We all know that the BBC has its failings. Its a huge unwieldy public funded broadcasting organisation full of  seemingly important people, all paid exorbitant salaries with excellent perks, most of which are not appreciated by the majority of the population in the UK.

They have a long history that goes back 90 years and in those years have supported the government in its responsibility to keep the population in check, in addition to supplying some of the best journalism and content the world has ever seen.

The BBC brand is a well respect one, well it was until the very recent Jimmy Saville child abuse revelations and talk of its editorial misjudgements on BBC Newsnight.

What began as an ITV1 broadcast entitled exposure, quickly grew into a raging fire of allegations against the late Jimmy Saville and of a BBC cover up going back some 40 years. Each individual expose opened up a perception in the public’s mind that the BBC was rotten to the core.

Now, as someone who worked for the BBC for a time and conducted a risk assessment on one particular operation, I could see vulnerabilities, particularly so, in the area of editorial policy.

I could see that editorial decisions that should have be being made at a senior level, were effectively being past down stream to a contractor, rather than being considered at executive level. And yes, I am talking about editorial decisions surrounding the protection of children, more specifically data that the BBC held on children, through the website.

So, yes, there was very definitely a problem with passing the buck where editorial policy was concerned and I wrote to all those concerned before leaving the BBC,  to this effect.

Now, as a victim of child abuse myself, perhaps I was a little too sensitive to undertake this job at the BBC. Perhaps I let my own emotions over run me, but I am to this day adamant that an issue as important as how children’s information is collected and stored through the bbc.co.uk website is effectively a board level editorial agenda.

Ok, so, today I exposed a particular flaw in the BBC’s editorial policy, where kids is concerned.

But I must reveal to you a much larger hack being perpetrated against the BBC.

This hack is designed to bring the BBC down, to leave the way clear for commercial broadcasters, like ITV, Sky and others.

I say this because I have worked with the people at the BBC and I know them to vulnerable to exploitation by the commercial sector, who are well known for using hacking techniques to support their own editorial agenda.

It is true, the BBC are incompetent and even to the extent where some in the organisation have even managed to turn a blind eye to the abuse of  children by Jimmy Saville.

But I ask, is the BBC really so rotten to the core that we would we want our media run by the likes of Rupert Murdoch?

This situation was never about the rights and needs of children and more about how to expose the BBC’s incompetent weak editorial management using an institutional hacker, funded by the commercial media.

Stephen Ryan

For Majesty Security

Never have to DREAM UP WEAK PASSWORDS AGAIN.

Want help building the strongest passwords on the web.

Well try Krakki Strong Password Generator and generate millions of passwords for you to choose in seconds.

Just Pay with a Tweet and Download your All-time Free Copy of Krakki Password Generator NOW!

AES was considered secure and was approved for top secret information by the NSA. Used alongside a high security network key that isn’t susceptible to brute-force attacks, our networks should be safe right?… WRONG.

For those that are unsure, a brute-force attack is where a hacker attempts to gain access to something by trying different combinations until they find the correct one. As you can imagine, this technique is very limited by the amount of passwords that can be tried per second, which varies greatly depending on the protocol they are attempting to compromise. For arguments sake, lets say a malicious user is trying to gain access to your wireless network. Assume they’re using a modern GPU to crunch the numbers, meaning they will be able to try roughly 100,000 passwords per second. So if your password is 6 characters long and consists of only lowercase letters, it will take just under 52 minutes to crack.

In this example, there are 26^6 (26 x 26 x 26 x 26 x 26 x 26 = 308,915,776) possible permutations, divided by 100,000 passwords a second is 3089 seconds or 51 minutes. However, if you were to use
uppercase letters, you would be increasing the amount of possible permutations to 52^6 (19,770,609,664). As you can see, this increases the maximum cracking time to 55 hours, which is a huge improvement over 51 minutes. Add a few more characters and some punctuation to your password and your WPA2 key becomes impossible to brute-force. So what is the problem??

In 2007 the Wi-Fi Alliance introduced WPS (Wi-Fi Protected Setup) which was designed to simplify wireless networks for average users who know little about wireless and security. The idea was to make it easy to add new devices to the network while maintaining security. Typically, devices that shipped with WPS arrived with a sticker on the back with an 8 digit pin number. The user would simply enter this number on the wireless device and it will connect to the network. So you could now have a 63bit WPA2 password that is impossible to crack and only have to type an 8 digit pin to connect, sounds great right?

Well.. no. Something that was apparently overlooked by the Wi-Fi Alliance, is why an attacker would attempt to crack a 63bit key that could consist of numbers, uppercase, lowercase and special symbols when they can simply crack an 8 digit number that consists of just that.. numbers.

so lets do the math on this.. We have an 8 digit number meaning there are 100,000,000 possible permutations and your typical router can only handle 1 or 2 password attempts per second. Sounds
relatively secure.. right? It would have been if it was implemented properly. The problem, is that you transmit the pin in two halfs. When you transmit the first four digits, if they are incorrect, the
device will respond with a NACK. And this is the same for the second 4 digits. So in other words, all an attacker has to do, is crack a 4 digit pin, which is only 10,000 possible combinations. At 2 passwords a second this will take upto 83 minutes, and suddenly an attacker has your super secure 63bit WPA2 AES key.

You’re probably thinking that this has nothing to do with WPA2, it’s a problem with WPS. You would be absoloutly correct, but the problem is that the majority of routers today come with WPS enabled by default which makes your secure WPA2 AES network worthless, and what’s worse, is that you can’t even fully disable WPS on some routers making them permenantly vulnerable. *Cough* Linksys *Cough*