• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Severe flaw in WPA2 protocol

The last place I worked didn't use WPA or any other wifi encryption. The AP was open but you could only connect to their network via a VPN using IPsec.So you had to be on the domain and you also had to have a token. In my general experience businesses that are serious about their security have never trusted WEP, WPA etc.

They know that given those encryption schemes track records of being exploited. It's likely more exploitable flaws would be found. 🙂
 
Just keep in mind with this flaw ALL DEVICES NEED AN UPDATE[1]. Just updating your router doesn't do it (and may in fact not even need an update). For example if you're using an extender or client bridge you will need to patch (e.g. AP <-> AP). This is mainly a client side problem so make sure to grab the latest updates to your devices (phone, etc) when they become available.

It appears there are no ways to mitigate this. You can disable roaming and client services to maybe help a little but WPA on unpatched devices is fundamentally broken.

Here[2] is a link to a reddit thread documenting what has been patched (the subre. It appears as of writing Microsoft deployed the fix on patch Tuesday (10/10/17) and iOS has a fix in the latest betas.

[1] https://www.krackattacks.com/ (this is the original source)
[2] https://www.reddit.com/r/KRaCK/comments/76pjf8/krack_megathread_check_back_often_for_updated/
 
Last edited:
You must log in or register to reply here.

TRENDING THREADS

Back
Top