It's big alright. Linux and Android are particularly badly affected. I tried upgrading my Linux WiFi client yesterday when the news first broke, but the fix only landed overnight, so I've managed to update this morning. Not too shabby - MS, Google and Apple all had about a month's head start on the open source OSes.
I'm going to have to do a full upgrade of my laptop, as the OS on that looks like it is too old to be fixed. I updated the firmware on my WiFi router yesterday, but there's no indication of whether there is a KRACK problem, or when any fix might be coming... :(. On Tue, Oct 17, 2017 at 11:09:00AM -0600, Robert Wall wrote: > Thanks for the heads-up, Glen! > > On Tue, Oct 17, 2017 at 8:55 AM, ┣glen┫ <[email protected]> wrote: > > > Key Reinstallation Attacks > > Breaking WPA2 by forcing nonce reuse > > https://www.krackattacks.com/ > > > > > We discovered serious weaknesses in WPA2, a protocol that secures all > > modern protected Wi-Fi networks. An attacker within range of a victim can > > exploit these weaknesses using key reinstallation attacks (KRACKs). > > Concretely, attackers can use this novel attack technique to read > > information that was previously assumed to be safely encrypted. This can be > > abused to steal sensitive information such as credit card numbers, > > passwords, chat messages, emails, photos, and so on. The attack works > > against all modern protected Wi-Fi networks. Depending on the network > > configuration, it is also possible to inject and manipulate data. For > > example, an attacker might be able to inject ransomware or other malware > > into websites. > > > > > > The weaknesses are in the Wi-Fi standard itself, and not in individual > > products or implementations. Therefore, any correct implementation of WPA2 > > is likely affected. To prevent the attack, users must update affected > > products as soon as security updates become available. Note that if your > > device supports Wi-Fi, it is most likely affected. During our initial > > research, we discovered ourselves that Android, Linux, Apple, Windows, > > OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of > > the attacks. For more information about specific products, consult the > > database of CERT/CC, or contact your vendor. > > > > > > > > -- > > ␦glen? > > > > ============================================================ > > FRIAM Applied Complexity Group listserv > > Meets Fridays 9a-11:30 at cafe at St. John's College > > to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com > > FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com > FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove -- ---------------------------------------------------------------------------- Dr Russell Standish Phone 0425 253119 (mobile) Principal, High Performance Coders Visiting Senior Research Fellow [email protected] Economics, Kingston University http://www.hpcoders.com.au ---------------------------------------------------------------------------- ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove
