• Last Updated:
  • Nov 11th, 2017 8:05 pm
Tags:
None
90 replies
Deal Addict
Feb 29, 2012
2662 posts
1389 upvotes
Richmond
Korkyjohnson96 wrote:
Oct 16th, 2017 9:47 am
Srsly though, I think it's VPN shopping time.
That might help prevent an attacker from reading your communications, but if they can use this vulnerability to connect to your router, then they could access private data or launch other attacks from within your LAN, steal your internet bandwidth, use your connection to download illegal material etc.. A VPN running on your computer won't help with that, although a VPN running on your router might do the trick if you force all connections to go through the VPN.

More:
https://gizmodo.com/dont-panic-but-wi-f ... 1819501001
http://www.theregister.co.uk/2017/10/16 ... _wireless/

Fixing this will require patching both routers and device OS (Windows, Android etc). Unfortunately routers older than a year or two will probably not get a patch, nor will devices stuck on old versions of their OS (like Android below current version). So wave goodbye to WiFi security for the next several years until all the existing equipment is retired. :rolleyes:
Deal Guru
User avatar
Jun 12, 2003
14316 posts
876 upvotes
Markham
Dang this seems quite serious
ShadowVlican
Deal Fanatic
Feb 9, 2006
7794 posts
1874 upvotes
Brampton
ShadowVlican wrote:
Oct 16th, 2017 10:59 am
Dang this seems quite serious
It is.
It pretty much makes WPA2 useless as a security measure until it's patched all around.
What makes it super dangerous/serious was that WPA2-AES was considered "Safe" for so long and that it's been proven to be safe mathematically that we treat it as a wired equivalent.
WPA2-AES is ubiquitous to WiFi and this vuln is is a fundamental break in the way WiFi is traditionally secured. Basically you can consider WiFi operating as "Open" and only relying on the encrypted data tunnels/streams (guess it was a good idea for MS to add encryption to SMB) to keep your data safe, but even that's compromised because someone can literally sit on your network now and just listen for the packets on these streams until they get enough info to break it. It's especially easier once they figure what those streams are carrying too. There's a bunch of theory on the latter and it's only been made to work a handful of times.
Either way it's not good, it's basically saying the locks (Heck the door) on your front doors do nothing now.
Deal Addict
Feb 29, 2012
2662 posts
1389 upvotes
Richmond
tkyoshi wrote:
Oct 16th, 2017 12:21 pm
https://www.engadget.com/2017/10/16/mic ... -wifi-fix/

Microsoft has already fixed the Vulnerability in Windows, patch to drop later today.
Google is also promising a fix for Android - which will of course be useless to most Android users because Google still hasn't managed to get their act together on putting out a standard updateable version of Android for all devices, something users should rightfully be annoyed about.
Deal Guru
User avatar
Feb 24, 2003
12162 posts
990 upvotes
Toronto
Damn, I hide my SSID but that is not of any use either :(
Deal Addict
User avatar
Sep 10, 2005
3104 posts
491 upvotes
GTA
audit13 wrote:
Oct 16th, 2017 1:17 pm
Damn, I hide my SSID but that is not of any use either :(
SSID hiding has never been of any use.

Anyway, looks like patches will come out slowly. Things that can be patched anyway. Lots of devices that will probably never be patched, like a good majority of Android or IoT devices.

Sounds like client side patches could be enough but best to patch both of course. I think meraki and ubiquiti have some out.
Deal Fanatic
Mar 6, 2005
5321 posts
574 upvotes
Faith24 wrote:
Oct 16th, 2017 1:11 pm

Google is also promising a fix for Android - which will of course be useless to most Android users because Google still hasn't managed to get their act together on putting out a standard updateable version of Android for all devices, something users should rightfully be annoyed about.
Indeed, the 3rd party situation is quite dismal. But yeah if you have a google device you will for sure get a patch in the coming weeks, no word from Apple yet though.
Dave98 wrote:
Oct 16th, 2017 1:22 pm
SSID hiding has never been of any use.

Anyway, looks like patches will come out slowly. Things that can be patched anyway. Lots of devices that will probably never be patched, like a good majority of Android or IoT devices.

Sounds like client side patches could be enough but best to patch both of course. I think meraki and ubiquiti have some out.
Indeed SSID was never meant to be hidden, it's not a security feature. Each wireless packet broadcast contains your SSID so it's trivial to get that, you're only making things harder for yourself by hiding it (as some devices don't work well with hidden SSIDs).
Deal Fanatic
User avatar
Mar 28, 2006
9439 posts
1296 upvotes
That's the problem, I don't know why Google never did anything about that. The patching/upgrade model of Android just doesn't work at all. It is sad but it's true that it is safer to use Windows workstation with automatic update enabled than an Android device.
Faith24 wrote:
Oct 16th, 2017 1:11 pm
Google is also promising a fix for Android - which will of course be useless to most Android users because Google still hasn't managed to get their act together on putting out a standard updateable version of Android for all devices, something users should rightfully be annoyed about.
Deal Guru
User avatar
Feb 24, 2003
12162 posts
990 upvotes
Toronto
Dave98 wrote:
Oct 16th, 2017 1:22 pm
SSID hiding has never been of any use.

Anyway, looks like patches will come out slowly. Things that can be patched anyway. Lots of devices that will probably never be patched, like a good majority of Android or IoT devices.

Sounds like client side patches could be enough but best to patch both of course. I think meraki and ubiquiti have some out.
I know hiding has never really been much use but I do whatever I can to prevent the noob and pro hacker.
Jr. Member
User avatar
Jun 18, 2017
195 posts
62 upvotes
Vancouver
Does the windows patch even matter? The impression I get is that this is mostly a router issue.
That's my name...
Deal Guru
User avatar
Dec 12, 2009
13095 posts
2956 upvotes
Toronto
audit13 wrote:
Oct 16th, 2017 1:17 pm
Damn, I hide my SSID but that is not of any use either :(
This could make you more vulnerable depending on whether you irritate the hacker looking to break into your system.

Top