On 10/16/2017 21:14, Ronald F. Guilmette wrote: > In message <[email protected]>, > John-Mark Gurney <[email protected]> wrote: > >>> In light of the recent WPA2 disclosures, it has occured to me that >>> as of today it may be a Bad Idea for me to be exporting all of this >>> stuff, read/write, to all of 192.168.1.0/24. >> Doesn't matter, if your network is compromized, only strong encryption >> and authentication will save you.. > Hummm... I *think* that maybe I'm starting to understand now. But maybe > not. I'm at a bit of a disadvantage, because like 99.999% of the > population I'm still not entirely 100% clear on what can and can't > be done with these new WPA2 exploits. Please understand that if you can get an AP to hand you a zero'd key (with an intentionally "weak" client) THEN THAT PERSON JUST BECAME ABLE TO ATTACH TO YOUR NETWORK AS AN AUTHORIZED USER.
Your network is thus exactly as "secure" as one that has an open RJ45 jack sitting at the end of your driveway and connected to your switch. If someone who plugged into that could screw you blind well, that's exactly the situation you're now in. Incidentally, has anyone yet figured out if this vector works on a network configured for machine certificates instead of a PSK? I'm not certain from what I've looked at yet, and that is bothering me a LOT for what should be obvious reasons. -- Karl Denninger [email protected] <mailto:[email protected]> /The Market Ticker/ /[S/MIME encrypted email preferred]/
smime.p7s
Description: S/MIME Cryptographic Signature
