Open a Padlock With a Coke Can

January 17, 2012

Well, I wish I’d known about this technique the last time I forgot my gym lock combination.

WPS Flaw

January 3, 2012

WPS, or WiFi Protected Setup, is a vendor-neutral scheme to make it easier for computer neophytes to securely configured a home wireless access point. Unfortunately, the PIN-based scheme it uses for authentication is easily bruteforced.

From the article:

“When the PIN authentication fails the access point will send an EAP-NACK message back to the client. The EAP-NACK messages are sent in a way that an attacker is able to determine if the first half of the PIN is correct. Also, the last digit of the PIN is known because it is a checksum for the PIN. This design greatly reduces the number of attempts needed to brute force the PIN. The number of attempts goes from 108 to 104 + 103 which is 11,000 attempts in total.”