Post Reply 
WiFi Krack attack.
10-17-2017, 12:15 AM
Post: #1
WiFi Krack attack.
I just heard about this today. If you use WPA2, there is an inherent vulnerability in the protocol.

Details— https://www.krackattacks.com

Giving money and power to government is like giving whiskey and car keys to teenage boys. - P.J. O’Rourke

[Image: yVR5oE.png][Image: VKQ0KLG.png]
Find all posts by this user
Quote this message in a reply
10-17-2017, 03:25 AM
Post: #2
RE: WiFi Krack attack.
Indeed, I spent much of the afternoon reading up on the attack. Unfortunately, other than a Faraday cage, I don't see much to do about it.

"I may be old, but I'm not dead."
Find all posts by this user
Quote this message in a reply
10-17-2017, 10:27 AM
Post: #3
RE: WiFi Krack attack.
(10-17-2017 03:25 AM)LavCat Wrote:  Indeed, I spent much of the afternoon reading up on the attack. Unfortunately, other than a Faraday cage, I don't see much to do about it.
As far as I have read the issue, you can only really solve it by either not connecting your device(s) to any WiFi network or having your device(s) updated with a patch to adress the issue. The first is impractical/impossible if you're in a (corporate) environment that relies on WiFi. The second means you have to wait for a patch that may or may not ever arrive.

On the other hand, the chance of an average civilian to be targeted at home is minescule since the attack requires the attacker to be within range of the WiFi. It is mostly an issue for corporations, anyone handling sensitive data and anyone using WiFi in public areas. And public WiFi has always been a risk.

Hugs are good, but smashing is better! - Clarence<!--sizec--><!--/sizec-->
Visit this user's website Find all posts by this user
Quote this message in a reply
10-17-2017, 01:55 PM
Post: #4
RE: WiFi Krack attack.
(10-17-2017 12:15 AM)kandrathe Wrote:  I just heard about this today. If you use WPA2, there is an inherent vulnerability in the protocol.

Details— https://www.krackattacks.com

Actually, this is far, far worse. The attack also compromises RSA token security, that's an even bigger security threat than the wifi aspect with WPA2. RSA is used for a majority of two factor authentication. A very large amount of companies and government agencies use RSA to protect their access to data and tools. If you use a token to access a game like WoW, this attack affects you.

Sith Warriors - They only class that gets a new room added to their ship after leaving Hoth, they get a Brooncloset

Einstein said Everything is Relative.
Heisenberg said Everything is Uncertain.
Therefore, everything is relatively uncertain.
Find all posts by this user
Quote this message in a reply
10-17-2017, 05:01 PM
Post: #5
RE: WiFi Krack attack.
(10-17-2017 01:55 PM)Lissa Wrote:  
(10-17-2017 12:15 AM)kandrathe Wrote:  I just heard about this today. If you use WPA2, there is an inherent vulnerability in the protocol.

Details— https://www.krackattacks.com

Actually, this is far, far worse. The attack also compromises RSA token security, that's an even bigger security threat than the wifi aspect with WPA2. RSA is used for a majority of two factor authentication. A very large amount of companies and government agencies use RSA to protect their access to data and tools. If you use a token to access a game like WoW, this attack affects you.
Yes, I'm not downplaying the threat. My home is pretty secure as I know my neighbors in range (50 yards from either end of my house). They are a retired lawyer, and a carpet installer.

Work is fairly secure (on a peninsula) but theoretically a bad actor from the public might come fishing. But, personally, a small fish in a pond of thousands of devices. A truly devious actor would find much better hunting in any big building in Minneapolis.

Giving money and power to government is like giving whiskey and car keys to teenage boys. - P.J. O’Rourke

[Image: yVR5oE.png][Image: VKQ0KLG.png]
Find all posts by this user
Quote this message in a reply
10-18-2017, 01:41 AM
Post: #6
RE: WiFi Krack attack.
(10-17-2017 05:01 PM)kandrathe Wrote:  
(10-17-2017 01:55 PM)Lissa Wrote:  
(10-17-2017 12:15 AM)kandrathe Wrote:  I just heard about this today. If you use WPA2, there is an inherent vulnerability in the protocol.

Details— https://www.krackattacks.com

Actually, this is far, far worse. The attack also compromises RSA token security, that's an even bigger security threat than the wifi aspect with WPA2. RSA is used for a majority of two factor authentication. A very large amount of companies and government agencies use RSA to protect their access to data and tools. If you use a token to access a game like WoW, this attack affects you.
Yes, I'm not downplaying the threat. My home is pretty secure as I know my neighbors in range (50 yards from either end of my house). They are a retired lawyer, and a carpet installer.

Work is fairly secure (on a peninsula) but theoretically a bad actor from the public might come fishing. But, personally, a small fish in a pond of thousands of devices. A truly devious actor would find much better hunting in any big building in Minneapolis.

I have about fourteen networks in range, at least one apparently without a password.

Not that it will do any good but the scare prompted me to update the firmware in my router.

"I may be old, but I'm not dead."
Find all posts by this user
Quote this message in a reply
10-19-2017, 05:10 PM
Post: #7
RE: WiFi Krack attack.
(10-18-2017 01:41 AM)LavCat Wrote:  Not that it will do any good but the scare prompted me to update the firmware in my router.
Ditto. I'm watching for a cure to my device, (or notice it won't be fixed Sad )

Giving money and power to government is like giving whiskey and car keys to teenage boys. - P.J. O’Rourke

[Image: yVR5oE.png][Image: VKQ0KLG.png]
Find all posts by this user
Quote this message in a reply
10-19-2017, 05:52 PM (This post was last modified: 10-19-2017 06:01 PM by LavCat.)
Post: #8
RE: WiFi Krack attack.
(10-19-2017 05:10 PM)kandrathe Wrote:  Ditto. I'm watching for a cure to my device, (or notice it won't be fixed Sad )

Apparently it is possible to connect some iPads and iPhones to a network with a wired solution:

http://networktoolbox.de/networktoolbox-...i-anymore/


Edit: this also looks interesting...
http://redpark.com/lightning-gigabit-eth...-l6-netac/

"I may be old, but I'm not dead."
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump: