Yup, they found the kyrptonite lock bic pen loophole and made a whole bunch of bikes more safe today. But they also educated a whole bunch of dumb thieves who didn't know in the first place (the smart thieves knew but they are far more rare). So it's always a mixed bag.
Still, in the end I'd rather know about security problems even if it means the "bad guys" get told at the same time, otherwise you just have security theater.
Is this some kind of artificial test or is it a real issue? What I mean is that the article mentions running through about 400,000 passwords per second and the hack took 20 minutes. But wouldn't most servers or routers block the user out after so many failed logins? How do they get around that?
You don't actually send 400,000 passwords to the server. You capture legit packets traveling between the access point and an authorized user and then run your brute force algo on their encryption.
In the nicest way possible, this is probably just an ad piece for his service (http://www.wpacracker.com/) It has been possible to brute force WPA-PSK for ages, you just needed a lot of computing power. It appears he did this with a dictionary attack, not bruteforce (see: http://www.h-online.com/security/news/item/Cracking-WPA-keys...) and, so, it is no wonder it was fast - but that is limited.
EC2 is an option, sure, but it's going to get expensive for commercial purposes. (I have issues with their costings... if it took 20 minutes, even using just one instance that would be.. $5.60, and other sources state he used many more than one :D EDIT: ah, sorry, he did use one instance and they are talking about his "6 minute" promise. Still, nothing you couldn't do on a decently fast "local" machine for cheaper)
We ran some trials with EC2 and the cost starts to mount for anything complex. A few of racks of meaty servers is, if you have a volume of work, is a cheaper investment.
Ultimately it looks like he is dealing with dictionary work - which is fine (and does work well). But will quickly fail with anyone competent (I going to hazard a rough guess of about 25% of the time based on my experience), which is where work with pre-computed tables and bruteforcing comes into play.
I'm not sure there is much substance to this story, sadly.
>Still, nothing you couldn't do on a decently fast "local" machine for cheaper
The fun thing is that you can now do it in the field. You could potentially grab the hashes with a netbook, then crouch in your hiding place behind the bins at Enemy HQ for six minutes while EC2 does the cracking, then go straight into the network, without having to risk sneaking out and back in again. Past the guards.
Dunno what espionage-based fantasy world I'm in today. I don't even play video games! However people really do this stuff. And now we can all have a go! Hooray! The kind of people who do these things dont generally have to worry about expenses though...
wpacracker.com is run by Moxie Marlinspike, not this Thomas Roth. (and no, Thomas Roth is not his real name). Furthermore I can't find any link between this (or the others) news article and Moxie's wpacracker.com, and I can't figure out why he would only be presenting wpacracker at blackhat now.
I wish I could use that to get out of speeding tickets
"Officer I am just a researcher and trying to determine if the 55mph speed limit sign is really the law and if it's possible to break it"