Re: [PLUG] Wpa2 oops

Keith C. Perry on 16 Oct 2017 15:24:00 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Wpa2 oops

From: "Keith C. Perry" <kperry@daotechnologies.com>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Wpa2 oops
Date: Mon, 16 Oct 2017 18:22:35 -0400 (EDT)
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
Thread-index: /VSYiARHlUUp5pgyuhyoxhEobysGaA==
Thread-topic: Wpa2 oops

Looks like Windows users are good as of the 10/10 update...

https://www.windowscentral.com/microsoft-releases-statement-krack-wi-fi-vulnerability

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 
Keith C. Perry, MS E.E. 
Managing Member, DAO Technologies LLC 
(O) +1.215.525.4165 x2033 
(M) +1.215.432.5167 
www.daotechnologies.com

----- Original Message -----
From: "brent saner" <brent.saner@gmail.com>
To: plug@lists.phillylinux.org
Sent: Monday, October 16, 2017 2:34:29 PM
Subject: Re: [PLUG] Wpa2 oops

On 10/16/2017 02:29 PM, Keith C. Perry wrote:
> Brent,
> 
> Its looking slightly less bad- clients appear to be more of the problem but the AP's still need to be patched.  Everything, everywhere needs to be patched to be on the best footing so this going to be slow going.
> 
> https://community.ubnt.com/t5/UniFi-Routing-Switching/Krack-exploit-and-wpa2/m-p/2099840#M61285
> 
> The longer term risk would be older devices that do not get patched.
> 

yep! spoke to one of my infosec contacts and expected risk/severity
factor is only about 6.5/10 in his projection.

but just like with heartbleed, it could start out slow/not as serious in
scope and then snowball into something even bigger.

but yes, it mostly affects clients, but that's sort of worse in a way-
you can control the patching of your routers/WAPs much more easily than
that of the clients that will be connecting to you.

but you're absolutely right- think of how many people don't update their
phone firmware? and android 6.0 is especially vulnerable.


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] Wpa2 oops
  - From: jeffv <jeffv@op.net>
- Re: [PLUG] Wpa2 oops
  - From: brent timothy saner <brent.saner@gmail.com>
- Re: [PLUG] Wpa2 oops
  - From: Paul Walker <pjwalker76@gmail.com>
- Re: [PLUG] Wpa2 oops
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] Wpa2 oops
  - From: brent timothy saner <brent.saner@gmail.com>
- Re: [PLUG] Wpa2 oops
  - From: "Keith C. Perry" <kperry@daotechnologies.com>
- Re: [PLUG] Wpa2 oops
  - From: brent timothy saner <brent.saner@gmail.com>

Prev by Date: [PLUG] 13-15" CRT?
Next by Date: [PLUG] Art that looks like JP's router.
Previous by thread: Re: [PLUG] Wpa2 oops
Next by thread: Re: [PLUG] Wpa2 oops
Index(es):
- Date
- Thread