Announcement

Collapse
No announcement yet.

KRACK attack against WPA2

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    KRACK attack against WPA2

    Was found TWO MONTHS ago and just made public.
    http://www.zdnet.com/article/wpa2-se...y-wifi-device/
    except that it seems that MS and Apple were informed and have already released patches.

    Turn your transmit power down to 70mw or less to minimize your broadcast range and reduce your vulnerability. Several years ago I turned my xmit power to 70mw and a month ago switched to 5GHz. My SSID disappears 15' from my front door.

    ...
    But many products and device makers will likely not receive patches -- immediately, or ever. Katie Moussouris‏, founder of Luta Security, said in a tweet that Internet of Things devices will be some of the "hardest hit."


    Until patches are available, Wi-Fi should be considered a no-go zone for anything mission critical, a feat almost impossible in today's age of ubiquitous and blanket wireless network access.


    ...
    But many products and device makers will likely not receive patches -- immediately, or ever. Katie Moussouris‏, founder of Luta Security, said in a tweet that Internet of Things devices will be some of the "hardest hit."


    Until patches are available, Wi-Fi should be considered a no-go zone for anything mission critical, a feat almost impossible in today's age of ubiquitous and blanket wireless network access.


    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    #2
    BSD was fixed in July. Just updated wpasupplicant an hour ago in Kubuntu. Updated our router about the same time. It's supposed to be fixed now, continuing to rock on.
    The next brick house on the left
    Intel i7 11th Gen | 16GB | 1TB | KDE Plasma 5.27.11​| Kubuntu 24.04 | 6.8.0-31-generic



    Comment


      #3
      after woodys last set of posts ,,,,,,,that included several references to Kali ,,,I took a look at their page ,,,and saw at least 2 videos of WPA2 attacks working quite well .

      VINNY
      i7 4core HT 8MB L3 2.9GHz
      16GB RAM
      Nvidia GTX 860M 4GB RAM 1152 cuda cores

      Comment


        #4
        Oh good ... now cracking is mainstream.

        O.K., I get ethical hacking, I get white hat/black hat. I don't get educating and making things easy for the bad guys, they are already dedicated enough.
        The next brick house on the left
        Intel i7 11th Gen | 16GB | 1TB | KDE Plasma 5.27.11​| Kubuntu 24.04 | 6.8.0-31-generic



        Comment


          #5
          Originally posted by jglen490 View Post
          Oh good ... now cracking is mainstream.

          O.K., I get ethical hacking, I get white hat/black hat. I don't get educating and making things easy for the bad guys, they are already dedicated enough.
          Linux has a tradition of posting news of a vulnerability on the same day it is discovered, or ASAP, along with a test script to prove infection or cure. The fix usually came within a few days but the user is informed and can take safety measures until the fix is released. Closed Source is usually driven by the profit motive and usually keeps their knowledge of vulnerabilities secret until it is in their economic advantage to patch them, if they ever do. When they do announce them they often release the patch at the same time.

          The black hats often discover vulnerabilities before the white hats do and many times the black hats are gov sponsored teams doing research, or spying on those that do.


          Sent from my iPhone using Tapatalk
          "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
          – John F. Kennedy, February 26, 1962.

          Comment


            #6
            And there's BSD ... fixed in July. Hardly a paragon of profitability.

            Many of those many black hats who are government sponsored, may be effective, but only because they have a self-interest problem in that relationship. That makes their "masters" more suspect. Especially considering government's general relationship with IT companies - and I'm in one of those relationships. Government people - most are really nice, at least at my level, a lot aren't - at a lot of other levels.
            The next brick house on the left
            Intel i7 11th Gen | 16GB | 1TB | KDE Plasma 5.27.11​| Kubuntu 24.04 | 6.8.0-31-generic



            Comment

            Working...
            X