Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, December 09, 2009

New cloud hacking service steals Wi-Fi passwords

For US$34 (£20), a new cloud-based hacking service can crack a WPA (Wi-Fi Protected Access) network password in just 20 minutes, its creator says.  The WPA Cracker service bills itself as a useful tool for security auditors and penetration testers who want to know if they could break into certain types of WPA networks.  It works because of a known vulnerability in Pre-shared Key (PSK) networks, usually used by home and small-business users.

The service was launched by a well-known security researcher who goes by the name of Moxie Marlinspike.

Hackers have known for some time that these WPA-PSK networks are vulnerable to what’s called a dictionary attack, where the hacker guesses the password by trying out thousands of commonly used passwords until one finally works.

WPA Cracker customers get access to a 400-node computing cluster that employs a custom dictionary, designed specifically for guessing WPA passwords.

If they find the $34 price tag too steep, they can use half the cluster and pay $17, for what could be a 40-minute job.

The service could save security auditors a lot of time, but it will probably make it easier for senior management to understand the risks they’re facing, said Robert Graham, CEO of penetration testing company Errata Security.

http://news.techworld.com/security/3208347/new-cloud-hacking-service-steals-wi-fi-passwords/

Posted on 12/09
NewsPermalink