Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic open

If it doesn't relate to Debian, but you still want to share it, please do it here

Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic open

Postby alan stone » 2017-10-16 14:14

Debian 8.9 32bit, WM: Openbox
Computers are like air conditioners. They work fine until you start opening windows. - Author Unknown
Programming is like sex. One mistake and you have to support it for the rest of your life. - Michael Sinz
User avatar
alan stone
 
Posts: 208
Joined: 2011-10-22 14:08
Location: In my body.

Re: Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic

Postby GarryRicketson » 2017-10-16 14:43

Interesting, I thought most people all ready knew about this, part , on the
https,....

The site went on to warn that visiting only HTTPS-protected Web pages wasn't automatically a remedy for the risk.

"Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations," the researchers explained. "For example, HTTPS was previously bypassed in ---- snip-----

There is another article here, it actually looks like a copy:
https://www.krackattacks.com/
User avatar
GarryRicketson
 
Posts: 4359
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic

Postby Thorny » 2017-10-16 16:03

Patched
October 16, 2017
Debian Security Advisory DSA-3999-1

That is jessie-->Sid patched. They don't mention Wheezy, Garry.
Thorny
 
Posts: 340
Joined: 2011-02-27 13:40

Re: Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic

Postby GarryRicketson » 2017-10-16 16:32

Actually I am not using Debian Wheezy any more, but any way, good to see they got it patched.
I don't use Wi-Fi either, I used to when I was travelling sometimes, but even then not that much. Any way that would be another topic.
User avatar
GarryRicketson
 
Posts: 4359
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic

Postby n_hologram » 2017-10-17 00:57

What precautions should be taken with a router? I'm pretty sure mine isn't getting another firmware update anytime soon.
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
n_hologram
 
Posts: 238
Joined: 2013-06-16 00:10

Re: Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic

Postby HuangLao » 2017-10-17 01:33

n_hologram wrote:What precautions should be taken with a router? I'm pretty sure mine isn't getting another firmware update anytime soon.


as big as this flaw was, you may get an update for the router....If not, look into openWRT or DD-WRT, they work especially well for Linsys routers, DD-WRT works well with many other brands as well.
User avatar
HuangLao
 
Posts: 332
Joined: 2015-01-27 01:31

Re: Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic

Postby alan stone » 2017-10-17 03:45

Any WiFi cellphones/tablets and home/SOHO/shop/bar/restaurant/airport/... access points out there, who will remain unpatched and vulnerable? :roll:

EDIT:

Let’s get digital, digital,
I wanna get all digital, let’s get all digital
Let me hear your cellphone talk,
Your cellphone talk, let me hear your cellphone talk.
(adapted from: let's get physical)
Debian 8.9 32bit, WM: Openbox
Computers are like air conditioners. They work fine until you start opening windows. - Author Unknown
Programming is like sex. One mistake and you have to support it for the rest of your life. - Michael Sinz
User avatar
alan stone
 
Posts: 208
Joined: 2011-10-22 14:08
Location: In my body.

Re: Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic

Postby dilberts_left_nut » 2017-10-17 06:15

It is just the handshake process that is vulnerable to this exploit (reports of the 'death' of WPA2 encryption seem premature).

From my reading, it looks like as long as the CLIENT is patched, you can safely connect to an unpatched AP.
AdrianTM wrote:There's no hacker in my grandma...
User avatar
dilberts_left_nut
 
Posts: 4691
Joined: 2009-10-05 07:54
Location: enzed

Re: Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic

Postby arochester » 2017-10-17 10:13

Ubuntu, Debian, Fedora and elementary OS All Patched Against WPA2 KRACK Bug

http://news.softpedia.com/news/ubuntu-d ... ign=buffer
"Something to be aware of: Debian is a core or source distribution. This means there are many Debian-based distributions. THEY ARE NOT DEBIAN."
arochester
 
Posts: 1089
Joined: 2010-12-07 19:55

Re: Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic

Postby TonyT » 2017-10-17 12:34

dilberts_left_nut wrote:It is just the handshake process that is vulnerable to this exploit (reports of the 'death' of WPA2 encryption seem premature).

From my reading, it looks like as long as the CLIENT is patched, you can safely connect to an unpatched AP.

Correct. From the Q&A: https://www.krackattacks.com/
What if there are no security updates for my router?

Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.
TonyT
 
Posts: 525
Joined: 2006-09-04 11:57

Re: Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic

Postby alan stone » 2017-10-17 20:45

Required functionality of both WPA and WPA2, and used by all protected Wi-Fi networks, is the 4-way handshake. Even enterprise networks rely on the 4-way handshake. Hence, all protected Wi-Fi networks are affected by our attacks.
Source: https://papers.mathyvanhoef.com/ccs2017.pdf

Finally, although an unpatched client can still connect to a patched AP, and vice versa, both the client and AP must be patched to defend against all attacks!
Source: https://www.krackattacks.com/#faq

Vulnerable enterprise systems, hospitals, ...
Government systems?
Debian 8.9 32bit, WM: Openbox
Computers are like air conditioners. They work fine until you start opening windows. - Author Unknown
Programming is like sex. One mistake and you have to support it for the rest of your life. - Michael Sinz
User avatar
alan stone
 
Posts: 208
Joined: 2011-10-22 14:08
Location: In my body.


Return to Offtopic

Who is online

Users browsing this forum: No registered users and 5 guests

fashionable