On Tue, 17 Oct 2017 19:20:08 +0100 Brian <a...@cityscape.co.uk> wrote:
> On Tue 17 Oct 2017 at 10:57:15 -0400, Celejar wrote: > > > On Tue, 17 Oct 2017 08:43:00 +0530 > > "tv.deb...@googlemail.com" <tv.deb...@googlemail.com> wrote: > > > > > So using https or better for communications on the local network is a > > > good idea, but is it the norm? Many router firmwares or built-in > > > webservers from cameras to printers default to http, sometime don't even > > > offer https as an option. > > > > Yes, after I sent my mail I realized that my wirelessly networked > > printer is going to be a problem. Some printers apparently support > > access via SSL/TLS (IPPS), but it looks like mine (Brother > > HL-2280DW) does not. And what are the odds that Brother will do a > > firmware update to patch WPA for this some 6 years old model ;) > > I, and you, probably, are not dealing with printing confidential > documents. Those entities which are should be more concerned. I'm not? What happens when I need to print out some sort of financial statement? ... > > > It's patched in most distributions, and in router firmwares like LEDE > > > already, was patched in some BSD even before publication, but how long > > > before we see a patches for all affected devices? > > > > Never - for many / most Android devices, my printer (probably), etc. > > A timely fix arrives in Debian. Users who update are once again safe. > What more could you ask for? What can you say apart from "thanks"? ? Yes, my Debian installations are now safe, and I'm duly thankful to the Debian maintainers, the wpa_supplicant developers, the LEDE developers, etc., but why should I not be worried and upset about the situation with my phone, printer, etc.? Celejar