Re: [slim] KRACK attacks
Davesworld wrote: > It puzzles me why people are just now worried about security over wifi, > it never really existed without VPN Probably because it never really made the news plus it was the "Topic de Jour" as it is now with all the hackings of Target, Home Depot, Equifax in the news recently. But you are correct, Ethernet everything one can plus keep Servers off the WiFi network. I am shocked every time I monitor what people are doing over unsecured WiFi at McDonald's or the local Coffee House. *iPhone* Media Room: ModWright Platinum Signature Transporter, VTL TL-6.5 Signature Pre-Amp, Ayre MX-R Mono's, VeraStarr 6.4SE 6-channel Amp, Vandersteen Speakers: Quatro Wood Mains, VCC-5 Reference Center, four VSM-1 Signatures, Video: Runco RS 900 CineWide AutoScope 2.35:1, Vandersteen V2W Subwoofer Living Room: Transporter, ADCOM GTP-870HD, Cinepro 3K6SE III Gold, Vandersteen Model 3A Signature, Two 2Wq subs, VCC-2, Two VSM-1 Office: Touch with Vandersteen VSM-1s Kitchen: Touch in-wall mount w/ Thiel Powerpoint 1.2s Bedroom: Squeezebox BOOM Bathroom: Squeezebox Radio Around the House: SliMP3, SB1, SB2, SB3 Ford Thunderbird: SB Touch, USB drive Ford Expedition: SB Touch, USB drive iPhone's Profile: http://forums.slimdevices.com/member.php?userid=13622 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
Its just not very convenient to not use wireless remote control. The most important reason to use a Squeezebox for many users. --- learn more about iPeng, the iPhone and iPad remote for the Squeezebox and Logitech UE Smart Radio as well as iPeng Party, the free Party-App, at penguinlovesmusic.com *New: iPeng 9, the Universal App for iPhone, iPad and Apple Watch* pippin's Profile: http://forums.slimdevices.com/member.php?userid=13777 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
I like how this made the news but WPA2 was cracked by other methods long before this and one could be a block away to do them. The reasons this one bothers me even less is because they have to be awfully close to pull it off and the other reason is that I ALWAYS run my wireless lan on a different subnet than my lan with no access to the lan from the wlan. If I truly needed a secure wireless connection I would run my wireless in a VPN tunnel across the wireless link. The Opera browser has a VPN widget built in and is very handy while traveling with a laptop. I use wired connections as much as possible and only do so with my Squeeze ecosystem. I would never have thought to expose my server via a wireless link. I only use wireless to stream movies over a roku or stream internet radio as neither of those need access to my lan. It puzzles me why people are just now worried about security over wifi, it never really existed without VPN Davesworld's Profile: http://forums.slimdevices.com/member.php?userid=63649 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
eindgebruiker wrote: > You'd better watch out riding around with your Squeezebox Touches :p Guess I better remove the WiFi cards before somebody takes over my Thunderbird while I'm driving down the road! :cool: *iPhone* Media Room: ModWright Platinum Signature Transporter, VTL TL-6.5 Signature Pre-Amp, Ayre MX-R Mono's, VeraStarr 6.4SE 6-channel Amp, Vandersteen Speakers: Quatro Wood Mains, VCC-5 Reference Center, four VSM-1 Signatures, Video: Runco RS 900 CineWide AutoScope 2.35:1, Vandersteen V2W Subwoofer Living Room: Transporter, ADCOM GTP-870HD, Cinepro 3K6SE III Gold, Vandersteen Model 3A Signature, Two 2Wq subs, VCC-2, Two VSM-1 Office: Touch with Vandersteen VSM-1s Kitchen: Touch in-wall mount w/ Thiel Powerpoint 1.2s Bedroom: Squeezebox BOOM Bathroom: Squeezebox Radio Around the House: SliMP3, SB1, SB2, SB3 Ford Thunderbird: SB Touch, USB drive Ford Expedition: SB Touch, USB drive iPhone's Profile: http://forums.slimdevices.com/member.php?userid=13622 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
You'd better watch out riding around with your Squeezebox Touches :p eindgebruiker's Profile: http://forums.slimdevices.com/member.php?userid=10427 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
. . So you folks in Apartments and Stacked Living are really the only ones that need to worry (next time you wake up in the middle of the night, look around to see which neighbors lights are on, that is probably the guy you need to worry about). :roll eyes: :rolleyes: *iPhone* Media Room: ModWright Platinum Signature Transporter, VTL TL-6.5 Signature Pre-Amp, Ayre MX-R Mono's, VeraStarr 6.4SE 6-channel Amp, Vandersteen Speakers: Quatro Wood Mains, VCC-5 Reference Center, four VSM-1 Signatures, Video: Runco RS 900 CineWide AutoScope 2.35:1, Vandersteen V2W Subwoofer Living Room: Transporter, ADCOM GTP-870HD, Cinepro 3K6SE III Gold, Vandersteen Model 3A Signature, Two 2Wq subs, VCC-2, Two VSM-1 Office: Touch with Vandersteen VSM-1s Kitchen: Touch in-wall mount w/ Thiel Powerpoint 1.2s Bedroom: Squeezebox BOOM Bathroom: Squeezebox Radio Around the House: SliMP3, SB1, SB2, SB3 Ford Thunderbird: SB Touch, USB drive Ford Expedition: SB Touch, USB drive iPhone's Profile: http://forums.slimdevices.com/member.php?userid=13622 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
... AND the attacker has to be both quicker and nearer to the end point to override the signal coming from your router. Long shot at best. -Transcoded from Matt's brain by Tapatalk- -- Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0 Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums.. drmatt's Profile: http://forums.slimdevices.com/member.php?userid=59498 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
As long as KRACK cannot see Pre-Shared WPA2 password then I am not worrying. Furthermore, both WiFi access point and client have to be unpatched for this hack to work. earthbased's Profile: http://forums.slimdevices.com/member.php?userid=334 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
That doesnt mean its not vulnerable. Its just more complicated to break than more modern Linux versions. --- learn more about iPeng, the iPhone and iPad remote for the Squeezebox and Logitech UE Smart Radio as well as iPeng Party, the free Party-App, at penguinlovesmusic.com *New: iPeng 9, the Universal App for iPhone, iPad and Apple Watch* pippin's Profile: http://forums.slimdevices.com/member.php?userid=13777 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
Too old to be vulnerable.. haha -Transcoded from Matt's brain by Tapatalk- -- Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0 Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums.. drmatt's Profile: http://forums.slimdevices.com/member.php?userid=59498 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
iPhone wrote: > And how many have you broken into? The point is that those other people can see my network too. And I was mistaken: I can see over 75 networks. However, I just checked my Touch, and it uses wpa_supplicant version 0.5.7, which is very old and does not contain the all-zero vulnerability mentioned on krackattacks.com. eindgebruiker's Profile: http://forums.slimdevices.com/member.php?userid=10427 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
Let's not overreact It's just a hard to execute proof of concept crack of a security protocol which will likely be fixed on most things you care about before there are exploits in the wild. Keep your knickers untwisted. -Transcoded from Matt's brain by Tapatalk- -- Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0 Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums.. drmatt's Profile: http://forums.slimdevices.com/member.php?userid=59498 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
John Stimson wrote: > I don't know, maybe the dude with a house full of Vandersteens has a > pretty juicy bank account? > > I don't think that relying on the laziness of criminals is a very good > security philosophy. I agree which is why my Networks are as completely secure as possible. Now here is a thought, how do they KNOW I have Vandersteen and Ayre products in my house when they see my SB3? Riddle me that? More importantly, how do they get to my back account? I run two networks in my home. The first network that is attached to the Internet is probably more secure then networks the Government is running (knock on wood, I have never been hacked) because it has commercial Cisco Routers and real firewalls with only Ethernet connections for all devices IE no WiFi. My second network is a WiFi network without Internet that has a Sonic Wall Wifi Router and my Vortexbox Server that again has no connection to the Internet. Besides the server the only devices on the WiFi Network are my Squeezeboxes (both Ethernet and Wifi connections), my iPhone/iPad (for use with iPeng), and that is it. So how do they get to any of my personal information much less my bank account when no computer or laptop connects via WiFi or is on a network with KRACK vulnerability? If anybody takes the time to hack my SB3, other Squeezeboxes, or even my WiFi Router to gain access to my WiFi Network all they are going to reach is my Vortexbox Server and see my music collection. They could easily get more information online about me from the open County Property Tax records then from my WiFi Network! *iPhone* Media Room: ModWright Platinum Signature Transporter, VTL TL-6.5 Signature Pre-Amp, Ayre MX-R Mono's, VeraStarr 6.4SE 6-channel Amp, Vandersteen Speakers: Quatro Wood Mains, VCC-5 Reference Center, four VSM-1 Signatures, Video: Runco RS 900 CineWide AutoScope 2.35:1, Vandersteen V2W Subwoofer Living Room: Transporter, ADCOM GTP-870HD, Cinepro 3K6SE III Gold, Vandersteen Model 3A Signature, Two 2Wq subs, VCC-2, Two VSM-1 Office: Touch with Vandersteen VSM-1s Kitchen: Touch in-wall mount w/ Thiel Powerpoint 1.2s Bedroom: Squeezebox BOOM Bathroom: Squeezebox Radio Around the House: SliMP3, SB1, SB2, SB3 Ford Thunderbird: SB Touch, USB drive Ford Expedition: SB Touch, USB drive iPhone's Profile: http://forums.slimdevices.com/member.php?userid=13622 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
iPhone wrote: > Besides, which one of us has anything worth the time to go to the > trouble to backdoor an SB3 to access our Network?I don't know, maybe the dude > with a house full of Vandersteens has a pretty juicy bank account? I don't think that relying on the laziness of criminals is a very good security philosophy. John Stimson's Profile: http://forums.slimdevices.com/member.php?userid=218 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
eindgebruiker wrote: > In my apartment I can see over 20 wifi networks around me. And how many have you broken into? I am betting none. Most people first don't have the skills plus in today's it "All About Me Social Media World" they don't have the time either. In another post I think Pippin mentions open wifi networks like at cafes, you just would not believe what people do on an Internet connection without even a thought to it. I have a copy of the Ukrainian WiFi Network Viewer Program and I can tell you from sitting in a large city McDonald's or Panera Bread Cafe that people have no common sense about Internet Security much less WiFi security. People viewing Online Banking, Paying Bills, checking credit cards, reading emails, and even some pervert viewing porn at McDonald's. With a simple $39 program one can see their Usernames, Logins, and passwords plus collect every keystroke they make while on Open WiFi. And people using Windows based laptops that blindly broadcast their IP and MAC Addresses anybody can log right into their PC! Besides, which one of us has anything worth the time to go to the trouble to backdoor an SB3 to access our Network? *iPhone* Media Room: ModWright Platinum Signature Transporter, VTL TL-6.5 Signature Pre-Amp, Ayre MX-R Mono's, VeraStarr 6.4SE 6-channel Amp, Vandersteen Speakers: Quatro Wood Mains, VCC-5 Reference Center, four VSM-1 Signatures, Video: Runco RS 900 CineWide AutoScope 2.35:1, Vandersteen V2W Subwoofer Living Room: Transporter, ADCOM GTP-870HD, Cinepro 3K6SE III Gold, Vandersteen Model 3A Signature, Two 2Wq subs, VCC-2, Two VSM-1 Office: Touch with Vandersteen VSM-1s Kitchen: Touch in-wall mount w/ Thiel Powerpoint 1.2s Bedroom: Squeezebox BOOM Bathroom: Squeezebox Radio Around the House: SliMP3, SB1, SB2, SB3 Ford Thunderbird: SB Touch, USB drive Ford Expedition: SB Touch, USB drive iPhone's Profile: http://forums.slimdevices.com/member.php?userid=13622 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
pippin wrote: > Doesn't really help on a home network. You'd have to use certificate > pinning as well because you can't identify the server and that would > probably beyond "usable".I would think a VPN bridge would be the only > workable way, bridging between the wired segments of your network over the wireless segments. -Transcoded from Matt's brain by Tapatalk- -- Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0 Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums.. drmatt's Profile: http://forums.slimdevices.com/member.php?userid=59498 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
drmatt wrote: > Time for an SSL wrapper > Doesn't really help on a home network. You'd have to use certificate pinning as well because you can't identify the server and that would probably beyond "usable". --- learn more about iPeng, the iPhone and iPad remote for the Squeezebox and Logitech UE Smart Radio as well as iPeng Party, the free Party-App, at penguinlovesmusic.com *New: iPeng 9, the Universal App for iPhone, iPad and Apple Watch* pippin's Profile: http://forums.slimdevices.com/member.php?userid=13777 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
mavit wrote: > My understanding is that traffic can also be injected onto the network. > An attacker could connect to Logitech Media Server and do any of the bad > things described at > http://forums.slimdevices.com/showthread.php?107165-IMPORTANT-Stop-forwarding-your-LMS-ports-to-the-internet!=879191=1#post879191, > including extracting sensitive data that happens to be on the same > machine that runs the server. That's what I said, isn't it? I said "without additional vulnerabilities". The question is: will someone go all the way to do such a complicated attack just to attack your music server? Unlikely IMHO, not impossible. If there are more vulnerabilities and you an e.g. gain more rights on the server, that's when it gets more critical. A good remedy here would be to run LMS from a VM that only has read access to your music but that can get complicated quickly, at least if you still want to be able to store playlists, set ratings etc. --- learn more about iPeng, the iPhone and iPad remote for the Squeezebox and Logitech UE Smart Radio as well as iPeng Party, the free Party-App, at penguinlovesmusic.com *New: iPeng 9, the Universal App for iPhone, iPad and Apple Watch* pippin's Profile: http://forums.slimdevices.com/member.php?userid=13777 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
eindgebruiker wrote: > Do you trust both the Squeezebox software and Squeezebox server software > to be free of vulnerabilities? I believe the thin client SB are pretty impervious to anything ;) LMS and its base OS, that is another story. For maintenance reasons many put LMS on a VM or on a dedicated server (a Pi). Now just move that machine to its own LAN. If that's too inflexible, use a VM or containers on the desktop PC and use that for online banking etc. And keep that thing offline most of the time. Problem solved. (If there is any problem for home networks, that is. A quick read made me think the attack process required accessing the wired LAN first?) You can also run something like Openvpn on top of your wifi network. That keeps the wifi network empty except for the VPN server. I remember having done that in pre-WPA days. 3 SB 3 Libratone Loop, Zipp Mini iPeng (iPhone + iPad) LMS 7.9 (linux) with plugins: CD Player, WaveInput, Triode's BBC iPlayer by bpa IRBlaster by Gwendesign (Felix) Server Power Control by Gordon Harris Smart Mix, Music Walk With Me, What Was That Tune? by Michael Herger PowerSave by Jason Holtzapple Song Info, Song Lyrics by Erland Isaksson AirPlay Bridge by philippe_44 WeatherTime by Martin Rehfeld Auto Dim Display, SaverSwitcher, ContextMenu by Peter Watkins. epoch1970's Profile: http://forums.slimdevices.com/member.php?userid=16711 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
Time for an SSL wrapper -Transcoded from Matt's brain by Tapatalk- -- Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0 Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums.. drmatt's Profile: http://forums.slimdevices.com/member.php?userid=59498 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
slartibartfast wrote: > [emoji3] > I was thinking more of blocks of flats where your WiFi is visible to > very many "neighbours" In my apartment I can see over 20 wifi networks around me. eindgebruiker's Profile: http://forums.slimdevices.com/member.php?userid=10427 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
pippin wrote: > Of course there are then additional risks if people are able to sniff > passwords etc. and its not a desirable situation but what kind of > sensitive information is usually going to or from your Squeezebox? My understanding is that traffic can also be injected onto the network. An attacker could connect to Logitech Media Server and do any of the bad things described at http://forums.slimdevices.com/showthread.php?107165-IMPORTANT-Stop-forwarding-your-LMS-ports-to-the-internet!=879191=1#post879191, including extracting sensitive data that happens to be on the same machine that runs the server. mavit's Profile: http://forums.slimdevices.com/member.php?userid=10203 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
>From https://www.krackattacks.com: > As a result, even though WPA2 is used, the adversary can now perform one > of the most common attacks against open Wi-Fi networks: injecting > malicious data into unencrypted HTTP connections. For example, an > attacker can abuse this to inject ransomware or malware into websites > that the victim is visiting. Encryption is a first line of defense. This is now gone. Do you trust both the Squeezebox software and Squeezebox server software to be free of vulnerabilities? eindgebruiker's Profile: http://forums.slimdevices.com/member.php?userid=10427 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
Well, I could think up quite a number of scenarios where I dont have to be a neighbor myself, just look at how many hacked devices there are already out there, if you use any of those to hack other WiFi networks you can get quite a reach. All of that said: unless there are ADDITIONAL vulnerabilities, KRACK doesnt mean people can hack your devices, you can only sniff the communication. Its a bit like being on a public network, like in a cafe or so. Of course there are then additional risks if people are able to sniff passwords etc. and its not a desirable situation but what kind of sensitive information is usually going to or from your Squeezebox? --- learn more about iPeng, the iPhone and iPad remote for the Squeezebox and Logitech UE Smart Radio as well as iPeng Party, the free Party-App, at penguinlovesmusic.com *New: iPeng 9, the Universal App for iPhone, iPad and Apple Watch* pippin's Profile: http://forums.slimdevices.com/member.php?userid=13777 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
drmatt wrote: > You have nice neighbours.. > > > -Transcoded from Matt's brain by Tapatalk-[emoji3] I was thinking more of blocks of flats where your WiFi is visible to very many "neighbours" Sent from my SM-G900F using Tapatalk slartibartfast's Profile: http://forums.slimdevices.com/member.php?userid=35609 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
slartibartfast wrote: > Unless they were neighbours. > > Sent from my SM-G900F using TapatalkYou have nice neighbours.. -Transcoded from Matt's brain by Tapatalk- -- Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0 Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums.. drmatt's Profile: http://forums.slimdevices.com/member.php?userid=59498 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
drmatt wrote: > Life will go on. Like with most vulnerabilities someone would have to > drive by and target you. > > > -Transcoded from Matt's brain by Tapatalk-Unless they were neighbours. Sent from my SM-G900F using Tapatalk slartibartfast's Profile: http://forums.slimdevices.com/member.php?userid=35609 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
Life will go on. Like with most vulnerabilities someone would have to drive by and target you. -Transcoded from Matt's brain by Tapatalk- -- Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0 Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums.. drmatt's Profile: http://forums.slimdevices.com/member.php?userid=59498 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
... for which you might not get any updates pre-iOS 9, too. And most Android devices probably will not get an update at all --- learn more about iPeng, the iPhone and iPad remote for the Squeezebox and Logitech UE Smart Radio as well as iPeng Party, the free Party-App, at penguinlovesmusic.com *New: iPeng 9, the Universal App for iPhone, iPad and Apple Watch* pippin's Profile: http://forums.slimdevices.com/member.php?userid=13777 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
And old squeezeboxes will have the same faith as any other dead not longer developed product , it will not get any patches . But I'm more concerned about the laptop iPad iPhone and router at the moment Main hifi: Touch + CIA PS +MeridianG68J MeridianHD621 MeridianG98DH 2 x MeridianDSP5200 MeridianDSP5200HC 2 xMeridianDSP3100 +Rel Stadium 3 sub. Bedroom/Office: Boom Kitchen: Touch + powered Fostex PM0.4 Misc use: Radio (with battery) iPad1 with iPengHD & SqueezePad (spares Touch, SB3, reciever ,controller ) server HP proliant micro server N36L with ClearOS Linux http://people.xiph.org/~xiphmont/demo/neil-young.html Mnyb's Profile: http://forums.slimdevices.com/member.php?userid=4143 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
Well, right now not a single one of your devices is safe, long term well have to see. --- learn more about iPeng, the iPhone and iPad remote for the Squeezebox and Logitech UE Smart Radio as well as iPeng Party, the free Party-App, at penguinlovesmusic.com *New: iPeng 9, the Universal App for iPhone, iPad and Apple Watch* pippin's Profile: http://forums.slimdevices.com/member.php?userid=13777 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
Only if you enable it. -Transcoded from Matt's brain by Tapatalk- -- Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0 Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums.. drmatt's Profile: http://forums.slimdevices.com/member.php?userid=59498 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
pippin wrote: > That said: SBs usually don't transmit that much sensitive data although > they can of course be used to hack into whatever is on your network once > they have access.That seems like a pretty serious concern. I don't really > want some random person operating a machine on my private LAN. While my hope is that the only thing you can do to a SB by injecting arbitrary data into its TCP/IP connections is to make it play noise or abort playback, I don't know that for certain. If you can use KRACK to make a connection to any port you want, then you can telnet in to the SB and get a shell. John Stimson's Profile: http://forums.slimdevices.com/member.php?userid=218 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
Can clients be attacked through that? Isn't it just APs? --- learn more about iPeng, the iPhone and iPad remote for the Squeezebox and Logitech UE Smart Radio as well as iPeng Party, the free Party-App, at penguinlovesmusic.com *New: iPeng 9, the Universal App for iPhone, iPad and Apple Watch* pippin's Profile: http://forums.slimdevices.com/member.php?userid=13777 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
And yet BSD got a fix out in less than a month. Apple should just pick that up.. ;) -Transcoded from Matt's brain by Tapatalk- -- Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0 Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums.. drmatt's Profile: http://forums.slimdevices.com/member.php?userid=59498 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
It will only become relevant when an official soution is agreed (the problem is a protocol flaw not an implementation one) and router firmware is updated. According to reports - Apple have been working on the flaw for about a month and no update so far ! bpa's Profile: http://forums.slimdevices.com/member.php?userid=1806 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] KRACK attacks
About zero. The Krack has no known exploits in the wild by the look of it, for now. And I doubt you're that worried about the security of the data going to your squeezeboxes..? -Transcoded from Matt's brain by Tapatalk- -- Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0 Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums.. drmatt's Profile: http://forums.slimdevices.com/member.php?userid=59498 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
[slim] KRACK attacks
A serious security vulnerability in WPA2 was made public today, mainly affecting Wi-Fi clients. See https://www.krackattacks.com/ for details. What are the chances of seeing updated Squeezebox firmware to address this? mavit's Profile: http://forums.slimdevices.com/member.php?userid=10203 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss