Hmm in the video he used the sslstrip tool to force HTTP as a Man in the Middle attack!
Regards Michael Knill -----Original Message----- From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> Date: Tuesday, 17 October 2017 at 4:30 am To: AstLinux List <astlinux-users@lists.sourceforge.net> Subject: [Astlinux-users] KRACK - WiFi WPA2 Key Reinstallation Attacks AstLinux Users, For the sake of completeness, AstLinux standard builds do not contain WiFi client (wpa_supplicant) or server (hostapd) support, so the recent KRACK WPA2 security disclosures do not apply to AstLinux. Ref: Key Reinstallation Attacks Breaking WPA2 by forcing nonce reuse https://www.krackattacks.com Though, any attached WiFi WPA2 access points and corresponding clients may well be vulnerable, in particular any Linux clients using wpa_supplicant are particularly vulnerable. Note that this KRACK vulnerability affects WiFi non-encrypted traffic payloads such as HTTP, as if you tapped a cable, encrypted payloads such as HTTPS and OpenVPN remain secure. Lonnie ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
