|brent timothy saner on 16 Oct 2017 11:34:44 -0700|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|Re: [PLUG] Wpa2 oops|
On 10/16/2017 02:29 PM, Keith C. Perry wrote: > Brent, > > Its looking slightly less bad- clients appear to be more of the problem but the AP's still need to be patched. Everything, everywhere needs to be patched to be on the best footing so this going to be slow going. > > https://community.ubnt.com/t5/UniFi-Routing-Switching/Krack-exploit-and-wpa2/m-p/2099840#M61285 > > The longer term risk would be older devices that do not get patched. > yep! spoke to one of my infosec contacts and expected risk/severity factor is only about 6.5/10 in his projection. but just like with heartbleed, it could start out slow/not as serious in scope and then snowball into something even bigger. but yes, it mostly affects clients, but that's sort of worse in a way- you can control the patching of your routers/WAPs much more easily than that of the clients that will be connecting to you. but you're absolutely right- think of how many people don't update their phone firmware? and android 6.0 is especially vulnerable.
Description: OpenPGP digital signature
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug