Disable WPS on your router

lackofcheese

Apparently, there's a pretty significant security hole in almost all current routers. Read this for details. It's old news (the hole has been around since late 2011), but it's important and I didn't know about it so I figured other people also might not.

I find it hard to see why the standard would be so stupid as to verify two halves of the password separately. I guess this is a case of disconnect between people working on the higher-level vs. the lower-level implementation of the standard?

I suspect Rym and Scott probably know about this already and mentioned it on the podcast, but I just found out about it and I didn't see any mention of it on the forums so I thought I'd post it.

George Patches

Hooray for DD-WRT.

lackofcheese

Yeah, on reading this I found it amusingly terrible that Linksys' default firmware had an option that purports to let you disable WPS without actually doing so.

Apreche

Wow, a thing I didn't know about at all. I mean, I never even heard of WPS, let alone a security hole. I knew there were some routers that had easy security setup, but I thought it was just a UI wizard that came with some routers. I didn't realize it was a standard with a PIN and such. My router, a Netgear WNDR3700, has it, but it can be disabled. The setting is under advanced wireless settings - disable router's pin.

lackofcheese

My router doesn't have a setting for it as far as I can tell, but that doesn't guarantee that it doesn't have WPS, so I'll have to test it to make sure.

George Patches

If you have a button on the front for syncing passwords, that's WPS. If you don't have that then you don't have WPS.

Coldguy

I just disabled this on the shore's internet router. I knew about the vulnerability for a while however it is just good sense to spread this around. Also explaining why I had to do this to a non tech person...its a task in of itself.