CR4® - The Engineer's Place for News and Discussion®


Previous in Forum: Half the Missing Matter was Found?   Next in Forum: Dick Morley, the Father of the PLC, Died October 17
Close
Close
Close
2 comments
Guru
Engineering Fields - Nuclear Engineering - New Member

Join Date: Sep 2009
Location: Louisville, OH
Posts: 1049
Good Answers: 23

WiFi (KRACK)

10/18/2017 9:02 AM

FYI: A vulnerability has been discovered in WiFi WPA2; the acronym is KRACK. A good defense is to keep all of your software, virus scanners, and malware scanners updated.

I don't have to worry too much, because I don't use WiFi. But be sure to update everything to keep the nasties out.

__________________
Lehman57
Register to Reply
Interested in this topic? By joining CR4 you can "subscribe" to
this discussion and receive notification when new comments are added.

Comments rated to be "almost" Good Answers:

Check out these comments that don't yet have enough votes to be "official" good answers and, if you agree with them, rate them!
Member

Join Date: Oct 2017
Posts: 8
#1

Re: WiFi (KRACK)

10/18/2017 10:58 AM

I'm using linux mint and i get updated wifi modules very fast for that, i'm happy that it is working

Register to Reply
Guru

Join Date: Apr 2010
Posts: 5760
Good Answers: 578
#2

Re: WiFi (KRACK)

10/19/2017 8:45 AM

From what I understand:

1. To exploit your WiFi, the attacker needs to be within range. He can't attack from somewhere on the internet.

2. The attacker cannot obtain your password, and changing your password offers no protection.

3. The attacker can only read unencrypted http, not secure encrypted https.

"Security researcher Mathy Vanhoef publicly disclosed a serious vulnerability in the WPA2 encryption protocol today. Most devices and routers currently rely on WPA2 to encrypt your WiFi traffic, so chances are you’re affected.

But first, let’s clarify what an attacker can and cannot do using the KRACK vulnerability. The attacker can intercept some of the traffic between your device and your router. If traffic is encrypted properly using HTTPS, an attacker can’t look at this traffic. Attackers can’t obtain your Wi-Fi password using this vulnerability. They can just look at your unencrypted traffic if they know what they’re doing. With some devices, attackers can also perform packet injection and do some nasty things. This vulnerability is like sharing the same WiFi network in a coffee shop or airport.

The attacker needs to be in range of your WiFi network. They can’t attack you from miles and miles away. The attacker could also take control of a zombie computer near you, but this is already a much more sophisticated attack. That’s why companies should release patches as soon as possible because chances are most attackers just learned about this vulnerability today."

more

https://techcrunch.com/2017/10/16/heres-what-you-can-do-to-protect-yourself-from-the-krack-wifi-vulnerability/

Register to Reply Score 1 for Good Answer
Register to Reply 2 comments
Interested in this topic? By joining CR4 you can "subscribe" to
this discussion and receive notification when new comments are added.

Comments rated to be "almost" Good Answers:

Check out these comments that don't yet have enough votes to be "official" good answers and, if you agree with them, rate them!

Previous in Forum: Half the Missing Matter was Found?   Next in Forum: Dick Morley, the Father of the PLC, Died October 17

Advertisement