Had to turn it off on my router last night. The WPS button was flashing -- what happens when someone is sending out a signal of trying to connect to the router, or when one pushes the WPS button on the router.
The router utilizes an 8-digit PIN for its WPS, which is not particularly difficult to break when it is all-numerical, but a brute force attack is made difficult on Netgear - which is what I have - routers because they go into WPS shutdown after a series of failed WPS attempts.
Since this US-CERT report last December of a successful brute-force attack made simple by WPS' inherent design flaws, I'd been meaning to turn off my WPS and switch back to manual WiFi setup. Seeing the flashing WPS button last night was the trigger that made me finally attach my netbook to the router and change router settings. Updated the firmware, too, while I was at it.
Now someone could still attempt an older-style brute force attack, but it is made much more difficult after I reverted to my 24-character PIN. It would take several dozen years (for most casual hackers), even after taking into consideration, Moore's Law.
No comments:
Post a Comment