If you are having trouble viewing this email, click here to view this online



   ISSUE 6

19 JANUARY 2012

Article of the Month   Around the World

Final nail on the wireless router security? � WPA1/2 broken?


Wi-Fi Protected Access (WPA) is a security protocol used by many wireless devices like routers, laptops, access points and so on. Stefan Viehb�ck released a paper titled �Brute forcing Wi-Fi Protected Setup� on 26th Dec 2011 detailing vulnerabilities associated with Wi-Fi Protected Setup (WPS) � which is a feature of WPA which could allow an attacker to recover the Pre-Shared Key (PSK) associated with WPA protocol in a few hours very easily.

WPS was launched somewhere in 2006, but the actual appliances/ devices came into the market during 2007. In one of  FAQ�s of Wi-Fi Alliance, they mention �Wi-Fi Protected Setup is an optional certification program developed by Wi-Fi Alliance designed to ease set up of security-enabled Wi-Fi networks in the home and small office environment.�  Simply, WPS allows a user to enter a 8 digit PIN without having to worry about navigating through number of cumbersome configuration pages.

On 28th December 2011, Tactical Network Solutions open sourced a tool code named Reaver. They claim that with Reaver, WPS enabled router passphrase can be recovered in 4-10 hours. So far no versions of Reaver is supported in Windows platform. I�ve tested the tool on Back Track 5 with following easy steps.

wget http://reaver-wps.googlecode.com/files/reaver-1.1.tar.gz

(reaver-1.1 is the latest version at the time of writing this article, which addresses some known bugs)

Now extract gzip file

tar zxvf reaver-1.1.tar.gz

Now go to the directory and configure

 cd /reaver-1.1/src



 make install

Before launching Reaver, let�s check the help section.

Now let�s launch an attack towards a pre-identified access point.

Bottom line, WPA is not directly broken via Reaver. However, Reaver exposes a side channel attack against WPA1 / WPA2 enabled wireless access points by exploiting a protocol design flow in WPS. Reaver exploits a primitive vulnerability on the PIN, it brute-forces the PIN until the correct one is recovered. With the PIN, Reaver extracts the PSK.

The issue here is that most wireless routers are affected and no vendor has announced a patch so far. But as a workaround, you can disable WPS (if it�s possible on your device). US CERT/CC has assigned VU#723755 for this vulnerability. You can also check vulnerable vendors from the above URL.

So what�s important here? Does it mean not to use wireless access points? Well, don�t - if you can afford to. Generally, it�s recommended to conduct a proper risk assessment for all information that will travel over the WLAN and restrict sensitive information.

Let�s summarize the major types of access points here.

1.       Open networks
  This is like radio; you just need to tune in. You can connect to the network without any passwords/ keys. Sniffing packets is really easy.
 2.       Networks protected with WEP
  Wireless Equivalent Privacy (WEP) was the first standard aimed at introducing security into wireless networks. Many open source tools (such as Aircrack) are freely available to break into a WEP network. A WEP network can be broken in minutes - provided that you have the right gear and captured an adequate amount of data packets.
 3.       Networks protected with WPA1/ WPA2
  Wi-Fi Protected Access (WPA) was introduced to address the shortcomings of WEP. There are various implementations of this protocol. One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used. Using mechanisms we explained at the beginning of this article, WPA can be broken via side channel attacks.

Parakum Pathirana

CISM Coordinator - ISACA Sri Lanka Chapter

Facebook Spam and Cybercrime on the Rise: How YouCan Avoid It?
By | January 11, 2012

'....Just how much cybercrime happens on Facebook? About 4 million Facebook users experience spam on a daily basis, 20% of Facebook users have been exposed to malware, and Facebook sees about 600,000 cases of hijacked log-ins every day.'ses of hijacked log-ins every day. 

Google Docs hosted phishing schemes abound
By Zeljka Zorz | January 16, 2012
'....Google Docs is a helpful office suite and data storage service that allows users to collaborate on documents with ease but, unfortunately, it is also a very useful tool for phishers.

Sophos has recently spotted two distinct phishing campaigns - one targeting the customers of the Australian ANZ Bank and the other the users of a web portal of a North American school - where the phishing forms are hosted this Google service......'

Month in Brief

Facebook Incidents Reported to Sri Lanka CERT|CC in December 2011


  Fake + Harassment



Statistics - Sri Lanka CERT|CC



Microsoft AntiXSS Library Information Disclosure Vulnerability                                              

CERT-In Vulnerability Note CIVN-2012-0007
 | Sophos |11th January 2012

A vulnerability has been reported in Microsoft AntiXSS Library, which could allow an attacker to pass a malicious script through a sanitization function.

Wi-Fi Protected Setup PIN Brute Force Vulnerability

13th January 2012


Wi-Fi Protected Setup (WPS) contains a design error that could allow a weaker-than-expected defense against brute-force attacks, which could allow an attacker to gain unauthorized access to the affected system.

  Notice Board
  Training and Awareness Programmes - December 2011  
  Date Event Venue
- 15-19 ICT training for the teacher in-charges of Connecting classroom project ICT Laboratory of ICT Branch , Ministry of Education
- 30-3 Feb ICT training for the teacher in-charges of Connecting classroom project Computer laboratory of ICT Branch, Ministry of Education
- 24-2 Feb Interviews to recruit ICT teachers for the �Development of 1000 secondary schools project�. ICT Branch, Ministry of Education

Brought to you by:                           

In partnership with: