From Security Weekly Wiki
Jump to navigationJump to search
2,093 bytes added ,  19:03, 5 January 2012
= Larry's Stories =
#[ Stratfor Passwords] - [Larry]- yep, leaked. all 860,000 of them. In MD5 hashes. Good way to test your GPU cracking rig. But on anohter note, some analysis reveals that the same old weak stuff that we see over and over. I like the tone of this article, in that for those free, throwaway accounts for a site you'll likely use the free portion of the service once, who freaking cares.
#[ WPS fail] - [Larry] - in a few days, what has turned into a time consuming attack, has turned into a quick one that can be used to recalculate the WPA password. So, instead of having to brute force all 100 million 8 digit WPS pins, we only need to do 11,000 (which tales about 4 hours) based on the fact that the protocol tells you which half of the key is wrong, Now we get to crack 2 4 digit pins. No lockout. Once the 8 digit pin has been cracked, in can be reused to reveal the actual WPA password… And, it may not even be possible to disable WPS, or not disable accurately.
#[ Patator] - [Larry] - Sick of having multiple tools to do scanning and password bruteforcing with multiple tools that don't work, issue false negatives, or aren't multi-threaded. Enter Parator!
#[ Authentication bypass?] - [Larry] I find some parts of this vulnerability announcement in Siemens SIMATIC products laughable. While there is some truth to the "authentication bypass" based on the weak/predictable session cookies, but default username and password? That's not a bypass, that IS authentication.
#[ Now that's two factor authentication] - [Larry] - Scientists are figuring out ways to use the way you sit to uniquely identify you, IE a butt print. I always knew that Homer Simpson was right when the carny ruined his sofa ass groove.
= Jack's Stories =


Navigation menu