Re: [OT] Question on the WIFI security issue Key Reinstallation Attack ("krack" attack)

2017-10-16 Thread Tim
Allegedly, on or about 16 October 2017, Patrick O'Callaghan sent: > Note that in all cases the problem is limited to nodes sharing the > same wireless access point, i.e. it's not going to bite you over the > Internet. Though that, rather obviously, means that using public WiFi is unsafe (not that

Re: [OT] Question on the WIFI security issue Key Reinstallation Attack ("krack" attack)

2017-10-16 Thread Patrick O'Callaghan
On Mon, 2017-10-16 at 17:51 +0100, Patrick O'Callaghan wrote: > wpa_supplicant (used in Linux and Android) is particularly bad. Just in case this point isn't getting enough emphasis: the specific vulnerability in wpa_supplicant allows the adversary to force the use of an all-0's encryption key. Th

Re: Question on the WIFI security issue Key Reinstallation Attack ("krack" attack)

2017-10-16 Thread stan
On Mon, 16 Oct 2017 16:15:26 +0100 Patrick O'Callaghan wrote: > On Mon, 2017-10-16 at 16:00 +0100, Ron Leach wrote: > > Is there any longer-term security support for earlier versions? > > We've a few devices still running F24 or F23. > > As has been reiterated innumerable times, Fedora does

Re: [OT] Question on the WIFI security issue Key Reinstallation Attack ("krack" attack)

2017-10-16 Thread Patrick O'Callaghan
On Mon, 2017-10-16 at 08:54 -0700, Jonathan Ryshpan wrote: > I am about 97% ignorant about encryption. However... > > It seems that these attacks are directed at clients rather than > servers. Is this correct? No. > If so, it's a good thing for me, since I use an old Belkin wireless > router

Re: Question on the WIFI security issue Key Reinstallation Attack ("krack" attack)

2017-10-16 Thread Matthew Miller
On Mon, Oct 16, 2017 at 04:00:46PM +0100, Ron Leach wrote: > (We hadn't updated these devices to F25 because there had seemed to > be some difficulties reported on the lists, but that would be option > we still have. I've downloaded the paper to understand better the > risks at (i) coffee shops et

Re: [OT] Question on the WIFI security issue Key Reinstallation Attack ("krack" attack)

2017-10-16 Thread Jonathan Ryshpan
I am about 97% ignorant about encryption. However... It seems that these attacks are directed at clients rather than servers. Is this correct? If so, it's a good thing for me, since I use an old Belkin wireless router whose firmware will surely never be upgraded. jon On Mon, 2017-10-16 at 0

Re: Question on the WIFI security issue Key Reinstallation Attack ("krack" attack)

2017-10-16 Thread Patrick O'Callaghan
On Mon, 2017-10-16 at 16:00 +0100, Ron Leach wrote: > On 16/10/2017 15:21, Michael Cronenworth wrote: > > > F25: https://bodhi.fedoraproject.org/updates/FEDORA-2017-12e76e8364 > > F27: https://bodhi.fedoraproject.org/updates/FEDORA-2017-f45e844a85 > > Rawhide: (just run a dnf update) > > _

Re: Question on the WIFI security issue Key Reinstallation Attack ("krack" attack)

2017-10-16 Thread Ron Leach
On 16/10/2017 15:21, Michael Cronenworth wrote: F25: https://bodhi.fedoraproject.org/updates/FEDORA-2017-12e76e8364 F27: https://bodhi.fedoraproject.org/updates/FEDORA-2017-f45e844a85 Rawhide: (just run a dnf update) ___ Is there any longer-term secu

Re: Question on the WIFI security issue Key Reinstallation Attack ("krack" attack)

2017-10-16 Thread Michael Cronenworth
On 10/16/2017 08:30 AM, Matthew Miller wrote: On Mon, Oct 16, 2017 at 07:32:32AM -0400, Mark C. Allman wrote: I figure that this is being addressed but hopefully it doesn't hurt to ask. https://www.krackattacks.com/ https://bodhi.fedoraproject.org/updates/FEDORA-2017-60bfb576b7 Which is for

Re: Question on the WIFI security issue Key Reinstallation Attack ("krack" attack)

2017-10-16 Thread Mark C. Allman
On 10/16/2017 09:30 AM, Matthew Miller wrote: > On Mon, Oct 16, 2017 at 07:32:32AM -0400, Mark C. Allman wrote: >> I figure that this is being addressed but hopefully it doesn't hurt to ask. >> https://www.krackattacks.com/ > https://bodhi.fedoraproject.org/updates/FEDORA-2017-60bfb576b7 > Perfect

Re: Question on the WIFI security issue Key Reinstallation Attack ("krack" attack)

2017-10-16 Thread Matthew Miller
On Mon, Oct 16, 2017 at 07:32:32AM -0400, Mark C. Allman wrote: > I figure that this is being addressed but hopefully it doesn't hurt to ask. > https://www.krackattacks.com/ https://bodhi.fedoraproject.org/updates/FEDORA-2017-60bfb576b7 -- Matthew Miller Fedora Project Leader __

Re: Question on the WIFI security issue Key Reinstallation Attack ("krack" attack)

2017-10-16 Thread George N. White III
On 16 October 2017 at 08:32, Mark C. Allman wrote: > I figure that this is being addressed but hopefully it doesn't hurt to ask. > > https://www.krackattacks.com/ > > Many organizations either don't allow (WPA2) wireless or require VPN when not using the internal wired network. Many of us have o

Question on the WIFI security issue Key Reinstallation Attack ("krack" attack)

2017-10-16 Thread Mark C. Allman
I figure that this is being addressed but hopefully it doesn't hurt to ask. https://www.krackattacks.com/ Thanks, -- *Mark C. Allman, PMP, CSM* Founder, See How You Ski, www.seehowyouski.com Sr. Project Manager, Allman Professional Consulting, Inc., www.allmanpc.co