Re: [slim] KRACK attacks

2017-11-04 Thread iPhone
Davesworld wrote: > It puzzles me why people are just now worried about security over wifi, > it never really existed without VPN Probably because it never really made the news plus it was the "Topic de Jour" as it is now with all the hackings of Target, Home Depot, Equifax in the news

Re: [slim] KRACK attacks

2017-11-03 Thread pippin
It’s just not very convenient to not use wireless remote control. The most important reason to use a Squeezebox for many users. --- learn more about iPeng, the iPhone and iPad remote for the Squeezebox and Logitech UE Smart Radio as well as iPeng Party, the free Party-App, at

Re: [slim] KRACK attacks

2017-11-03 Thread Davesworld
I like how this made the news but WPA2 was cracked by other methods long before this and one could be a block away to do them. The reasons this one bothers me even less is because they have to be awfully close to pull it off and the other reason is that I ALWAYS run my wireless lan on a different

Re: [slim] KRACK attacks

2017-10-21 Thread iPhone
eindgebruiker wrote: > You'd better watch out riding around with your Squeezebox Touches :p Guess I better remove the WiFi cards before somebody takes over my Thunderbird while I'm driving down the road! :cool: *iPhone* Media Room: ModWright Platinum Signature Transporter, VTL TL-6.5

Re: [slim] KRACK attacks

2017-10-21 Thread eindgebruiker
You'd better watch out riding around with your Squeezebox Touches :p eindgebruiker's Profile: http://forums.slimdevices.com/member.php?userid=10427 View this thread: http://forums.slimdevices.com/showthread.php?t=108140

Re: [slim] KRACK attacks

2017-10-20 Thread iPhone
. . So you folks in Apartments and Stacked Living are really the only ones that need to worry (next time you wake up in the middle of the night, look around to see which neighbors lights are on, that is probably the guy you need to worry about). :roll eyes: :rolleyes: *iPhone* Media Room:

Re: [slim] KRACK attacks

2017-10-19 Thread drmatt
... AND the attacker has to be both quicker and nearer to the end point to override the signal coming from your router. Long shot at best. -Transcoded from Matt's brain by Tapatalk- -- Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0 Music: ~1300 CDs, as

Re: [slim] KRACK attacks

2017-10-19 Thread earthbased
As long as KRACK cannot see Pre-Shared WPA2 password then I am not worrying. Furthermore, both WiFi access point and client have to be unpatched for this hack to work. earthbased's Profile:

Re: [slim] KRACK attacks

2017-10-19 Thread pippin
That doesn’t mean it’s not vulnerable. It’s just more complicated to break than more modern Linux versions. --- learn more about iPeng, the iPhone and iPad remote for the Squeezebox and Logitech UE Smart Radio as well as iPeng Party, the free Party-App, at penguinlovesmusic.com *New: iPeng 9,

Re: [slim] KRACK attacks

2017-10-19 Thread drmatt
Too old to be vulnerable.. haha -Transcoded from Matt's brain by Tapatalk- -- Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0 Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums..

Re: [slim] KRACK attacks

2017-10-19 Thread eindgebruiker
iPhone wrote: > And how many have you broken into? The point is that those other people can see my network too. And I was mistaken: I can see over 75 networks. However, I just checked my Touch, and it uses wpa_supplicant version 0.5.7, which is very old and does not contain the all-zero

Re: [slim] KRACK attacks

2017-10-18 Thread drmatt
Let's not overreact It's just a hard to execute proof of concept crack of a security protocol which will likely be fixed on most things you care about before there are exploits in the wild. Keep your knickers untwisted. -Transcoded from Matt's brain by Tapatalk- -- Hardware: 3x Touch, 1x

Re: [slim] KRACK attacks

2017-10-18 Thread iPhone
John Stimson wrote: > I don't know, maybe the dude with a house full of Vandersteens has a > pretty juicy bank account? > > I don't think that relying on the laziness of criminals is a very good > security philosophy. I agree which is why my Networks are as completely secure as possible.

Re: [slim] KRACK attacks

2017-10-18 Thread John Stimson
iPhone wrote: > Besides, which one of us has anything worth the time to go to the > trouble to backdoor an SB3 to access our Network?I don't know, maybe the dude > with a house full of Vandersteens has a pretty juicy bank account? I don't think that relying on the laziness of criminals is a

Re: [slim] KRACK attacks

2017-10-17 Thread iPhone
eindgebruiker wrote: > In my apartment I can see over 20 wifi networks around me. And how many have you broken into? I am betting none. Most people first don't have the skills plus in today's it "All About Me Social Media World" they don't have the time either. In another post I think Pippin

Re: [slim] KRACK attacks

2017-10-17 Thread drmatt
pippin wrote: > Doesn't really help on a home network. You'd have to use certificate > pinning as well because you can't identify the server and that would > probably beyond "usable".I would think a VPN bridge would be the only > workable way, bridging between the wired segments of your network

Re: [slim] KRACK attacks

2017-10-17 Thread pippin
drmatt wrote: > Time for an SSL wrapper > Doesn't really help on a home network. You'd have to use certificate pinning as well because you can't identify the server and that would probably beyond "usable". --- learn more about iPeng, the iPhone and iPad remote for the Squeezebox and

Re: [slim] KRACK attacks

2017-10-17 Thread pippin
mavit wrote: > My understanding is that traffic can also be injected onto the network. > An attacker could connect to Logitech Media Server and do any of the bad > things described at >

Re: [slim] KRACK attacks

2017-10-17 Thread epoch1970
eindgebruiker wrote: > Do you trust both the Squeezebox software and Squeezebox server software > to be free of vulnerabilities? I believe the thin client SB are pretty impervious to anything ;) LMS and its base OS, that is another story. For maintenance reasons many put LMS on a VM or on a

Re: [slim] KRACK attacks

2017-10-17 Thread drmatt
Time for an SSL wrapper -Transcoded from Matt's brain by Tapatalk- -- Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0 Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums..

Re: [slim] KRACK attacks

2017-10-17 Thread eindgebruiker
slartibartfast wrote: > [emoji3] > I was thinking more of blocks of flats where your WiFi is visible to > very many "neighbours" In my apartment I can see over 20 wifi networks around me. eindgebruiker's Profile:

Re: [slim] KRACK attacks

2017-10-17 Thread mavit
pippin wrote: > Of course there are then additional risks if people are able to sniff > passwords etc. and it’s not a desirable situation but what kind of > sensitive information is usually going to or from your Squeezebox? My understanding is that traffic can also be injected onto the network.

Re: [slim] KRACK attacks

2017-10-17 Thread eindgebruiker
>From https://www.krackattacks.com: > As a result, even though WPA2 is used, the adversary can now perform one > of the most common attacks against open Wi-Fi networks: injecting > malicious data into unencrypted HTTP connections. For example, an > attacker can abuse this to inject ransomware or

Re: [slim] KRACK attacks

2017-10-17 Thread pippin
Well, I could think up quite a number of scenarios where I don’t have to be a neighbor myself, just look at how many hacked devices there are already out there, if you use any of those to hack other WiFi networks you can get quite a reach. All of that said: unless there are ADDITIONAL

Re: [slim] KRACK attacks

2017-10-17 Thread slartibartfast
drmatt wrote: > You have nice neighbours.. > > > -Transcoded from Matt's brain by Tapatalk-[emoji3] I was thinking more of blocks of flats where your WiFi is visible to very many "neighbours" Sent from my SM-G900F using Tapatalk

Re: [slim] KRACK attacks

2017-10-17 Thread drmatt
slartibartfast wrote: > Unless they were neighbours. > > Sent from my SM-G900F using TapatalkYou have nice neighbours.. -Transcoded from Matt's brain by Tapatalk- -- Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0 Music: ~1300 CDs, as 450 GB of 16/44k

Re: [slim] KRACK attacks

2017-10-16 Thread slartibartfast
drmatt wrote: > Life will go on. Like with most vulnerabilities someone would have to > drive by and target you. > > > -Transcoded from Matt's brain by Tapatalk-Unless they were neighbours. Sent from my SM-G900F using Tapatalk

Re: [slim] KRACK attacks

2017-10-16 Thread drmatt
Life will go on. Like with most vulnerabilities someone would have to drive by and target you. -Transcoded from Matt's brain by Tapatalk- -- Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0 Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x

Re: [slim] KRACK attacks

2017-10-16 Thread pippin
... for which you might not get any updates pre-iOS 9, too. And most Android devices probably will not get an update at all --- learn more about iPeng, the iPhone and iPad remote for the Squeezebox and Logitech UE Smart Radio as well as iPeng Party, the free Party-App, at

Re: [slim] KRACK attacks

2017-10-16 Thread Mnyb
And old squeezeboxes will have the same faith as any other dead not longer developed product , it will not get any patches . But I'm more concerned about the laptop iPad iPhone and router at the moment Main hifi: Touch + CIA

Re: [slim] KRACK attacks

2017-10-16 Thread pippin
Well, right now not a single one of your devices is safe, long term we‘ll have to see. --- learn more about iPeng, the iPhone and iPad remote for the Squeezebox and Logitech UE Smart Radio as well as iPeng Party, the free Party-App, at penguinlovesmusic.com *New: iPeng 9, the Universal App

Re: [slim] KRACK attacks

2017-10-16 Thread drmatt
Only if you enable it. -Transcoded from Matt's brain by Tapatalk- -- Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0 Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums..

Re: [slim] KRACK attacks

2017-10-16 Thread John Stimson
pippin wrote: > That said: SBs usually don't transmit that much sensitive data although > they can of course be used to hack into whatever is on your network once > they have access.That seems like a pretty serious concern. I don't really > want some random person operating a machine on my

Re: [slim] KRACK attacks

2017-10-16 Thread pippin
Can clients be attacked through that? Isn't it just APs? --- learn more about iPeng, the iPhone and iPad remote for the Squeezebox and Logitech UE Smart Radio as well as iPeng Party, the free Party-App, at penguinlovesmusic.com *New: iPeng 9, the Universal App for iPhone, iPad and Apple

Re: [slim] KRACK attacks

2017-10-16 Thread drmatt
And yet BSD got a fix out in less than a month. Apple should just pick that up.. ;) -Transcoded from Matt's brain by Tapatalk- -- Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0 Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k

Re: [slim] KRACK attacks

2017-10-16 Thread bpa
It will only become relevant when an official soution is agreed (the problem is a protocol flaw not an implementation one) and router firmware is updated. According to reports - Apple have been working on the flaw for about a month and no update so far !

Re: [slim] KRACK attacks

2017-10-16 Thread drmatt
About zero. The Krack has no known exploits in the wild by the look of it, for now. And I doubt you're that worried about the security of the data going to your squeezeboxes..? -Transcoded from Matt's brain by Tapatalk- -- Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with

[slim] KRACK attacks

2017-10-16 Thread mavit
A serious security vulnerability in WPA2 was made public today, mainly affecting Wi-Fi clients. See https://www.krackattacks.com/ for details. What are the chances of seeing updated Squeezebox firmware to address this?