encryption was a feat. Researchers from Kobe University in Japan are claiming they can best that by a wide margin by cracking any WPA-protected connection using the TKIP algorithm within just one minute flat. The details will be revealed at a tech conference on September 25th. Feeling paranoid? Bump up your encryption to the still-secure AES algorithm or WPA2... and if you're just wanting to live life on the edge, consider downgrading to WEP -- it's as good as open at this point anyway.
Apple also releases iPhone OS for iPod touch 2.2
Apple also released a firmware update for iPod touch, bringing it in line with most version 2.2 updates for iPhone released a little while ago. It doesn't appear, however, that iPod touch users get the enhancements to the Maps app that iPhone users do. (Thanks, Guillermo!) The update contains enhancements to Mail, fixes connection issues with WPA-secured wireless networks, improves Safari stability, and includes a new preference to turn off auto-correction for typing. Also, podcasts are now available for download from within the iTunes app, and pressing the Home button from any home screen will now take you to the first home screen. Several security enhancements are included, too, updating CoreGraphics, ImageIO, networking, Office Viewer, Passcode Lock, Safari and Webkit. A complete list of security updates is available on Apple's website. The update is available by clicking "Check for Update" with your iPod selected in the Devices area of the sidebar in iTunes.
WPA cracked in 15 minutes or less, or your next router's free
They always knew it could be done; that a hacker with enough time and processing power could watch your WPA-protected wireless network and, eventually, decrypt your precious datas. In under 15 minutes, though? "Inconceivable!" those hypothetical security experts would say -- but they're about to get a lesson from WiFi wizard Erik Tews. He'll be giving a presentation next week at the PacSec Conference in Tokyo, describing the "mathematical breakthrough" that, he says, enables him to crack WPA-TKIP in 12 to 15 minutes. There are some limitations, as the data sent from a connected device to the compromised router is apparently still safe, but anything headed t'other way is wide open, and could even be supplanted by bogus bits sent from a Cheetos-munching hacker slouching in a rusty Ford Taurus in the parking lot. Don't believe us? Tews was the guy able to crack WEP in under a minute last year, ironically advising people to switch to WPA ASAP at the time. We can only assume WPA2 is next.
Elcomsoft uses NVIDIA GPUs to crack WPA2
Elcomsoft has been using NVIDIA's CUDA GPU computing architecture to accelerate its Distributed Password Recovery tool for a while now, but it looks like the latest version of the cracking utility takes it to the next level -- it can break a WPA2 password using two GeForce GTX 280-based boards 100 times faster than with just a CPU. It's still a brute-force crack, but only a few packets need be sniffed, and the GPU accelerates the algorithm used to generate keys significantly -- even laptop-grade 8800M and 9800M GPUs speed things up 10 to 15 times. We wouldn't worry too much about wardrivers with trunk-mounted bladeservers going nuts, however -- the base version of the software costs $599, and things ramp up to $5,000 pretty quickly.[Via HotHardware]
Viral "WiFi flu" router virus almost as fun as the real thing
We hate to be bearers of bad news, but it looks like those of you squeaking by on a WEP-protected or unprotected wireless router have yet another reason to undertake the difficult task of selecting "WPA" on that router admin screen. A team of researchers at Indiana University have published a paper on how easily malware could spread through a densely populated area, with unprotected routers providing zero resistance, and WEP moderately more, while WPA proved generally unhackable. The spread of the malware was alarmingly similar to a biological virus, and while no such router "WiFi flu" has yet been developed by nefarious types, it's probably only a matter of time before something of its ilk takes a city by storm. In test attacks, after the initial infection phase, 10-55 percent of the routers were infected. We can do better, people. Oh, and to the guy upstairs: thanks for all the WiFi these years, those torrents will probably never be traced back to you, so don't worry.
KisMAC dev calls it quits
Reader Andrew dropped a note that Michael Rossberg, developer of KisMAC, the wireless network sniffer based on Kismet, has declared the project discontinued. I can't get the project's website to load (most likely because it's been Slashdotted), but apparently the reason Rossberg gave was that a change in Germany's laws would make it dangerous for him to continue working on it. The law apparently makes it illegal for anyone to sniff out a password that "allows access to data", and since that's a big part of KisMAC's function, Rossberg is calling it quits.But he is asking for interested parties to continue his work, in the EU or the US, so if the site ever returns, feel free to grab the source and check it out yourself. Of course, from what Slashdot commenters are saying, this isn't much of a loss anyway-- the program hasn't seen any real updates in a long time, and apparently it didn't even work with the new MacBooks. In terms of network finders, there's lots more to choose from (including iStumbler, which I didn't mention in the other article), but in terms of cracking WEP and WPA keys (legally, of course), are there any other OS X specific options out there?Update: Clarification: the program will run on MacBooks, but it doesn't do anything but find networks, which is just a fraction of the intended functionality.
NEC's goes 802.11n Draft 2.0 with Aterm WR8400N router / PCMCIA card
Last fall, NEC took its WARPSTAR lineup into the realm of draft-N with the Aterm WR8200N, and thanks to all this Draft 2.0 hubbub that's going around, apparently it figured now would be a good time to hop on the next bandwagon. The Aterm WR8400N four-port router and Aterm WL300NC PCMCIA card both tout theoretical transfer rates of around 300Mbps, are backwards compatible with 802.11a/b/g devices, support "Multi SSID" / WEP / WAP protocols, and can automatically detect and connect to signals in both the 2.4GHz and 5GHz bands. No word just yet on price nor availability, but we're sure it'll get lost in the crowd of similar alternatives before too long anyway.[Via Impress]
WEP security gets busted yet again
It's no secret that WEP isn't quite the cat's pajamas anymore when it comes to WiFi security, but the aging protocol is still used in a good many networks -- 59% in a recent survey of a large German city -- and has just been hacked beyond repair by a few security analysts. Back in 2001 when WEP was originally hacked, it took around 4 million packets of data to crack a security key. Later hacks have managed to use significantly less packets and hack a system in minutes. However, a recent development by the folks at Darmstadt University of Technology in Germany have managed to extract a 104-bit WEP key in three seconds, using a 1.7GHz Pentium M processor. It takes under a minute to collect the necessary 40,000 - 85,000 packets of data, and the hack could potentially be carried out by a strolling cellphone or PDA user. The obvious move is to switch your network to WPA, but if you've got old school hardware holding you back, there are a few security programs that can foil the attack on WEP -- for now.
DS Daily: Router issues and WiFi problems
Reader wiiminator is having router issues when it comes to his DS WiFi. Since switching to an Apple Airport Extreme router, he's unable to take his DS online. He says the issue seems to have something to do with security options, which could definitely be it, since the DS doesn't like WPA. But instead of throwing out a bunch of theories, since we don't know how wiiminator's security is configured, we thought we'd see about a group powwow today. If you've had issues with any aspect of your WiFi connection, throw 'em out there ... and those of you in the know, here's your chance to show off. It's not always the best network, but it's what we've got, and we should do what we can to make sure everyone can play.
Actiontec unveils range-extending Wireless FMC Router for mobile / WiFi hybrid phones
For those of you who happen to be in the predicament of owning a svelte hybrid cellular / WiFi phone, yet can't get cellphone service back in the boondocks where you reside, Actiontec is kicking out a range-extending router to help you make and receive calls on your mobile handset via WiFi. Touted as a "world's first," the Wireless FMC Router acts a standard four-port 802.11b/g/n router, supports WPA2 / WEP, and comes with a rather robust firewall to keep your conversations guarded from snoopers. Additionally, it facilitates call switching between the mobile and home WiFi networks as users move in and out of the house, giving you the option to connect via your cellular network or over VoIP with the same handset and same number. Aside from acting as a "middleman between the broadband and cellular networks," it can connect / drop from the WiFi / mobile networks on-the-fly while conversing, and can purportedly support "all major carriers" as well. So if you're thinking of consolidating the amount of phone numbers attached to your name, and don't mind picking up a hybrid handset, this multifaceted router will be able to simplify your conversations for $179.99 when it lands in Q2.
Another potential fix for Intel Mac + Airport station problems
If you're using an Intel Mac with any of Apple's AirPort base stations, you might have noticed some 'less than stellar' performance after updating to 10.4.8, as well as wonky connection problems that Apple tried issuing a support doc for. As an owner of both a MacBook and an Intel Core 2 Duo iMac, I can personally vouch that Apple's doc has a ways to go before it solves this most frustrating of wireless problems.While troubleshooting this issue over the weekend, I came across a few new threads at Apple's discussion forums for AirPort and, more specific to my setup, the AirPort Express. In particular, this AirPort Express-related thread contains some theories and potential solutions from other users in a similar boat. Being that it is now Wednesday, I'm happy to say one of them seems to be working well for me so far, though your mileage may obviously vary. Here's a rundown of my personal setup and the remedy that's bringing some sanity back to my wireless world: typically, I roll with WPA2 Personal security, and since these sketchy connection issues began I've been playing with settings like Interference Robustness and adjusting my APE's (AirPort Express) channel, etc., but to no avail. As it turns out, users in these forums are beginning to suspect wireless security (at least WPA, not sure about WEP, which seems to be making the ill-advised list these days anyway) as part of the problem, so I simply reset my station with no security. For the past three days, this setup has been working like a charm, though it's understandable if no security simply isn't an option for some users. To help keep our network to ourselves, I turned on 'Create a closed network' in the AirPort tab of the AirPort Admin Utility (that's Apple-speak for "hide SSID"), which simply meant I had to type in my network's name manually from the AirPort menubar item - but you should only have to do this once.Again, YMMV, but there are a few potential solutions in Apple's discussion forums for these increasingly frustrating AirPort connectivity issues. Let's hope we don't have to keep jury-rigging our base stations for long, and Apple can issue a fix so the "it just works" reputation can actually apply to these things again.
TiVo raises rates, limits WPA to own WiFi adaptor
Doing away with the generally well-regarded lifetime subscription was unfortunate albeit bearable, but now TiVo is really pressing its luck. Just in time for folks to slash that pricey Series3 off their holiday wishlist, the widely adored DVR company is not only upping its monthly service rates for new customers and those currently on prepaid plans, but also limiting WPA support to its own TiVo Wireless G Adapter. Just days after teasing high-rollers with its chromed-out $50 "premium remote," TiVo has announced that monthly rates are being raised to $19.95 per month for those in one-year commitments (up from $12.95 monthly), $14.95 per month if you're locked in for 24 months, and $12.95 monthly if you make the huge mistake of signing up for three solid years. For additional units in your crib, the extra $6.95 per month is now up to $13.95, $8.95, or $6.95 depending on your 1/2/3-year commitment. In a move to seemingly further limit your choices (and make things easier on its own tech support personnel), your only option for utilizing WPA on that Series2 / Series3 box is to fork out for TiVo's own 802.11g device. Apparently TiVo either thinks we're all made of money, or there's simply a lack of alternative DVR solutions waiting to take its place on your AV shelf -- both of which are probably incorrect assumptions.Read - TiVo's wireless adaptor supports WPA [Via Zatz Not Funny]Read - TiVo's new service rates
Apple issues support doc for wonky AirPort performance on Intel Macs
Sketchy AirPort performance has been bugging me for weeks, probably over a month now, and I've been going through all forms of troubleshooting with my AirPort Express trying to squash the issue, but to no avail. My MacBook and iMac drop their Wi-Fi connection seemingly at random, sometimes right in the middle of Unreal online, and never regain it unless I manually re-select the network. I've been following the typical methods of changing channels on the APE, reducing range and using Interference Robustness - but it's all been for naught.Now, Apple has released a support document that might provide a solution for those like me who are experiencing less-than-stellar AirPort reliability and connectivity with their Intel Macs. The document specifies that these issues are related to the use of WPA2 and upgrading to 10.4.8, and I can't offer any feedback just yet as to whether my problem has been solved, but this doc is at least a step in a troubleshooting direction other than 'pull out more hair.' Feel free to share your experiences and any solutions in the comments.[via HardMac]
Simple, safe WPS WiFi security around the corner
Setting up a secure wireless network is no easy task, due in part to the array of confusing, conflicting, and sometimes even downright ineffectual (we're looking at you, WEP) solutions to the problem. Enter the WiFi Alliance's WiFi Protected Setup, or WPS, a program slated for release later this year that aims to ease the process of securing home users' wireless networks and is intended to play nice with any WiFi-enabled consumer electronic device (say, a DAP or a camera), as long as the device passes a mandatory lab test first. Tapping into the home user's "I don't care how it works, as long as it does" mentality, WPS will make secure connections as simple as pushing a button on the WiFi-enabled device and the router that it is connecting to, although a PIN-based method is also part of the specification. The new system is similar to Buffalo Technology's Airstation One-Touch Secure System, however, unlike AOSS, WPS is an entirely non-proprietary specification that will fit right into the heterogeneous world of WiFi. Lets just hope wireless chipset and consumer electronics manufacturers get behind WPS and show some love to the peeps that don't know their WEPs from their wallets.[Via The Register]
TRENDnet announces upcoming pre-n gear
All of the controversy, delays, and performance concerns surrounding the IEEE's notorious pre-802.11n wireless networking spec haven't deterred TRENDnet from being the latest to announce a new family of products based on the non-final version of the MIMO-powered, next-gen WiFi standard. As you'll recall, there's been no small amount of concern that pre-n gear won't play nicely with legacy 802.11a/b/g equipment, which is why TRENDnet goes it out of its way to stress the "good neighbor behavior" exhibited by its WPA and SPI-protected TEW-631BRP router and TEW-621PC PC card -- both of which use Atheros' XSPAN technology to supposedly ensure interoperability in mixed-network environments. TRENDnet promises real-world speeds of between 150Mbps and 180Mbps , which in theory should be enough to stream around a little HD content and download some torrents while you're chatting on your wireless VoIP handset about that great post you're reading on Engadget. Both new products, along with a $150 access point and a $100 PCI adapter, are scheduled to ship on July 25th, with the router priced at $130 and the card going for an even $100.
