| If anyone is using public Wifi - turn it off now 13:09 - Oct 16 with 7727 views | DanTheMan |
https://www.krackattacks.com/
tl;dr The main method of authentication for Wifi has been cracked and basically everything uses it. Not much you can do except wait for patches. Anything that uses HTTPS should be ok for time being. |  |
| |  |
| If anyone is using public Wifi - turn it off now on 16:52 - Oct 16 with 7045 views | blue_oyster |
No technology is 100% secure. Even though we may be made to believe it. |  |
| |
| If anyone is using public Wifi - turn it off now on 16:53 - Oct 16 with 7035 views | chicoazul |
I am fully stupid in these areas. When you say public wifi do you mean for instance, the wifi I use at Starbucks? But not my home one which is password protected?
EDIT: lol at "forcing nonce reuse" [Post edited 16 Oct 2017 16:54]
|  |
| |
| If anyone is using public Wifi - turn it off now on 16:57 - Oct 16 with 7021 views | hype313 |
| If anyone is using public Wifi - turn it off now on 16:52 - Oct 16 by blue_oyster |
No technology is 100% secure. Even though we may be made to believe it. |
Really? |  |
| |
| If anyone is using public Wifi - turn it off now on 18:35 - Oct 16 with 6926 views | Ryorry |
| If anyone is using public Wifi - turn it off now on 16:53 - Oct 16 by chicoazul |
I am fully stupid in these areas. When you say public wifi do you mean for instance, the wifi I use at Starbucks? But not my home one which is password protected?
EDIT: lol at "forcing nonce reuse" [Post edited 16 Oct 2017 16:54]
|
I assume this does include private homes using the kind of public wifi masts serving rural areas, via routers using WPA2 security passwords.
However, the only alternative for some of us would be zero internet connection, permanently, as there are no other viable alternatives.
And "Although this paper is made public now, it was already submitted for review on 19 May 2017. After this, only minor changes were made. As a result, the findings in the paper are already several months old." Since I've used online banking since then and not been defrauded in that time, I assume they haven't managed to hack me - yet. I'll be a bit more wary of using it now tho! and will send a copy of the article to my ISPs, thanks Dan. |  |
| |
| If anyone is using public Wifi - turn it off now on 18:54 - Oct 16 with 6888 views | vapour_trail |
| If anyone is using public Wifi - turn it off now on 16:52 - Oct 16 by blue_oyster |
No technology is 100% secure. Even though we may be made to believe it. |
Wow.
Keep these nuggets coming please bo, we're all off to hell
In a handcart if you withdraw your insight. |  |
| |
| If anyone is using public Wifi - turn it off now on 19:11 - Oct 16 with 6850 views | blue_oyster |
| If anyone is using public Wifi - turn it off now on 18:54 - Oct 16 by vapour_trail |
Wow.
Keep these nuggets coming please bo, we're all off to hell
In a handcart if you withdraw your insight. |
You, specifically, are always welcome. | |
| |
| If anyone is using public Wifi - turn it off now on 19:33 - Oct 16 with 6817 views | vapour_trail |
| If anyone is using public Wifi - turn it off now on 19:11 - Oct 16 by blue_oyster |
You, specifically, are always welcome. |
Being a bit of a fckwit, I specifically, am grateful. | |
| |
| If anyone is using public Wifi - turn it off now on 20:17 - Oct 16 with 6762 views | Ryorry |
Got this quick response back from my ISP (an independent, not one of the biggies)
"We are extremely careful to keep the whole network up to date at all times - especially with security.
Unless you have been given a reason to suspect you are having any issues you can rest easy that we have the network secured. If you are in doubt at any point do let us know as soon as possible though and we would always look into it as fast as possible as we take such issues very seriously.
In my nearly 2 years working for X I've never heard of any such issue occuring on our network, before and after I joined." | |
| |
Login to get fewer ads
| If anyone is using public Wifi - turn it off now on 20:23 - Oct 16 with 6743 views | J2BLUE |
| If anyone is using public Wifi - turn it off now on 20:17 - Oct 16 by Ryorry |
Got this quick response back from my ISP (an independent, not one of the biggies)
"We are extremely careful to keep the whole network up to date at all times - especially with security.
Unless you have been given a reason to suspect you are having any issues you can rest easy that we have the network secured. If you are in doubt at any point do let us know as soon as possible though and we would always look into it as fast as possible as we take such issues very seriously.
In my nearly 2 years working for X I've never heard of any such issue occuring on our network, before and after I joined." |
That's clearly a hacked account reply, there's no company called X!
 |  |
| |
| If anyone is using public Wifi - turn it off now on 20:25 - Oct 16 with 6728 views | jeera |
| If anyone is using public Wifi - turn it off now on 20:17 - Oct 16 by Ryorry |
Got this quick response back from my ISP (an independent, not one of the biggies)
"We are extremely careful to keep the whole network up to date at all times - especially with security.
Unless you have been given a reason to suspect you are having any issues you can rest easy that we have the network secured. If you are in doubt at any point do let us know as soon as possible though and we would always look into it as fast as possible as we take such issues very seriously.
In my nearly 2 years working for X I've never heard of any such issue occuring on our network, before and after I joined." |
Keep that filed somewhere safe.
Could come in handy if a lawsuit was ever needed. |  |
| |
| If anyone is using public Wifi - turn it off now on 20:37 - Oct 16 with 6688 views | Ryorry |
| If anyone is using public Wifi - turn it off now on 20:25 - Oct 16 by jeera |
Keep that filed somewhere safe.
Could come in handy if a lawsuit was ever needed. |
Heh!
 | |
| |
| If anyone is using public Wifi - turn it off now on 20:40 - Oct 16 with 6677 views | jeera |
| If anyone is using public Wifi - turn it off now on 20:37 - Oct 16 by Ryorry |
Heh!
|
Well that cartoon is horribly realistic. | |
| |
| If anyone is using public Wifi - turn it off now on 10:02 - Oct 17 with 6464 views | solemio |
| If anyone is using public Wifi - turn it off now on 20:37 - Oct 16 by Ryorry |
Heh!
|
Are you on the left or right, Ryorry? |  | | |
| If anyone is using public Wifi - turn it off now on 10:04 - Oct 17 with 6456 views | Ryorry |
| If anyone is using public Wifi - turn it off now on 10:02 - Oct 17 by solemio |
Are you on the left or right, Ryorry? |
"We are the left side ..." | |
| |
| If anyone is using public Wifi - turn it off now on 10:05 - Oct 17 with 6450 views | BackToRussia |
| If anyone is using public Wifi - turn it off now on 20:17 - Oct 16 by Ryorry |
Got this quick response back from my ISP (an independent, not one of the biggies)
"We are extremely careful to keep the whole network up to date at all times - especially with security.
Unless you have been given a reason to suspect you are having any issues you can rest easy that we have the network secured. If you are in doubt at any point do let us know as soon as possible though and we would always look into it as fast as possible as we take such issues very seriously.
In my nearly 2 years working for X I've never heard of any such issue occuring on our network, before and after I joined." |
This is public WiFi. |  |
| |
| If anyone is using public Wifi - turn it off now on 10:09 - Oct 17 with 6440 views | No9 |
| If anyone is using public Wifi - turn it off now on 16:57 - Oct 16 by hype313 |
Really? |
Can you name a system that is secure & generally available to the public? | | | |
| If anyone is using public Wifi - turn it off now on 10:11 - Oct 17 with 6435 views | Ryorry |
| If anyone is using public Wifi - turn it off now on 10:05 - Oct 17 by BackToRussia |
This is public WiFi. |
Thanks for the confirmation. It's possible he might not have been aware of the latest report of course, so I'll stick to PayPal for a while! I did notice around 1-2 years ago (stopped now) that whenever I'd done any online banking (usually about once a month) I'd very quickly get a phishing email purporting to be from that bank, so I was clearly being tracked by someone/something. | |
| |
| If anyone is using public Wifi - turn it off now on 10:22 - Oct 17 with 6422 views | BackToRussia |
| If anyone is using public Wifi - turn it off now on 10:11 - Oct 17 by Ryorry |
Thanks for the confirmation. It's possible he might not have been aware of the latest report of course, so I'll stick to PayPal for a while! I did notice around 1-2 years ago (stopped now) that whenever I'd done any online banking (usually about once a month) I'd very quickly get a phishing email purporting to be from that bank, so I was clearly being tracked by someone/something. |
To be clear anything you do at home over your own private wifi connection isn't affected. This is for using WiFi connections that are open to to public say at a cafe. | |
| |
| If anyone is using public Wifi - turn it off now on 10:28 - Oct 17 with 6415 views | Ryorry |
| If anyone is using public Wifi - turn it off now on 10:22 - Oct 17 by BackToRussia |
To be clear anything you do at home over your own private wifi connection isn't affected. This is for using WiFi connections that are open to to public say at a cafe. |
Ah, right - so the distinction is where you device could be hacked into by someone near you, whereas at home you obviously can't be (except maybe out in the garden near a public road?) although you're using a line of sight mast that's for X thousand subscribers? It was the WPA2 password that got me wondering, as that's necessary for our router to connect. | |
| |
| If anyone is using public Wifi - turn it off now on 10:50 - Oct 17 with 6392 views | BackToRussia |
| If anyone is using public Wifi - turn it off now on 10:28 - Oct 17 by Ryorry |
Ah, right - so the distinction is where you device could be hacked into by someone near you, whereas at home you obviously can't be (except maybe out in the garden near a public road?) although you're using a line of sight mast that's for X thousand subscribers? It was the WPA2 password that got me wondering, as that's necessary for our router to connect. |
There's no real distinction in place, it's a distinction between public and private. Most home WiFi signals are private meaning you need a password to use it.
As you say its when you're on a public network. I assume this security breach means you are vulnerable from other users on the public network who are also hackers. | |
| |
| If anyone is using public Wifi - turn it off now on 12:35 - Oct 17 with 6354 views | Ryorry |
| If anyone is using public Wifi - turn it off now on 10:50 - Oct 17 by BackToRussia |
There's no real distinction in place, it's a distinction between public and private. Most home WiFi signals are private meaning you need a password to use it.
As you say its when you're on a public network. I assume this security breach means you are vulnerable from other users on the public network who are also hackers. |
Right, thanks. Frequent pw changes it is then! | |
| |
| If anyone is using public Wifi - turn it off now on 12:50 - Oct 17 with 6321 views | DanTheMan |
| If anyone is using public Wifi - turn it off now on 10:50 - Oct 17 by BackToRussia |
There's no real distinction in place, it's a distinction between public and private. Most home WiFi signals are private meaning you need a password to use it.
As you say its when you're on a public network. I assume this security breach means you are vulnerable from other users on the public network who are also hackers. |
Sorry, I should have offered more explanation.
You are also absolutely vulnerable on your home network, however, an attacker would need to be within physical range of your wifi do to anything, which unless they happen to be living next door would not be an issue. Whereas a public wifi with lots of people on is an easy target as you can join and nobody would notice.
For most people not using wifi at home for X weeks is not an option which is why I did not say not to switch that off. We've switched off ours at work as a precaution, I know a few other companies that have done similar.
FWIW you will not need to update your router or access point for a fix.
As an update though
- Microsoft have released a patch which everyone should have today if you're using Windows, make sure to install all updates to ensure it's patched.
- Apple have one on the way, it's already been implemented and is going through their testing cycle
- Google will be releasing a patch "in the coming weeks" which is a bit rubbish but there we go
- Linux has the patch available.
EDIT: Just noticed Ryorry that your ISP told you that you were safe. That's a flagrant lie. [Post edited 17 Oct 2017 12:52]
| |
| |
| If anyone is using public Wifi - turn it off now on 13:42 - Oct 17 with 6280 views | Throbbe |
Oh, if only we had listened to rml123's warnings. |  |
| |
| If anyone is using public Wifi - turn it off now on 13:46 - Oct 17 with 6267 views | Ryorry |
| If anyone is using public Wifi - turn it off now on 12:50 - Oct 17 by DanTheMan |
Sorry, I should have offered more explanation.
You are also absolutely vulnerable on your home network, however, an attacker would need to be within physical range of your wifi do to anything, which unless they happen to be living next door would not be an issue. Whereas a public wifi with lots of people on is an easy target as you can join and nobody would notice.
For most people not using wifi at home for X weeks is not an option which is why I did not say not to switch that off. We've switched off ours at work as a precaution, I know a few other companies that have done similar.
FWIW you will not need to update your router or access point for a fix.
As an update though
- Microsoft have released a patch which everyone should have today if you're using Windows, make sure to install all updates to ensure it's patched.
- Apple have one on the way, it's already been implemented and is going through their testing cycle
- Google will be releasing a patch "in the coming weeks" which is a bit rubbish but there we go
- Linux has the patch available.
EDIT: Just noticed Ryorry that your ISP told you that you were safe. That's a flagrant lie. [Post edited 17 Oct 2017 12:52]
|
Ah, thanks. I did mention in a follow-up post that I thought it possible my ISP on-call engineer might simply be unaware of this recent security breach.
Will get the Apple patch soon as it's out - would it be poss for you to alert us on here when it is please? | |
| |
| If anyone is using public Wifi - turn it off now on 14:48 - Oct 17 with 6235 views | MJallday |
turning off public wifi is just the start
the protocol is used by just about every equipment manufacturer - ever
this might help people for the various manufacturers (something from our info sec team)
Cisco
Cisco are releasing software updates that addresses the vulnerability on Aironet hardware. Some products are still under investigation to ascertain whether they are affected by the vulnerability. If you have a Wireless LAN Controller the software will require updating in order to update the access points.
Updates for affected software releases will be published when they are available. Details can be found here: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2
The workaround provided is to disable 802.11r, however where possible patching is advised.
Meraki
Meraki have provided a patch for the vulnerability and the fix is available as a part of the latest available firmware (i.e. firmware versions MR 24.11 and MR 25.7).
Details can be found here: https://documentation.meraki.com/zGeneral_Administration/Support/802.11r_Vulnera
and https://meraki.cisco.com/blog/2017/10/critical-802-11r-vulnerability-disclosed-f
The workaround provided is to disable 802.11r, however where possible patching is advised.
Other Major Vendors
For ease other major vendor responses are below. It is recommended to utilise a VPN if using Apple or Android devices at public Wi-Fi locations.
Apple
Apple have currently only fixed the patch in beta versions of iOS. A full release is expected shortly.
Android
No patch information is currently available.
Microsoft
Microsoft released patches in the latest round of patch Tuesday to protect against this vulnerability. Details can be found here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-1308 |  |
| |
| |
By continuing to use the site, you agree to our use of cookies and to abide by our Terms and Conditions.
