Wifi Protected Setup is a feature built into Windows that makes it easy to setup home cable/(a)dsl modems. WPS is alo built in to almost all consumer routers sold over the past several years. Below is more detailed explanation of WPS is and what has been discovered that makes it so dangerous to have enabled.
Last month a serious security flaw was discovered in WPS. This caught hacker and WiFI device vendors by surprise. Hackers were unaware and haven’t had time to write any code to make use of this attack and WiFi device manufactures haven’t had time to create a patch to fix this vulnerability. Once your network is setup, it’s highly advisable to disable WPS to avoid some of the risks.
What is it and Why was it created?
The Wi-Fi Protected Setup (WPS) is an auto-magic setup system that configures your Windows computer to access the Internet via a consumer gateway/router device. WPS was created to help unsophisticated users secure their wireless router and connect different devices to their wireless network with ease. It works, and it works well, but not without some issues.
How WPS Works
Every router that supports WPS has an eight-digit pin printed on the back and a set-up button. When you try to connect a wireless laptop or wireless printer to your wireless network, it will ask you for that 8 digit pin or to press the button. It was thought 8 digits would be good enough from a security point of view since someone would have to be parked on your curb for the next 6.3 years trying to find the correct combination of all 8 digits. (After guessing 3 wrong PINS the router goes into a lock-down state for 60 seconds. So only 3 different 8 numbers combinations can be tried every 60 seconds, doing the math it would take about 6.3 years to try all of the combinations.)
What went wrong
The WPS designers split the 8 digits of the PIN into 2 sets of 4. All that has to happen now is the first 4 have to be found first. 4 digits only have a 10,000 possible number combination. Once the first 4 numbers are found, the router proclaims “You’ve found the first four” giving, in essence, a checkpoint at which to save the progress before finding the last 4. So instead of having to guess an 8 digit combination, all that has to be guessed now is two 4 digit combinations and that takes considerably less time. So we’ve now gone from taking a maximum 6.3 years down to about 1 day. But of course, in some cases it gets worse since some routers do not even go into a lock-down state for 60 seconds after 3 failed attempts. These devices allow as many guesses as can be thrown at it. This means someone could potentially connect and compromise your secured WiFi network in a few hours.
How to protect yourself
All router manufactures have to add WPS to their routers and turn it on by default in order to be certified by the Wi-Fi Alliance. So for the last several years every router has WPS built in and has it enabled by default.
Let’s start by seeing if your router even has WPS. This can be done one of 2 ways. First check the front of your router for a big WPS push button. If you don’t see a push button on the front of the router, look on the back of the router for a sticker that contains an 8 digit pin.
There are 3 ways you can protect yourself if your router has WPS…. Or maybe not.
1) Disable WPS via the web interface on your router. In some cases, even though you turn off WPS, the router doesn’t listen. So to make sure WPS is really turned off do the following: Find a Windows 7 computer with Wi-Fi and remove your current Wi-Fi connected network from the machine and try to reconnect to it. If it prompts you for the WPS pin then, WPS is still enabled. If it prompts you for the WPA key then WPS has been successfully disabled.
Warning – Turning this setting off in the router’s firmware doesn’t necessarily turn off WPS. On Netgear routers changing the setting from ENABLED to DISABLED only changes menu selection, it does not turn the WPS off in the router.
2) Firmware update. To correct this WPS issue all together will require a firmware update to the router. It should be a really easy thing to fix so router manufactures should be releasing router updates shortly. The fix simply requires the input of all 8 numbers not the present system of 2 sets of 4. A firmware update will also be needed if you have a router that will not disable properly. (Netgear)
3) Use alternative firmware like Tomato or DD-WRT. Both of these 3rd party firmware’s do not have support for WPS built into them so they are not susceptible to the WPS attack. Here is a link to a Google docs spreadsheet which has been kept up to date by users of the internet as to which routers have WPS and which routers it can be disabled and it stays off.
Interestingly Apple is immune from this flaw. The AirPorts use a one-time-use 8 digit PIN where all other manufactures use a PIN printed on the label. (Not so easy to change.)
Pac IT Pros members: You might find this article interesting, Facebook Sees 600,000 Compromised Logins Daily.
or full URL
Windows 8 VM compatibility
• Hyper-V in Windows 8 Developer Preview
• Hyper-V in Windows Server 2008 R2
• VMware Workstation 8.0 for Windows
• VirtualBox 4.1.2 for Windows
• Microsoft Virtual PC (all versions)
• Microsoft Virtual Server (all versions)
• Windows 7 XP Mode
• VMWare Workstation 7.x or older
Pac IT Pros members:
The FBI is sending out a notice that the group Anonymous is planning a DoS attack this weekend.
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
To SF Bay InfraGard members:
Please review the FBI Intelligence Bulletins describing planned activity by the group Anonymous, as well as planned activist events scheduled to begin tomorrow that have been posted on the secure InfraGard web site.
If this exploit is released as planned, your network could experience a denial of service or compromise. It may target the financial sector more than others. Please ensure all systems are at up to date patch levels. If you experience any affects which you reasonably believe are related to this activity, please contact the FBI.
If you need to reactivate your secure access contact the InfraGard Help desk: 877-861-6298
John B. Chesson
Special Agent FBI
San Francisco Division
SF Bay InfraGard Chapter Coordinator
September 16, 2011 | Leave a Comment
Pac IT Pros members:
Windows 8 (dev preview) is ready for download and preview as is the keynote from //Build/. (Doesn’t the keynote speaker Steven Sinofsky look like Steve Jobs?) Microsoft is saying any computer (32, 64, or ARM) as well as any apps which runs on Windows 7 will (or is supposed) work better on Windows 8. Are you ready Metro style applications?
TechDays – SharePoint administration for the unexpected administrator
You still have time to register for our SharePoint administration for the unexpected administrator workshop – Friday September 23, 2011, 10–5pm in San Francisco. Cost is only $99 and you will be learning from the women who wrote the book on SharePoint.
The North America MCT Summit: And your Opportunity to Become an MCT
The upcoming 2011 North American MCT Summit offers a unique opportunity for anyone seeking to become a Microsoft Certified Trainer (MCT). Prior to the event, on October 18, there will be a 1.5 day train-the-trainer (TTT) boot camp. This will, assuming successful completion of the session, satisfy the presentation skills requirement for becoming an MCT. Because the boot camp will be right before the MCT Summit, held October 19—21, upon completion you can then attend the Summit where you’ll be able to connect with other MCTs and continue to expand your skill set. The cost for the event is US$700, which includes the TTT event, your MCT fee through the current enrollment period (which ends in April of 2012), and entry to the MCT Summit. Learn more about the MCT Summit.
Apple has selected Microsoft’s Azure and Amazon’s AWS to jointly host its iCloud service, The Reg has learned.
We understand that Apple has barred Microsoft and Amazon from discussing what would otherwise be a high-profile deal, especially for Microsoft’s fledgling Azure cloud service.
But Reg sources close to Microsoft this week confirmed rumours circulating in June that Apple’s iCloud is running on Azure and Amazon. Customers’ data is being striped between the pair. iCloud was released as a beta in August and is expected by the end of this year.
The full story can be found at,
http://www.theregister.co.uk /2011/09/02/icloud_runs_on_ microsoft_azure_and_amazon/
September 6, 2011 | Leave a Comment
Pac IT Pros members:
Check this out this article NASA sending Android Phones Into Space to Work With Robots?
http://www.ibtimes.com/artic les/207346/20110901/nasa-sen ds-android-into-space-to-wor k-with-robots.htm
There’s a video about half way down the page.
SF Members – We have a meeting tomorrow night. RSVP if you haven’t yet at http://www.pacitpros.org
I’ve go two short presentations for you on two non-supported Microsoft utilities, PrivBar and Desktops. As and IT Pro you might find them handy – I have. I’ll give you a quick demo and tell you how I use them both daily.
LA members I will coordinate with Jessica to have someone in LA give the same presentation.
Apple tests new iPhone App to recover lost iPhone 5
Hope you are following this one? Another Apple employee leaves a prototype iPhone in a bar. Someone takes it. Apple tracks the phone using cell and WiFi triangulation to residence in SF. Somehow Apple gets the SF Police to accompany Apple PIs to the residence. The SF police wait outside while the Apple PI’s gave the impression they are really the police and search the residence and they guys computers for the phone. No phone is found. The PIs no the police had a search warrant; they just used intimidation tactics instead. I think this is all a cover-up for testing Apple’s new app for recovering lost and stolen phones?
Hope to see you at tonight’s meeting.
Pac IT Pros members:
Internet security reachers recently noticed a spike in RDP or TCP port 3389 traffic. Turns out there’s a worm out there that’s successfully using a dictionary attack against Windows servers/computers with RDP enabled. Once infected it loads bot software and attempts to find other weakly protected RDP enabled computers. This is NOT a flaw or vulnerability, it’s just Admins using standard accounts names and weak passwords. This would not be an if Admins were not standard account or dictionary found accounts with simple passwords for accounts with RDP privileges. Any computer connected directly to the Internet, (public IP address) and computers your boarder firewall or NAT router is forwarding to is vulnerable. If your boarder firewall blocks TCP port 3389 you should be alright as long an internal machine has not been infected. This is a worm so infected machines “look” for other non-infected machines to infect. If you have Internet traffic monitoring capabilities you might want to watch for an unusual TCP port 3389 traffic.
http://www.informationweek.c om/news/security/attacks/231 600470
Interesting such a simple attack is successful now a days. Guess there are Admins out there who still haven’t learned security basics. Remember re-naming the Admin account to another name does nothing in terms of security. Even though the name has changed the account can still be identified by it’s SID.
Think twice about on-line dating. A women meets a guy online and they arrange for a first date. The women for safety reasons decides to drive. The guy tells the women he needs to make a quick stop before they go on their date. The women drives, sits behind the wheel as the guy disappears for a few minutes. He then comes running and say go – go -go. Turns out the guy just committed a robbery and she was unknowing the get-a-way driver. Woohoo what a first date that must have been.
Pac IT Pros members:
Fellow MVP, and long distance Pac IT Pros member Thomas Lee from the UK is writing a series of articles for us on Microsoft’s BUILD conference. His post can be found on the Pac IT News site. http://www.pacitnews.org/ (Build is the new name for what was formerly called Microsoft Professional Developers Conference or PDC which was Microsoft’s near-annual gathering for developers.)
The conference is sold out and has been for quite a while so we are lucky be getting an inside scoop from someone who will be there reporting from an IT Pro point of view. I’ve know Thomas for many years now and he will give us an honest opinion from and IT Pros point of view.
The big news from this conference is Windows 8, desktop and server. As an IT Pro you probably would not be interested in conference sessions but you should be very interested in the next version of Windows. Windows 8 should be another mile stone improvement over previous versions. (Just as Win 95, 2000, XP, and Win 7 were.) Some of the big changes leaked so far have been new GUI with tiles (like on Windows phones) for full tablet/slate/pad. Microsoft has been saying Windows 8 is going to have a different look and feel while retaining backwards compatibility for previous version of software and will run on hardware capable of running Windows 7.
It’s going to be interesting – Will it be a Vista or Windows 95? Thomas will keep us informed.
http://www.pacitnews.org/ Register to post comments and question for Thomas.
If you have been following my pre-BUILD conference posts here, you’ll know that not a lot of official details have emerged from Microsoft as to what will be in Win8 and what Win8 will look like when it eventually ships. Much like they did with Windows 7, Microsoft is using a blog, Building Windows 8, to begin to explain the contents of Windows 8. This week has seen the publication of three blog articles looking at: USB 3 support, Improving File Management Basics, and File Name Collision Experience. Each blog entry is lengthy and goes into considerable detail about the specific subject.
Each of these blog entries has attracted a huge amount of comments – which range in focus and quality. Almost as to be expected, some are unhelpful (why do Apple Fan Bois think that posting anti-windows stuff on a Win 8 blog is going to be useful or helpful in any way). Microsoft has followed up a number of the comments with more detail – and while there’s an awful lot of comments to trawl through, the comment stream does in the main make good reading.
We’re now just over 2 weeks from the start of BUILD. As I mentioned in earlier articles here, we still do not have any concrete idea of the programme. We know there will be 3 and a bit days of content, but beyond that we have no clues as to who will be speaking, who will be delivering the keynote and who will be speaking in break out sessions. But from what we’ve seen so far on the Building Windows 8 blog, there should be a lot for MS to tell us. So keep listening.