Archive for December, 2009

WPA-PSK Passwords Now on Sale…Starting $17!

December 14th, 2009

A cloud-based service called WPA Cracker launched last week promises to crack WPA-PSK (WiFi Protected Access with Pre-Shared Keying) for you starting $17 .

Like any other password-based authentication system, WPA-PSK (and WPA2-PSK) is vulnerable to a “dictionary attack.” This is a brute force technique in which a hacker uses a dictionary or database of commonly used passwords to guess the WPA encryption key. The problem with this approach is that it might take days or weeks to crack even a moderately strong password with a typical PC.

What makes the WPA Cracker service interesting is that it provides you access to huge amount of computing power using a 400-node cluster. The service promises to parse a dictionary of 135 million passwords and email you the results in 20 minutes for $34. If that price tag sounds steep or if you are ready to wait longer, then you can pay $17 to use half the cluster and receive the results by email in 40 minutes.

The service is targeted to ethical hackers that do wireless vulnerability assessment and wireless network penetration testing for a living. But I wonder…what would keep the “unethical” hackers from misusing a cloud-based service like this.

Not every cloud has a silver lining. What do you think?

Wireless security , ,

SSL Renegotiation Vulnerability: Journey from Theory to Practice to Prevalence

December 2nd, 2009

The SSL renegotiation vulnerability disclosure created mood swings in the security community over last month. Immediately after the disclosure, security community was split in opinion about its severity and relevance.

All that changed a fortnight later, when real life exploit targeted to Twitter site was demonstrated using this vulnerability and it all started looking REAL! Afterall, it was a vulnerability of great relevance and severity.

The final question now is how prevalent is this vulnerability. To this effect, SSLLabs has actually created an online tool where you can enter HTTPS URL to know if that URL is vulnerable to SSL renegotiation vulnerability. In fact you will notice that many critical HTTPS sites are vulnerable, though a few have already patched it up.

If any doubt is now left before calling it prevalent, it is about prevalence of man-in-the-middle (MITM) attacks. The flaw requires presence of MITM between the client and the SSL server. How easy is it for an attacker to be MITM? This is where WiFi comes into picture. In fact it is very easy to be MITM in WiFi connection using honeypot (evil twin) access points or ARP poisoning through rogue access points.

Overall, it is appropriate to conclude that the vulnerability is severe and prevalent. Fortunately, the fix is available through a patch, though it will take some time before all websites apply it. Until then, we keep our fingers crossed!

Wireless security , , , ,