[PLUG] WPA2 vulnerability

Cryptomonkeys.org louisk at cryptomonkeys.org
Tue Oct 17 14:50:51 UTC 2017


The primary weakness is client side. My understanding is that patching the AP helps, but doesn't completely mitigate.

Don't forget to patch your printers, phones, tv's, and cameras.

Remember, Security is the 'S' in IoT


> On Oct 17, 2017, at 12:41 AM, Russell Senior <russell at personaltelco.net> wrote:
> 
> LEDE and OpenWrt (soon to be re-merged) pushed the fix out today.
> 
> The one thing that isn't clear to me is whether both ends (AP and
> client) need to be fixed, or if patching at one end is enough.  Of
> course, if you just leave your network open, like the Personal Telco
> Project does, then you won't have this problem. ;-)
> 
> The other significant bug-of-the-day was the Infineon weak-RSA key
> bug.  I already have my free-replacement YubiKey 4's on order.  I
> generated my RSA keys off of the key and installed them, which makes
> my keys not affected by the faulty on-TPM-chip key generation code,
> however I might want to some day.
> 
> -- 
> Russell Senior
> russell at personaltelco.net
> 
> On Mon, Oct 16, 2017 at 10:00 PM, Dick Steffens <dick at dicksteffens.com> wrote:
>> On 10/16/2017 09:37 PM, Mke C> wrote:
>>>> Have people looked in to this:
>>>> 
>>>> https://apnews.com/743db922a4d2473a8745ce54c134c33a/Researchers-discover-vulnerability-affecting-Wi-Fi-security
>>>> 
>>>> If so, how have you handled it?
>>> Step 1. Get actual useful information on the vulnerability that provides
>>> some degree of understanding and assessing the risk.  That AP article is
>>> a prime example of standard mainstream fear mongering of the latest
>>> vulnerability discovered by a security researcher in a lab. Please help
>>> us all by not sharing info from AP in the future.
>>> 
>>> Better and more useful info here:
>>> Mostly layman but thorough -
>>> https://techcrunch.com/2017/10/16/wpa2-shown-to-be-vulnerable-to-key-reinstallation-attacks/
>>> 
>>> More technical - https://www.krackattacks.com/
>> 
>> Okay. I did make some effort to find out more details before posting to
>> PLUG, but didn't know about the sites you list.
>> 
>>> Step 2. Realize that cracking into a WiFi network isn't easy and takes
>>> time and effort. Not too mention trying to capture actual sensitive
>>> personal data.
>>> 
>>> Step 3 Have some coffee, tea or beer. Re-read step 2 and contemplate the
>>> following:
>>> 
>>> "He further writes that while some of the attacks detailed in the paper
>>> may seem hard to pull off, follow-up work has shown that attacks against
>>> — for example — macOS and OpenBSD are “significantly more general and
>>> easier to execute”, adding: “So although we agree that some of the
>>> attack scenarios in the paper are rather impractical, do not let this
>>> fool you into believing key reinstallation attacks cannot be abused in
>>> practice.”
>>> 
>>> Pizza Hut was recently hacked. 60,000 customers billing information
>>> compromised in 28 hrs. Equifax hack, etc, etc.
>>> 
>>> Step 4. Have some more of my fav beverage and wait patiently for
>>> security updates while using the Internet over a wired connection.
>> 
>> That's what I was hoping would be the answer. It's a known problem of
>> high enough priority that the major distros will take care of it, and
>> I'll keep up with my updates.
>> 
>>> Step 5. Realize that when I need to use WiFi, I'll just use it and
>>> probably not concern myself with security risks as like most people, I
>>> got stuff to do, places to go and people to see.
>>> 
>>> Step 6. Due to step 5, I put my faith and trust that there are good
>>> people who will release security patches and other good people who will
>>> file a class action law suits and polices / laws that protect consumers
>>> from identity theft, fraud and abuse.
>>> 
>>> Sleep well! =)
>> 
>> Most of my interaction with the Internet is over a wired connection. I
>> do regularly use WiFi at home. We're in a semi-rural neighborhood. There
>> aren't too many folks out here for that to be a major concern, and we're
>> not on a major thoroughfare. My home WiFi use is through my Buffalo
>> WZR-600 DHP router running OpenWRT. I'll check and see if OpenWRT is
>> working on anything related to this, and trust that Ubuntu will push out
>> a patch. My wife uses a Lenovo Win7 laptop, so I'll make sure MS is
>> doing something about it, too.
>> 
>> Thanks for your reply.
>> 
>> --
>> Regards,
>> 
>> Dick Steffens
>> 
>> 
>> _______________________________________________
>> PLUG mailing list
>> PLUG at lists.pdxlinux.org
>> http://lists.pdxlinux.org/mailman/listinfo/plug
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug

--
Louis Kowolowski                                louisk at cryptomonkeys.org <mailto:louisk at cryptomonkeys.org>
Cryptomonkeys:                                   http://www.cryptomonkeys.com/ <http://www.cryptomonkeys.com/>

Making life more interesting for people since 1977




More information about the PLUG mailing list