* [gentoo-user] Key reinstallation attack on WPA2 - new vulnerability discovered
@ 2017-10-19 18:35 Mick
2017-10-19 19:30 ` Daniel Frey
0 siblings, 1 reply; 4+ messages in thread
From: Mick @ 2017-10-19 18:35 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 130 bytes --]
In case you are not aware of this vulnerability:
https://www.krackattacks.com/
https://bugs.gentoo.org/634440
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-user] Key reinstallation attack on WPA2 - new vulnerability discovered
2017-10-19 18:35 [gentoo-user] Key reinstallation attack on WPA2 - new vulnerability discovered Mick
@ 2017-10-19 19:30 ` Daniel Frey
2017-10-19 19:39 ` Lucas Ramage
0 siblings, 1 reply; 4+ messages in thread
From: Daniel Frey @ 2017-10-19 19:30 UTC (permalink / raw
To: gentoo-user
On 10/19/2017 11:35 AM, Mick wrote:
> In case you are not aware of this vulnerability:
>
> https://www.krackattacks.com/
>
> https://bugs.gentoo.org/634440
>
I read this the other day. It seems that pretty much all devices are
affected by this. I'm curious to know how many Android handsets will
actually get fixed.
Apparently if one of the client or AP is patched it is better but not
completely fixed. So now I wonder of all those old home routers that
probably haven't had a firmware update ever.
Then what about all the crappy IoT devices which rarely update? Ugh.
This is really nasty.
Looks like Google is working on it, so is Apple, Microsoft, and a bunch
of other vendors.
There looks to be a patch for my UBNT AP already. I read yesterday
Microsoft is advising people to update Windows to get the fix.
Ugh, I can hear people asking me questions about this already.
Having a CVE on pretty much every wifi device in existence... Wow.
Dan
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-user] Key reinstallation attack on WPA2 - new vulnerability discovered
2017-10-19 19:30 ` Daniel Frey
@ 2017-10-19 19:39 ` Lucas Ramage
2017-10-19 22:56 ` [gentoo-user] " Ian Zimmerman
0 siblings, 1 reply; 4+ messages in thread
From: Lucas Ramage @ 2017-10-19 19:39 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1773 bytes --]
LEDE has already patched this issue. That's what I run on my router. But
android? I doubt my phone would be getting an update if I wasn't running
lineageos.
On Thu, Oct 19, 2017 at 3:30 PM, Daniel Frey <djqfrey@gmail.com> wrote:
> On 10/19/2017 11:35 AM, Mick wrote:
>
>> In case you are not aware of this vulnerability:
>>
>> https://www.krackattacks.com/
>>
>> https://bugs.gentoo.org/634440
>>
>>
> I read this the other day. It seems that pretty much all devices are
> affected by this. I'm curious to know how many Android handsets will
> actually get fixed.
>
> Apparently if one of the client or AP is patched it is better but not
> completely fixed. So now I wonder of all those old home routers that
> probably haven't had a firmware update ever.
>
> Then what about all the crappy IoT devices which rarely update? Ugh.
>
> This is really nasty.
>
> Looks like Google is working on it, so is Apple, Microsoft, and a bunch of
> other vendors.
>
> There looks to be a patch for my UBNT AP already. I read yesterday
> Microsoft is advising people to update Windows to get the fix.
>
> Ugh, I can hear people asking me questions about this already.
>
> Having a CVE on pretty much every wifi device in existence... Wow.
>
> Dan
>
>
--
Regards,
[image: Visit online journal] <https://lramage94.github.io/>
*Lucas Ramage* / Software Engineer
ramage.lucas@openmailbox.org / (941) 404-6794
*PGP Fingerprint* / Learn More <https://emailselfdefense.fsf.org/en/>
EAE7 45DF 818D 4948 DDA7 0F44 F52A 5A96 7B9B 6FB7
<https://pgp.mit.edu/pks/lookup?op=get&search=0xF52A5A967B9B6FB7>
*Visit online journal*
http://lramage94.github.io <https://lramage94.github.io/>
[image: Github] <https://github.com/lramage94>[image: Linkedin]
<https://www.linkedin.com/in/lramage94>
[-- Attachment #2: Type: text/html, Size: 4503 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* [gentoo-user] Re: Key reinstallation attack on WPA2 - new vulnerability discovered
2017-10-19 19:39 ` Lucas Ramage
@ 2017-10-19 22:56 ` Ian Zimmerman
0 siblings, 0 replies; 4+ messages in thread
From: Ian Zimmerman @ 2017-10-19 22:56 UTC (permalink / raw
To: gentoo-user
On 2017-10-19 15:39, Lucas Ramage wrote:
> LEDE has already patched this issue.
Indeed, and this made me try them for the first time. It was totally
painless and I can recommend it. OTOH some other router oriented
distros seem lagging behind, or don't even have a stable upgrade
mechanism in place [cough .. openwrt].
> android? I doubt my phone would be getting an update if I wasn't running
> lineageos.
My tablet is 4 years old. When I asked on IRC how to get lineageos on
it, the answer was brief: "Get a new device".
Well, I turned it into a media player with no network connection
some time before that, so no big loss.
--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
Do obvious transformation on domain to reply privately _only_ on Usenet.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-10-19 22:56 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-10-19 18:35 [gentoo-user] Key reinstallation attack on WPA2 - new vulnerability discovered Mick
2017-10-19 19:30 ` Daniel Frey
2017-10-19 19:39 ` Lucas Ramage
2017-10-19 22:56 ` [gentoo-user] " Ian Zimmerman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox