[FRIAM] KRACK
Russell Standish
lists at hpcoders.com.au
Tue Oct 17 20:16:50 EDT 2017
It's big alright. Linux and Android are particularly badly affected. I
tried upgrading my Linux WiFi client yesterday when the news first
broke, but the fix only landed overnight, so I've managed to update this
morning. Not too shabby - MS, Google and Apple all had about a month's
head start on the open source OSes.
I'm going to have to do a full upgrade of my laptop, as the OS on that
looks like it is too old to be fixed.
I updated the firmware on my WiFi router yesterday, but there's no
indication of whether there is a KRACK problem, or when any fix might
be coming... :(.
On Tue, Oct 17, 2017 at 11:09:00AM -0600, Robert Wall wrote:
> Thanks for the heads-up, Glen!
>
> On Tue, Oct 17, 2017 at 8:55 AM, ┣glen┫ <gepropella at gmail.com> wrote:
>
> > Key Reinstallation Attacks
> > Breaking WPA2 by forcing nonce reuse
> > https://www.krackattacks.com/
> >
> > > We discovered serious weaknesses in WPA2, a protocol that secures all
> > modern protected Wi-Fi networks. An attacker within range of a victim can
> > exploit these weaknesses using key reinstallation attacks (KRACKs).
> > Concretely, attackers can use this novel attack technique to read
> > information that was previously assumed to be safely encrypted. This can be
> > abused to steal sensitive information such as credit card numbers,
> > passwords, chat messages, emails, photos, and so on. The attack works
> > against all modern protected Wi-Fi networks. Depending on the network
> > configuration, it is also possible to inject and manipulate data. For
> > example, an attacker might be able to inject ransomware or other malware
> > into websites.
> > >
> > > The weaknesses are in the Wi-Fi standard itself, and not in individual
> > products or implementations. Therefore, any correct implementation of WPA2
> > is likely affected. To prevent the attack, users must update affected
> > products as soon as security updates become available. Note that if your
> > device supports Wi-Fi, it is most likely affected. During our initial
> > research, we discovered ourselves that Android, Linux, Apple, Windows,
> > OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of
> > the attacks. For more information about specific products, consult the
> > database of CERT/CC, or contact your vendor.
> >
> >
> >
> > --
> > ␦glen?
> >
> > ============================================================
> > FRIAM Applied Complexity Group listserv
> > Meets Fridays 9a-11:30 at cafe at St. John's College
> > to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
> > FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove
> ============================================================
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9a-11:30 at cafe at St. John's College
> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
> FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove
--
----------------------------------------------------------------------------
Dr Russell Standish Phone 0425 253119 (mobile)
Principal, High Performance Coders
Visiting Senior Research Fellow hpcoder at hpcoders.com.au
Economics, Kingston University http://www.hpcoders.com.au
----------------------------------------------------------------------------
More information about the Friam
mailing list