10-16-2017, 10:38 AM
|
#1
|
The new goggles also do nothing.
Join Date: Oct 2001
Location: Calgary
|
Serious flaw in WPA2 protocol lets attackers intercept passwords and much more
Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.
The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that was scheduled for 8am Monday, East Coast time. A website disclosing the vulnerability said it affects the core WPA2 protocol itself and is effective against devices running the Android, Linux, macOS, Windows, and OpenBSD operating systems, as well as MediaTek Linksys, and other types of devices. The site warned attackers can exploit it to decrypt a wealth of sensitive data that's normally encrypted by the nearly ubiquitous Wi-Fi encryption protocol.
"This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on," researcher Mathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium wrote. "The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites."
https://arstechnica.com/information-...ng/?comments=1
tl;dr: stop using wifi, convert to wires
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
|
|
|
The Following User Says Thank You to photon For This Useful Post:
|
|
10-16-2017, 11:12 AM
|
#2
|
Franchise Player
Join Date: Jul 2010
Location: Calgary - Centre West
|
FYI, we've already patched Windows. If you have automatic updates enabled, you should already have the fix in place.
https://www.windowscentral.com/micro...-vulnerability
__________________
-James
GO FLAMES GO.
|
|
|
The Following 2 Users Say Thank You to TorqueDog For This Useful Post:
|
|
10-16-2017, 11:47 AM
|
#3
|
Franchise Player
Join Date: Apr 2003
Location: Not sure
|
Quote:
Originally Posted by photon
tl;dr: stop using wifi, convert to wires
|
God I wish I could but that's discussion for another day.
In the meantime, I keep looking at my routers firmware. It states it's the most current version but was release over 3 yrs ago. It seems odd to me that such an important piece of security gets firmware updates next to never.
Is there a router manufacturer out there that stays on top of firmware updates or is this common across the board?
|
|
|
10-16-2017, 11:49 AM
|
#4
|
Lifetime Suspension
Join Date: Sep 2005
Location: The Void between Darkness and Light
|
Quote:
Originally Posted by GoinAllTheWay
God I wish I could but that's discussion for another day.
In the meantime, I keep looking at my routers firmware. It states it's the most current version but was release over 3 yrs ago. It seems odd to me that such an important piece of security gets firmware updates next to never.
Is there a router manufacturer out there that stays on top of firmware updates or is this common across the board?
|
in my experience it mostly depends on the model you're using.
|
|
|
The Following User Says Thank You to Flash Walken For This Useful Post:
|
|
10-16-2017, 11:50 AM
|
#5
|
Franchise Player
Join Date: May 2004
Location: Marseilles Of The Prairies
|
Quote:
Originally Posted by GoinAllTheWay
God I wish I could but that's discussion for another day.
In the meantime, I keep looking at my routers firmware. It states it's the most current version but was release over 3 yrs ago. It seems odd to me that such an important piece of security gets firmware updates next to never.
Is there a router manufacturer out there that stays on top of firmware updates or is this common across the board?
|
If you're talking non-rackmount, Cisco/LinkSys and ASUS seem to release Firmware frequently for devices less than ~5 years old.
That said I'm also insanely biased against D-Link, Belkin, NetGear, and all the other C-brand crap.
__________________
Quote:
Originally Posted by MrMastodonFarm
Settle down there, Temple Grandin.
|
|
|
|
The Following User Says Thank You to PsYcNeT For This Useful Post:
|
|
10-16-2017, 11:56 AM
|
#6
|
Franchise Player
Join Date: Apr 2003
Location: Not sure
|
Quote:
Originally Posted by PsYcNeT
That said I'm also insanely biased against D-Link, Belkin, NetGear, and all the other C-brand crap.
|
Haha, all my gear is D-Link. Curious why you don't like them?
I've always used D-link, it works. Never had an issue outside of lack of firmware updates.
That being said, I'm very open to alternatives. I saw those new fancy Asus ones at ME the other day. That price tag tho......
|
|
|
10-16-2017, 11:58 AM
|
#7
|
The new goggles also do nothing.
Join Date: Oct 2001
Location: Calgary
|
Yeah the support for patches for hardware is going to be all over the place.
I've found ASUS to be pretty good, my router is 3ish years old and the last firmware update was in June of this year. We'll see if they patch this.
A router that supports DD-WRT or similar would be another way, they probably get updated pretty quickly.
Or a more business oriented product like Ubiquiti will probably get patched much faster than a consumer grade product. And their stuff isn't that much more expensive.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
|
|
|
10-16-2017, 02:06 PM
|
#8
|
Had an idea!
|
Is there a reason anyone would buy anything besides a Ubiquiti AC Pro? We purchased one recently and for the money and what it does it is insanely good.
Not a DHCP server though which is a bit annoying.
|
|
|
The Following User Says Thank You to Azure For This Useful Post:
|
|
10-16-2017, 02:22 PM
|
#9
|
Franchise Player
Join Date: Apr 2003
Location: Not sure
|
Quote:
Originally Posted by Azure
Is there a reason anyone would buy anything besides a Ubiquiti AC Pro? We purchased one recently and for the money and what it does it is insanely good.
Not a DHCP server though which is a bit annoying.
|
That would be reason enough for most I'd wager. What acts as your DHCP server then?
|
|
|
10-16-2017, 02:31 PM
|
#10
|
Franchise Player
Join Date: Oct 2010
Location: Calgary
|
Quote:
Originally Posted by GoinAllTheWay
That would be reason enough for most I'd wager. What acts as your DHCP server then?
|
Ubiquiti Edge Router Lite or a Unifi Security Gateway.
|
|
|
10-16-2017, 02:43 PM
|
#11
|
Powerplay Quarterback
|
Quote:
Originally Posted by photon
Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.
The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that was scheduled for 8am Monday, East Coast time. A website disclosing the vulnerability said it affects the core WPA2 protocol itself and is effective against devices running the Android, Linux, macOS, Windows, and OpenBSD operating systems, as well as MediaTek Linksys, and other types of devices. The site warned attackers can exploit it to decrypt a wealth of sensitive data that's normally encrypted by the nearly ubiquitous Wi-Fi encryption protocol.
"This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on," researcher Mathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium wrote. "The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites."
https://arstechnica.com/information-...ng/?comments=1
tl;dr: stop using wifi, convert to wires
|
Thank the lord that my new place I'm moving to is fully wired for LAN.
|
|
|
10-16-2017, 02:50 PM
|
#12
|
Franchise Player
Join Date: Sep 2002
Location: Estonia
|
|
|
|
The Following 2 Users Say Thank You to KevanGuy For This Useful Post:
|
|
10-16-2017, 10:59 PM
|
#13
|
Franchise Player
Join Date: Jul 2010
Location: Calgary - Centre West
|
Quote:
Originally Posted by OmegaV4
Thank the lord that my new place I'm moving to is fully wired for LAN.
|
I had to re-do a lot of the network in both of my last two condos. But I am a huge fan of wired, particularly for my home theatre and consoles in the living room.
__________________
-James
GO FLAMES GO.
|
|
|
The Following User Says Thank You to TorqueDog For This Useful Post:
|
|
10-17-2017, 07:38 AM
|
#14
|
Some kinda newsbreaker!
Join Date: May 2004
Location: Learning Phaneufs skating style
|
Interesting.
I wonder how many manufacturers are going to release patches for older hardware. As of June 2017, 30% of Android devices were still using 4.4 or earlier. This vulnerability may just end up making them all useless.
|
|
|
10-17-2017, 08:37 AM
|
#15
|
Powerplay Quarterback
|
Quote:
Originally Posted by TorqueDog
I had to re-do a lot of the network in both of my last two condos. But I am a huge fan of wired, particularly for my home theatre and consoles in the living room.
|
I am also on the same page as you. If I can use wired, then I'm all aboard the Ethernet train.
|
|
|
10-17-2017, 08:37 AM
|
#16
|
Franchise Player
|
Quote:
Originally Posted by sureLoss
Interesting.
I wonder how many manufacturers are going to release patches for older hardware. As of June 2017, 30% of Android devices were still using 4.4 or earlier. This vulnerability may just end up making them all useless.
|
According to this, that won't be an issue:
Quote:
Android 6.0 and higher are currently vulnerable to this attack. When BleepingComputer contacted Google, their statement was "We're aware of the issue, and we will be patching any affected devices in the coming weeks". No information is available as of yet regarding Google WiFi.
|
https://www.bleepingcomputer.com/new...vulnerability/
I'm not sure why it wouldn't effect lower versions of Android, though.
|
|
|
10-17-2017, 08:56 AM
|
#17
|
Some kinda newsbreaker!
Join Date: May 2004
Location: Learning Phaneufs skating style
|
nm. reading comprehension fail
Yeah I am not sure why lower versions of Android wouldn't be vulnerable to this flaw.
Last edited by sureLoss; 10-17-2017 at 09:29 AM.
|
|
|
10-17-2017, 09:26 AM
|
#18
|
Franchise Player
Join Date: Feb 2007
Location: A small painted room
|
So it's safe to say my shaw modem / wifi would be hooped?
|
|
|
10-17-2017, 09:53 AM
|
#19
|
Franchise Player
Join Date: Apr 2003
Location: Not sure
|
Quote:
Originally Posted by TorqueDog
I had to re-do a lot of the network in both of my last two condos. But I am a huge fan of wired, particularly for my home theatre and consoles in the living room.
|
Did you do that yourself? I'm also in a condo (townhouse style) and honestly not sure where to begin with running wires up from the basement.
|
|
|
10-17-2017, 10:02 AM
|
#20
|
First Line Centre
Join Date: Nov 2006
Location: Calgary
|
Quote:
Originally Posted by GoinAllTheWay
Did you do that yourself? I'm also in a condo (townhouse style) and honestly not sure where to begin with running wires up from the basement.
|
You begin with a drill, a fish tape, and an increased tolerance for cutting holes in your drywall.
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -6. The time now is 04:48 PM.
|
|