Your missing more of the problem. Its PoS devices at retail and client side I-ot thats the worst issue. Smart devices. Your smart garage door opener your home wifi cameras, plugs door locks. Any that don't get updated that can entitle a smart crook to compromise your premises quite easily. It takes staking out the house to another level.ES_Revenge wrote: ↑Oct 21st, 2017 7:15 pmThat's it in a nutshell and the reality is even if you're susceptible to this vulnerability the chances of you actually getting hacked in this fashion is really very very small. The only people that will be putting anything into the landfills over this are tin foil hatters (of which we know there are many on RFD but in the real world there are very few).
Think about how many people have WPS enabled on their routers given:
1. It is still enabled by default on many of these devices even long after it's a known rather gaping security hole?
2. Most people don't understand how big a security flaw WPS is and they actually foolishly think it's just some easy way to connect devices and use it in that fashion?
And WPS basically lets any real hacker into your network with a degree of ease given how long it's been known about and how many people have it enabled as described above.
As for KRQACK and hosting cp servers (I'm guessing that means child porn servers?) not sure this is really an avenue for that. KRACK allows wireless traffic to be intercepted, it doesn't allow access to your network, right? For that, the WPS avenue would be much more straightforward and effective. KRACK on the other hand would be better for stealing information like internet passwords and the like (e.g identity theft) instead of gaining control over your network. And who is really accessing things like banking, finances, critical identity stuff over their standalone devices like Android boxes, Rokus, etc? On their phones yes but then I've always thought this a bad idea personally and do all that on my laptop, though granted I don't even ever use wifi on my phone (I'm always on mobile data).
Bottom line is "hackers gonna hack" and unless you want to be known for wearing foil hats of various designs, you've probably got multiple "security issues" in the way you use computers and devices daily. Sure do what you can to minimise these, but there's really no reason to go overboard.
The list goes on this is a big problem and will be around for years because its installed everywhere I bet we will see very cheap unupdated stock being unloaded real soon. Basically it can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on. its unknown the full extent of what could be done. The full extent will come come down to hacker creativity.which no one knows. Thats why fixing both client and backend is so crucial, no weak link in the chain.
The United States Computer Emergency Readiness Team (Cert) issued a warning in response to the vulnerability.
“The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection and others,” the alert says, detailing a number of potential attacks. It adds that, since the vulnerability is in the protocol itself, rather than any specific device or software, “most or all correct implementations of the standard will be affected”