Does the security of your company’s WiFi networks keep you awake at night? Would you like to test the strength of the passwords to that network but can’t afford to tie up a computer for days or weeks to do it? Then a new service called WPA Cracker might be for you.

The recently launched pay-as-you-go service is aimed at “penetration testers.” It links some 400 computers in “the cloud” to accomplish in minutes what would take days or weeks for a single desktop or laptop.

Designed to crack WPA or WPA2 passwords when PSK is used, the service uses massive compilations of words to mount dictionary attacks on a wireless network. It will also crack passwords to zip archives.

The main dictionary used by the service contains 135 million English password possibilities tailored to networks protected by WPA or WPA2. In addition, there’s a 284 million word extended dictionary and 100 million digit dictionary. The extended dictionary is not a superset of the standard dictionary. That is, words in the extended dictionary are not found in the standard one. The digit dictionary contains permutations of passwords composed eight-character-long numbers. Each dictionary can be run against a network separately or in aggregate as a mammoth 520 million password resource. A German dictionary is also offered by the service.

Continue reading Act like a hacker with WPA Cracker

I have to admit, it sounds cool. In my dream, I’m so trendy. I’m wearing a sportcoat with a tee-shirt underneath and wearing sunglasses (even though it’s foggy outside). I’m sitting at a Starbucks in SoHo, with my laptop in front of me. I connect to the WiFi hotspot as I watch all the trendy people stroll by, and I know they’re thinking: “Oh, he’s so cool, he’s using his computer in Starbucks.” In reality though, I haven’t been to SoHo in years, and my wife bought me a cappuccino maker for my birthday, so I don’t really have any more excuses to hang out at Starbucks anyway.

Reading James Gaskin’s excellent “Wi-Fi hot spot horrors” in NetworkWorld this week convinced me to abandon all hope of being trendy, and to instead take the paranoid geek option. It just makes more sense. How many of us send emails while using a public WiFi spot? That many? Thought so. James reminds us that public WiFi spots are built for convenience, and not for security. If you are sending an email, it’s very possible, and not even that hard, for someone else two tables over to read those emails. In the article, random public web surfers were interviewed with surprising results, and far too many don’t have a clue about security. I got a giggle from the respondent who claimed he would encounter no security problems using WiFi on his computer, because “It’s a Mac.” (It doesn’t make any difference, the risk is the same. Good marketing on the part of Apple, though.)

For those of us who travel around a lot–or just like to hang out at coffeeshops and look cool–public surfing can be made safe. One way to add safety is to avoid public WiFi altogether and subscribe to a cellular data network instead. If you do use WiFi, compose your emails offline, and just connect to send them, then log back off. You’re still open, but for a much smaller amount of time. Risk is minimized. The best way is to not use public web-based email interfaces, but instead connect to your corporate email server via a VPN; this adds an encryption layer to the communication and avoids the potential for a lot of casual snooping. Or–take my wife’s strategy, buy your own cappuccino maker, and just stay away from the dang coffeehouse.