On 10/16/2017 09:37 PM, Mke C> wrote: >> Have people looked in to this: >> >> https://apnews.com/743db922a4d2473a8745ce54c134c33a/Researchers-discover-vulnerability-affecting-Wi-Fi-security >> >> If so, how have you handled it? > Step 1. Get actual useful information on the vulnerability that provides > some degree of understanding and assessing the risk. That AP article is > a prime example of standard mainstream fear mongering of the latest > vulnerability discovered by a security researcher in a lab. Please help > us all by not sharing info from AP in the future. > > Better and more useful info here: > Mostly layman but thorough - > https://techcrunch.com/2017/10/16/wpa2-shown-to-be-vulnerable-to-key-reinstallation-attacks/ > > More technical - https://www.krackattacks.com/
Okay. I did make some effort to find out more details before posting to PLUG, but didn't know about the sites you list. > Step 2. Realize that cracking into a WiFi network isn't easy and takes > time and effort. Not too mention trying to capture actual sensitive > personal data. > > Step 3 Have some coffee, tea or beer. Re-read step 2 and contemplate the > following: > > "He further writes that while some of the attacks detailed in the paper > may seem hard to pull off, follow-up work has shown that attacks against > — for example — macOS and OpenBSD are “significantly more general and > easier to execute”, adding: “So although we agree that some of the > attack scenarios in the paper are rather impractical, do not let this > fool you into believing key reinstallation attacks cannot be abused in > practice.” > > Pizza Hut was recently hacked. 60,000 customers billing information > compromised in 28 hrs. Equifax hack, etc, etc. > > Step 4. Have some more of my fav beverage and wait patiently for > security updates while using the Internet over a wired connection. That's what I was hoping would be the answer. It's a known problem of high enough priority that the major distros will take care of it, and I'll keep up with my updates. > Step 5. Realize that when I need to use WiFi, I'll just use it and > probably not concern myself with security risks as like most people, I > got stuff to do, places to go and people to see. > > Step 6. Due to step 5, I put my faith and trust that there are good > people who will release security patches and other good people who will > file a class action law suits and polices / laws that protect consumers > from identity theft, fraud and abuse. > > Sleep well! =) Most of my interaction with the Internet is over a wired connection. I do regularly use WiFi at home. We're in a semi-rural neighborhood. There aren't too many folks out here for that to be a major concern, and we're not on a major thoroughfare. My home WiFi use is through my Buffalo WZR-600 DHP router running OpenWRT. I'll check and see if OpenWRT is working on anything related to this, and trust that Ubuntu will push out a patch. My wife uses a Lenovo Win7 laptop, so I'll make sure MS is doing something about it, too. Thanks for your reply. -- Regards, Dick Steffens _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
