Advertise on Bikeforums.net



User Tag List

Page 1 of 4 123 ... LastLast
Results 1 to 25 of 89
  1. #1
    Senior Member
    Join Date
    Aug 2006
    Posts
    998
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Ignore if not a geek -- WPA cracked

    For you wireless security geeks, looks like WPA got cracked.

    This is WPA-TKIP, not WPA2-AES, so if you are using WPA2, you are OK. WPA was intended to be a transitory protocol, to let older equipment which didn't have the CPU power for AES encryption have non-trivial security.

    For you non geeks, if you are using a wireless Internet connection, get it checked out, because you might have uninvited guests sucking up your bandwidth soon.
    Last edited by mlts22; 11-07-08 at 09:41 AM. Reason: Changed for accuracy.

  2. #2
    Senior Member z415's Avatar
    Join Date
    Apr 2006
    Location
    Gainesville/Tampa, FL
    My Bikes
    Trek 1000, two mtbs and working on a fixie for commuting.
    Posts
    2,347
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    *bleh* I am not too afraid. I just surveyed my neighbors' routers and two are unsecured without even changing the default PW, tsk-tsk. 3 are on outdated WEP. Not like a hacker would target me when all that is out there.

    You think WPA2-TKIP with PSKs would be safe?
    Falling is learning...[SIGPIC][/SIGPIC]...learn to not fall in a box.
    Any good American will watch THIS -and- WHERE WAS MY BIKE MADE?

  3. #3
    phony collective progress x136's Avatar
    Join Date
    Sep 2006
    Location
    San Hoosey
    My Bikes
    http://velospace.org/user/36663
    Posts
    2,958
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ha! Break my WEP, hackers, I dare you!

  4. #4
    Pwnerer Wordbiker's Avatar
    Join Date
    Jun 2005
    Location
    Pagosa Springs, CO, USA
    My Bikes
    Road, MTB, Cruiser, Chopper, BMX
    Posts
    2,878
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've wardriven all the way to Denver from here.

    Fully half the networks I pinged were unsecured. Ya think this will really matter?
    Quote Originally Posted by ahsposo View Post
    Ski, bike and wish I was gay.

  5. #5
    crazy bike girl msincredible's Avatar
    Join Date
    Jul 2007
    Location
    Santa Cruz mountains
    My Bikes
    '07 Orbea Onix, '07 Birdy Yellow, '06 Cannondale Bad Boy (stolen)
    Posts
    3,319
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Given the number of unsecured networks near me that are named "Linksys" and "NetGear", I doubt I have much to worry about.
    Countries I've ridden in: US, Canada, Ireland, UK, Germany, Netherlands, France, China, Singapore, Malaysia
    States I've ridden in: Illinois, Connecticut, Massachusetts, Pennsylvania, California, Nevada, Missouri, Colorado

  6. #6
    Senior Member
    Join Date
    Aug 2006
    Posts
    998
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Maybe I'm just anal. AT&T will soon be charging by the bit over their lines. People with unsecured DSL segments will be feeling the pain when their monthly bill comes in and William Wardriver who lives next door has been downloading via BitTorrent every episode of "Married With Children" in full HD.

    Guess when I buy a new AP, I'm going WPA2-Enterprise. This plus a ZeroShell RADIUS vmware appliance should do a decent job.

  7. #7
    Pwnerer Wordbiker's Avatar
    Join Date
    Jun 2005
    Location
    Pagosa Springs, CO, USA
    My Bikes
    Road, MTB, Cruiser, Chopper, BMX
    Posts
    2,878
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    My security is based upon range.

    If anyone can get close enough to connect with my network...they're also within ***** range.
    Quote Originally Posted by ahsposo View Post
    Ski, bike and wish I was gay.

  8. #8
    BOFH SegFault's Avatar
    Join Date
    May 2008
    Location
    Twin Cities, Minnesota, USA
    My Bikes
    Many.
    Posts
    46
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    "Cracked hard" is a bit of an overstatement of this attack, don't you think?

  9. #9
    Perpetually Amused
    Join Date
    Jun 2008
    Location
    Alabama
    My Bikes
    Bianchi 1885 Veloce
    Posts
    126
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    They pretty much retracted the story this morning.
    The encryption method is still safe, they've 'just' found a way to decrypt short transmitted packets, longer (normal) packets are still safe.

  10. #10
    Belt drive! vtjim's Avatar
    Join Date
    Sep 2004
    Location
    Burlington, Vermont
    My Bikes
    2011 Trek Soho DLX
    Posts
    2,614
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by msincredible View Post
    Given the number of unsecured networks near me that are named "Linksys" and "NetGear", I doubt I have much to worry about.
    +1 My neighbor had an unsecure "Linksys" network. I switched to it from my back yard for kicks one afternoon. He has since changed it to his name and secured it, however.

    Ours is secure, with an unusual name, and doesn't broadcast. WPA2, as well.

  11. #11
    Blasted Weeds Tude's Avatar
    Join Date
    Aug 2006
    Location
    Rochester, NY
    My Bikes
    Trek 1200C, Specialized Rockhopper, Giant Yukon FX, Giant Acapulco
    Posts
    1,182
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Darn you guys! How am I ever to get on the internet at night with people encrypting their stuff! Hmmph!




  12. #12
    Banned. ModoVincere's Avatar
    Join Date
    Aug 2006
    Posts
    1,626
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    meh.....128 character encryption. Should last at least 2 minutes.

  13. #13
    50000 Guatts of power 127.0.0.1's Avatar
    Join Date
    Sep 2008
    Posts
    1,001
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    they only broke the tkip a little bit

    the did not break the encrypted data


    still will take a lot of time and cpu power to break into your actual data stream. about 4 years
    and 1000 nvidia GPU's.

    ------------------
    your attempt at panic is fail
    ------------------
    The early coverage of this crack indicated that TKIP keys were broken. They are not. "We only have a single keystream; we do not recover the keys used for encryption in generating the keystream,"

    AES is immune, and choosing a long network key at or more than 20 characters that are relatively random, can defeat all known brute-force key cracking methods.

    WPA isn't broken.
    Last edited by 127.0.0.1; 11-07-08 at 07:34 AM.
    I like fat bikes
    and I cannot lie.

  14. #14
    You Know!? For Kids! jsharr's Avatar
    Join Date
    Apr 2005
    Location
    Just NW of Richardson Bike Mart
    My Bikes
    '05 Trek 1200 / '90 Trek 8000 / '? Falcon Europa
    Posts
    6,082
    Mentioned
    11 Post(s)
    Tagged
    3 Thread(s)
    If the WPA is cracked, they better get it fixed. Last time we had a bad depression, the WPA saved us.
    Are you a registered member? Why not? Click here to register. It's free and only takes 27 seconds! Help out the forums, abide by our community guidelines.
    Quote Originally Posted by colorider View Post
    Phobias are for irrational fears. Fear of junk ripping badgers is perfectly rational. Those things are nasty.

  15. #15
    The Improbable Bulk Little Darwin's Avatar
    Join Date
    Jul 2005
    Location
    Wilkes-Barre, PA
    My Bikes
    Many
    Posts
    7,286
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I haven't checked my neighborhood lately, but my 79 year old neighbor mentioned that her son used some neighbors wireless with his laptop and she assumed it was mine when I mentioned I ran wireless, but I encrypt and don't broadcast, so I know there is at least one unsecured wireless in my semi-rural neighborhood...

    Actually, I have loaned out my laptop, so I don't even run my wireless router right now, so I am even more secure.

  16. #16
    50000 Guatts of power 127.0.0.1's Avatar
    Join Date
    Sep 2008
    Posts
    1,001
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    as I said I will say again

    wpa is not cracked. it is rekeyed all the time. they can't bust in. by the time the most powerful computers on earth crack into your data, it will be on it's 1 millionth rekey.

    so, useless to try in a real life scenario. even spys can't access it.

    if you pump more data it will rekey even faster


    fail


    WEP is the encryption that is breakable in under 1 minute. most people will use WEP because unpatched
    XP and a lot of Xboxes only use WEP and can't use WPA until they are upgraded
    I like fat bikes
    and I cannot lie.

  17. #17
    kila kila kila
    Guest
    Anything out there that explains wireless security to a layman? I've found some sites, but they all assume a certain level of familiarity that I don't have.

  18. #18
    Senior Member
    Join Date
    Jul 2008
    Posts
    249
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by kila kila kila View Post
    Anything out there that explains wireless security to a layman? I've found some sites, but they all assume a certain level of familiarity that I don't have.
    Same here.

    I figure if my bill goes up because one of my 3 neighbors in range is using my DSL, I'll just unplug it until I want to use it, or use a wire instead.

  19. #19
    Senior Member MrCrassic's Avatar
    Join Date
    Jun 2007
    Location
    Brooklyn, NY
    My Bikes
    2008 Giant OCR1 (with panda bear on the back!)
    Posts
    3,648
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by kila kila kila View Post
    Anything out there that explain wireless security to a layman? I've found some sites, but they all assume a certain level of familiarity that I don't have.
    Think of a wireless connection as packages going up chutes in a mail office preparing for delivery. The mail office is sending packages, routing them to their proper destinations. Imagine for a second that someone wanted to attempt to steal a package while in transit. Wireless security is the protection that keeps that thief from entering the origin of these packages. This probably isn't the best analogy to use, but it's all that I got.

    In a wireless network connection, the computer and the wireless access point where the signal is being originated from are exchanging data "packets" between each other. Each of these packets contains the requested data, as well as header information, which contains important information about the connection established between the two computers. Anyone with a computer and a bit of time can "sniff" out these packets, but wireless security tries to protect this stream of information by authenticating each user that wants to use that wireless network.

    The first form of wireless security that was widely available was the Wireless Encryption Protocol, or WEP. WEP depends on generated hexadecimal keys that had to be entered in order for the computer to gain access. The only problem with this was that snippets of this key was appended onto EVERY packet transmitted between the computer and the access point. This meant that if you waited around a while, you could eventually force a solution to the key and log on.

    This was superseded by Wi-Fi Protected Access, or WPA. This was a much more secure protection mechanism, in that the authentication process was designed to be much tougher to crack. There are different kinds of authentication protocols, which can be a simple as a passphrase (a word or hex key) to as complex as having computers compare certificates against a special server. The former method can be made to be really easily crackable (which is the case for MANY wireless router configurations out there now) to nearly impossible (a truly random passphrase). The later is extremely difficult to crack.

    HOW TO PROTECT YOURSELF.


    With a bit of tech savvy and common sense, it's actually really simple to protect your wireless network from crackers and/or hackers (YES, there's a difference).


    • HIDE YOUR SSID. Your SSID is the name of your wireless network. This can, and should, be hidden, especially if you're in a very public place. Windows has a harder time connecting to networks with hidden SSIDs, but it can do it. Most, if not all, routers provide this option, and wards off a lot of the newbies.
    • USE WPA. As I explained before, WPA is your best bet in protecting your network. With a strong password, it will take even the most powerful computer a long time to crack the passphrase. Some routers have an Easy Setup button that takes care of creating a strong password for you. If your card doesn't support WPA, get one that does.



    Use those two pieces of advice, and you'll be safe and sound.
    Last edited by MrCrassic; 11-07-08 at 08:33 AM.
    Ride more.

    Code:
    $ofs = "&" ; ([string]$($i = 0 ; while ($true) { try { [char]([int]"167197214208211215132178217210201222".substring($i,3) - 100) ; $i =
     $i+3 > catch { break >>)).replace('&','') ; $ofs=" " # Replace right angles with right curly braces

  20. #20
    Senior Member MrCrassic's Avatar
    Join Date
    Jun 2007
    Location
    Brooklyn, NY
    My Bikes
    2008 Giant OCR1 (with panda bear on the back!)
    Posts
    3,648
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by z415 View Post
    *bleh* I am not too afraid. I just surveyed my neighbors' routers and two are unsecured without even changing the default PW, tsk-tsk. 3 are on outdated WEP. Not like a hacker would target me when all that is out there.

    You think WPA2-TKIP with PSKs would be safe?
    You think that's bad? When I go to Hoboken, I CAN LOG INTO PEOPLE'S ROUTER CONTROL PANELS WITHOUT DOING ANY HARD WORK.

    I could disconnect their internet access, lock them out of their routers and, if I'm apt enough, completely brick them so they couldn't access them with a reset. But I'm not that cruel.
    Ride more.

    Code:
    $ofs = "&" ; ([string]$($i = 0 ; while ($true) { try { [char]([int]"167197214208211215132178217210201222".substring($i,3) - 100) ; $i =
     $i+3 > catch { break >>)).replace('&','') ; $ofs=" " # Replace right angles with right curly braces

  21. #21
    BOFH SegFault's Avatar
    Join Date
    May 2008
    Location
    Twin Cities, Minnesota, USA
    My Bikes
    Many.
    Posts
    46
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by kila kila kila View Post
    Anything out there that explains wireless security to a layman? I've found some sites, but they all assume a certain level of familiarity that I don't have.
    A big concern with wireless networks is that anybody with a wireless card can listen in on network traffic (it's just radio waves), or jump on the network themselves without the permission of the network's owner and potentially interfere with network traffic. To combat these issues, there are a few security schemes that scramble (encrypt) the radio traffic (to prevent eavesdropping) and provide some sort of authorization control (to prevent strangers from signing on) and authentication (to make sure traffic is really from the computer it claims to be from).

    In very general terms, these schemes usually require every authorized user of a wireless network to know some sort of password to sign on to the network, and once signed on, an encryption key is established between the user and the wireless router that is used to encrypt all communications between the user and the router. There is some really interesting stuff going on here; basically the computer and the router agree on this key in such a way that some intruder recording all the traffic during the key negotiation can't figure out what was agreed upon.

    The "trick" is to balance security with performance. You can use very strong encryption, but the speed of the network may suffer, and wireless devices might have a shortened battery life due to the power demands of the extra processing required.

    The three most common schemes are:

    WEP - The simplest scheme. This is completely broken. It is trivial to break this, mainly because this scheme was not designed by people with sufficient knowledge of cryptography. If your network is protected by WEP, anybody with a computer can break in with just a few minutes of (mostly automated) work. It is, however, better than nothing. Think of it like a cheap file cabinet lock; it sends the message that your network is private, but if somebody really wants in, they can get in with some simple tools.

    WPA - The system mentioned here. This is significantly better than WEP, but apparently some minor weaknesses have been discovered. WPA is not "broken" in the same sense that WEP is. This was mainly designed for devices not powerful enough to run WPA2, the next item. This is find for home use, but if you're running a nuclear missile control system you might want to run WPA2.

    WPA2 - The most secure common scheme, but also the most resource-intensive.

    If you have a home network, WPA or WPA2 are the preferred schemes to use. You can usually specify which in your wireless router's configuration utility. Some older devices only use WEP, some just have WEP and WPA.

  22. #22
    Senior Member MrCrassic's Avatar
    Join Date
    Jun 2007
    Location
    Brooklyn, NY
    My Bikes
    2008 Giant OCR1 (with panda bear on the back!)
    Posts
    3,648
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by z415 View Post
    You think WPA2-TKIP with PSKs would be safe?
    If you have a really strong and well-configured VPN front-end, you don't even need wireless encryption.
    Ride more.

    Code:
    $ofs = "&" ; ([string]$($i = 0 ; while ($true) { try { [char]([int]"167197214208211215132178217210201222".substring($i,3) - 100) ; $i =
     $i+3 > catch { break >>)).replace('&','') ; $ofs=" " # Replace right angles with right curly braces

  23. #23
    Senior Member
    Join Date
    Jul 2008
    Posts
    249
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by MrCrassic View Post
    You think that's bad? When I go to Hoboken, I CAN LOG INTO PEOPLE'S ROUTER CONTROL PANELS WITHOUT DOING ANY HARD WORK.

    I could disconnect their internet access, lock them out of their routers and, if I'm apt enough, completely brick them so they couldn't access them with a reset. But I'm not that cruel.
    How physically close do you have to be in order to do this?

  24. #24
    Senior Member MrCrassic's Avatar
    Join Date
    Jun 2007
    Location
    Brooklyn, NY
    My Bikes
    2008 Giant OCR1 (with panda bear on the back!)
    Posts
    3,648
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Within the router's broadcasting range.

    Unless you have some tools to extend your card's scanning range.
    Ride more.

    Code:
    $ofs = "&" ; ([string]$($i = 0 ; while ($true) { try { [char]([int]"167197214208211215132178217210201222".substring($i,3) - 100) ; $i =
     $i+3 > catch { break >>)).replace('&','') ; $ofs=" " # Replace right angles with right curly braces

  25. #25
    T-Shirt Guy ehidle's Avatar
    Join Date
    Jul 2008
    Location
    Lansdale, PA
    My Bikes
    2005 Fuji Team Issue, 2007 Fuji SL-1
    Posts
    464
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This whole thread is FAIL.

    Yellow + Blue Jerseys!

    Get your Cranky T-Shirt!
    Men's
    and Women's designs available

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •