I stumbled across this password meter tool and thought it was pretty interesting.

zxcvbn

I've always wondered what makes for a good password beyond the obvious - everyone knows that random gibberish is good (but you can't remember it) and "password", "12345" (unless you're an idiot securing his luggage), and so on are bad, but what about in between? This tool gives you a pretty good way to test some password ideas to see how they look for strength. Just reading through the tests in this tool gives you some good ideas on what to avoid. The above link is a test site for tool. I would recommend messing with it, but do not use one of your actual passwords. General paranoia should be a good guide when handing out your password - that is, don't. That said, if your password is, say, a couple of words with some numbers at the end, try a test that's similar and see what it looks like.

FYI - it looks like this, which isn't so good.

If you want to read about the mechanics of this tool and how much thought went into it, here's a good link to do so. You might even spot some areas that could be improved.

Myself, I'm a big fan of using Lastpass and using it to generate big, nasty, random passwords for me. The (super cheap) premium option of having it on your smartphone is a very nice upgrade, but the free version is great too.

I just updated the firmware on my home Cisco E3200 access point/router to address the WPS security hole that's made even WPA/WPA2 vulnerable. Being paranoid enough to care about that, I also decided to take a look at Reaver and Wash, the tools that let you try to crack WPS or see if you have a vulnerable AP, respectively. First, though, as I mentioned, I had to update to the latest firmware and disable WPS, which I show below.


Updating E3200

Firmware installed:

Go to Wireless -> Basic Wireless Settings and click on Wi-Fi Protected Setup. Click Disabled and then click on Manual again. Make sure the manual settings are all correct and then click Save Settings at the bottom. If you click back to Wi-Fi Protected Setup, it should still show Disabled.

 

On to Backtrack 5

I started out looking at running Backtrack 5 as a VM, but that honestly didn't get me very far, although I will admit that I didn't put a lot of effort into it. I downloaded the VM, ran it in Vmware Player on my Win7 laptop, and it just never saw my wlan0 interface even after I twiddled with the settings. Figuring that running directly on the hardware is a better bet anyway, I downloaded the ISO and burned a DVD.

From there, I'll say that this Lifehacker article helped quite a bit on what to run regarding reaver, but didn't mention wash, which is what I really needed, at least to start. You see, wash tests to see if your AP is actually vulnerable to this attack by seeing if WPS is enabled. After I changed my settings in my E3200 to disable WPS (which required upgrading to the new firmware), my AP didn't show up in wash's tests and didn't respond to reaver. I will say, though, that more than a dozen APs showed up in the wash report in my neighborhood. I didn't run reaver against any of them, but it's interesting to know that somebody could.