On 17/10/2017, Matthew Dillon <[email protected]> wrote: <snip>
> > Another late alert, it looks like WPA2's encryption was broken in the wild > in a key reinstallation attack called KRACK, which probably means that we > will be seeing a wpa_supplicant update soon. Watch for it. Not that > anyone should be doing anything unencrypted over their wifi anyhow.. but > just a head's up. It aint secure (if it ever was). This will be a > double-nasty for Android phones which generally don't get updates. For > DragonFlyBSD, we have two wpa_supplicant programs. One is in base to help > people bootstrap wifi-only laptops. The other is in packages. We will > post a followup once we have fixes in place. > It is interesting (and of concern) that I read about the WPA2 vulnerability, in a BBC online news report (in their Technology section), but have not yet received a CERT advisory regarding it. -- Bret Busby Armadale West Australia .............. "So once you do know what the question actually is, you'll know what the answer means." - Deep Thought, Chapter 28 of Book 1 of "The Hitchhiker's Guide to the Galaxy: A Trilogy In Four Parts", written by Douglas Adams, published by Pan Books, 1992 ....................................................
