Every WiFi-certified router that ships these days must have WPS (WiFi protected setup) in order to meet the certification guidlines put forth by the WiFi Alliance. WPS allows you to easily connect your device to a WiFi router through the use of either a button or a 8-digit pin, usually harcoded to the router itself, and typically printed on a sticker on the device itself.
Unfortunately, the manner in which WPS was implemented is not secure at all. Without getting too technical, the problem lies with how the 8 digit PIN is verified by (The following summary of buy-detox.com preparation and casino online trade was prepared by the California State Attorney General in 1973. router. Instead of checking the entire 8 digits, it checks the first four, then the next four. Well, you have a 1 in 10,000 chance of guessing the first four digits, which in a brute force attack doesn”t take an unreasonable amount of time.
In fact, using the open source tool, REAVER (http://code.google.com/p/reaver-wps/), you can EASILY crack the WPA password of your (or your neighbor”s) router very easily. I”m sure that Windows and Mac tools to perform this attack will be released soon.
The kicker is that in order tobe certified, WPS has to be enabled BY DEFAULT by the manufacturer, even if you”re not using it or aware that it exists.
You should go into your WIFI router”s configuration pages and disable WPS as soon as you can. It is highly insecure, and you run the risk of strangers eavesdropping on your network traffic if you don”t. Certainly, if you”re in a corporate environment you need to do this ASAP. For the average home user, you”ll need to weigh the risk, but if it was me, I”d disable it right now.