Page 1 2
Go | New | Find | Notify | Tools | Reply | |
member |
According to information released yesterday (Ars Technica article), the security protocol protecting most of the world's Wi-Fi networks, WPA2, has been cracked. And it has been cracked at the protocol level, so it affects virtually all servers (Wi-Fi routers and Access Points) and clients (computers, smartphones, tablets, cameras, any device using Wi-Fi as its network connection). Some devices and OS's are more vulnerable than others, but all can be compromised, until patched. Linux and Android are particularly vulnerable. Some vendors have already patched their systems (incredibly Microsoft was one of the first), but all servers and clients need firmware upgrades to protect against this vulnerability. Luckily, the patch is easy for vendors to implement. It is being called "Krack", for "Key Reinstallation Attack". For the technically inclined, here is a link to the paper written by the Belgian researchers who discovered the vulnerability. It details the mechanics of breaking the protocol. Paper with background info. | ||
|
goodheart |
Looks like Apple has patches already in beta for MacOS, iOS, etc.
_________________________ “Remember, remember the fifth of November!" | |||
|
Chip away the stone |
Thanks for posting. Looks like I've got some work to do. | |||
|
Member |
If I read this correctly yesterday when it came out, the hacker must be within range of your WiFi network to hack it. The hack does not work over the internet, so that does mitigate the risk a bit. The primary point of vulnerability is public WiFi networks (think Starbucks and the like), so it might be a good idea for a while to not utilize them. ----------------------------- Guns are awesome because they shoot solid lead freedom. Every man should have several guns. And several dogs, because a man with a cat is a woman. Kurt Schlichter | |||
|
| Big Stack |
Is the patch only necessary at the client level. Are routers/WAPs going to need updates also? | |||
|
Aller Anfang ist schwer |
It is both. Everything will need updates. | |||
|
| No Compromise |
Damn it six days a week and twice on Sunday... H&K-Guy | |||
|
| Big Stack |
Okay, so I have an ancient D-link router. I doubt it can be flashed, and likely it's old enough that they won't support it anyway. When do we think new routers will be out that address this situation? Update: From DLink's support page...
| |||
|
Tinker Sailor Soldier Pie |
How does one update a router? ~Alan Acta Non Verba NRA Life Member (Patron) God, Family, Guns, Country Men will fight and die to protect women... because women protect everything else. ~Andrew Klavan | |||
|
| Staring back from the abyss  |
So what does this mean to those of us out in the boonies? My wifi doesn't even reach to the end of my driveway, so someone using it or otherwise causing me problems seems pretty remote. ________________________________________________________ "Great danger lies in the notion that we can reason with evil." Doug Patton. | |||
|
Delusions of Adequacy |
Well, the router for my FiOS is an Actiontec, but their legal agreement with Verizon doesn't allow them to post firmware updates, Verizon controls that. But I'm not holding my breath to see one. And I can't afford to replace it right now. But on the other hand, having almost everything hardwired is paying off now... laughing at people who wondered why I bothered. I have my own style of humor. I call it Snarkasm. | |||
|
Nullus Anxietas |
Hmmm... Have to check on my AP (Ubiquiti UniFi AC Pro), but our mobile devices are iOS. I'm not too worried about somebody hacking the data stream to/from the TV, DVR or Roku box. The alarm system is wired. All the computers are wired. Only real problem I see is the Reolink wireless surveillance cameras I just installed. My laptop, dual-booting MS-Win 7 Pro and Linux Mint Mate. But MS-Win 7 Pro should be patched and I just saw a Linux WPA Supplicant update yesterday, so I imagine that's taken care of. (I haven't been using the laptop, anyway.) I should be in pretty good shape. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
Now in Florida |
Typical, you would log into it by pointing your browser to your router's IP address (often 192.168.1.1). Then it will usually have a firmware update are in the control panel. | |||
|
| Chip away the stone |
If 192.168.1.1 doesn't load your router's webadmin page, you can open a command prompt, and type: ipconfig /all Look for the IP address of the Default Gateway, and type that in your browser. | |||
|
Honky Lips |
update whatever you'd like this is an attack on the protocol, we're far from out of the woods with this yet. | |||
|
Political Cynic |
sweet so what is our NSA doing to find these people and send in a few SEAL teams to eliminate the problems? If the NSA isn't doing anything, what are we paying them for? [B] Against ALL enemies, foreign and DOMESTIC | |||
|
| Member |
The NSA (National Surveillance Agency) likely has known about the issue for years and had been eavesdropping to their hearts content. -.-. --.- -.-. --.- -.-. --.- -.-. --.- It only stands to reason that where there's sacrifice, there's someone collecting the sacrificial offerings. Where there's service, there is someone being served. The man who speaks to you of sacrifice is speaking of slaves and masters, and intends to be the master. Ayn Rand "He gains votes ever and anew by taking money from everybody and giving it to a few, while explaining that every penny was extracted from the few to be giving to the many." Ogden Nash from his poem - The Politician | |||
|
| Tinker Sailor Soldier Pie |
Thank you, both. I know how to log into my Router so I'll start there. ~Alan Acta Non Verba NRA Life Member (Patron) God, Family, Guns, Country Men will fight and die to protect women... because women protect everything else. ~Andrew Klavan | |||
|
| Big Stack |
I think you're misreading this. This is some academic who's probing security in order to find weaknesses and push the companies to fix them. There's no proof that someone nefarious has found this. Of course now they do know.
| |||
|
| I have not yet begun to procrastinate |
Ok, so this has happened twice now this week on 2 different computers. Type in router IP address, hit enter and "This page cannot be displayed" comes up. Now what? -------- After the game, the King and the pawn go into the same box. | |||
|
| Powered by Social Strata | Page 1 2 |
 | Please Wait. Your request is being processed... |
|
© SIGforum 2024