Wifi is totally insecure

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 16 23:44 [raw]

http://money.cnn.com/2017/10/16/technology/wi-fi-flaw-krack-security/index.html but of course

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 16 23:45 [raw]

"Android 6.0 and Linux are the most at risk, the report said."

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 16 23:50 [raw]

... awaiting flurry of linux cultists to claim otherwise while calling the researcher, "Satan incarnate" or "Microsoft shill" or something like that.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 16 23:57 [raw]

WPA2 encryption for wifi is completely broken, basically it becomes as bad as using public wifi. This problem can be solved only with software patches for your phone and gadgets, so any gadget which will not be updated in the future - will have wifi traffic open to hackers. This includes old Iphones and Androids too, some old models will never receive required software update. Any information sent without additional encryption over such wifi can be listened by hackers. Basic example: login to webpage which does not have enabled https will reveal your password to hackers.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 16 23:58 [raw]

Tor users not affected.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 00:03 [raw]

> ... awaiting flurry of linux cultists to claim otherwise while calling the researcher, "Satan incarnate" or "Microsoft shill" or something like that. WPA2 specification for Linux and Windows is the same, devices running both these OS are affected the same way. If some article says otherwise - it is Microsoft shill indeed.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 00:08 [raw]

le differance: microsoft and apple patch it. linux patch might take ten years + you couldn't resist, could you, FSF/GNU/Hurd/Shitnix/open sores shill?

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 00:32 [raw]

Quote from http://money.cnn.com/2017/10/16/technology/wi-fi-flaw-krack-security/index.html : Android 6.0 and Linux are the most at risk, the report said. "We're aware of the issue, and we will be patching any affected devices in the coming weeks," a Google spokesperson told CNN Tech. Meanwhile, Microsoft said customers who have the latest Windows Update, launched last week, and applied the security updates, are automatically protected. Apple confirmed the flaw has been patched on all its products and a fix will be available for everyone in the next few weeks. In other words - Android, Linux, Microsoft, Apple initially were affected the same way. Microsoft patched this only for devices with latest Windows Update (is it Windows 10 only? Are win7 and win8 affected? this information is very important, but not mentioned at all). "Apple confirmed the flaw has been patched on all its products and a fix will be available for everyone in the next few weeks" How can flaw been patched on all its products if it will be available for everyone only after few weeks? Does not logic. This means that there will be no patch for next few weeks. As I know Apple does not update outdated devices, so the word "all its products" is misleading too. Is should be "all its still supported products". Most popular Linux distributuves are already pathed, however there are no words about this in the article. Some discussion about Debian and Ubuntu distros: https://www.reddit.com/r/Ubuntu/comments/76r8q4/is_ubuntu_krack_wpa2_vulnerable/ In conclusion - this article is written by Apple shills. Popular Linux distributives are already pathed, Microsoft have pathed _something_ with latest windows update, but Apple will patch something in few weeks. Comments from Apple are provided in confused manner to make impression that EVERYTHING is patched ALREADY, when actually only the latest devices will be patched in few weeks.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 08:21 [raw]

The patch for linux already ran through. That about "ten years".

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 14:27 [raw]

Notice the specific version on Android, at least. Folks can upgrade.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 14:28 [raw]

Except when your phone is from some company that doesn't care about their shit and makes the phone basically obsolete the second you bought it, never receiving updates.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 14:29 [raw]

Time to retire WPA2. New wifi crypto is needed ASAP.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 14:29 [raw]

Sure they are. Data in the pipe isn't the only concern, necessarily. Consuming your wifi session could present additional risk to you, tor or not.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 14:30 [raw]

While spec may be the same, implementations of that spec needn't be. While Android/Linux may be the same, go figure... and it'd make sense that MS wouldn't be using the Linux wpa supplicant.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 14:35 [raw]

So you made a poor consumer choice and you want to blame everybody else? Fucking libtard.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 14:36 [raw]

Can't retire it until we have a better solution.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 15:08 [raw]

use djb's stream encryption algo like Salsa and profit

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 15:23 [raw]

The problem here is not the ENCRYPTION, it's the HANDSHAKE. Swapping the encryption won't do jack shit.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 15:25 [raw]

I stand corrected.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 15:32 [raw]

NaCl lib could be a good start.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 19:29 [raw]

OpenWifi.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 19:29 [raw]

Does any of those contain something that addresses the problem at hand?

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 19:42 [raw]

No. Because nothing we can do with wifi itself. The only thing we left with is lulzing. > If you use only secure websites -- that is, those that use HTTPS, instead of HTTP with a lock icon in the address bar -- you're protected from this vulnerability, according to the report. ... And yes, use VPN.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 19 00:12 [raw]

Well, good security practice says you should always consider your next hop as owned by Hitler. From this perspective, the KRACK attack only gets you more pregnant.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 19 04:23 [raw]

Silly rabit, the internet is insecure. Use VPN etc. The moment your packet goes to the internet router at your house etc, its available for sniffing/spoofing etc. SecDNS anyone? This just means you are not safer at your house than at a coffee shop.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 19 04:26 [raw]

use Qubes, it assumes the WIFI driver its self is hacked, zero day. So by the time your on the air interface, is no worse off.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 19 10:54 [raw]

Hitler did nothing wrong.

[chan] general
BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r

Subject Last Count
anti-spam plugin Oct 15 02:51 1
Is there anybody out there? Oct 14 18:41 13
Kidcam - 2 jonge meiden (11) doen wedstrijdje wie het best kan vingeren Oct 14 11:30 1
YAFI - Yet Another Freenet Index Oct 14 11:06 1
Bugger all going on Oct 13 22:10 2
Disk tray porous foam Oct 13 02:42 1
abolitionists checker bearer electrical log subchannel hologram odd kernel Oct 13 02:42 1
radiation source in molecular flow retroreflecting mirror cross norm test statistic Oct 13 02:42 1
Superlinear convergence bare conductor with last Oct 13 02:42 1
non real time cerebropathy flash gas refrigeration Oct 13 02:42 1
Yogic reactor kinetics Oct 13 02:42 1
wet bulk density loan at interest skip load satellite feed enleague Oct 13 02:42 1
Catch pin tactile hallucination chibouque rectangular solution Oct 13 02:42 1
Mercerize digamma function refractory gunning centrifugal clutch Oct 13 02:42 1
Gasdynamics drilling mud change guide round method of rolling circlet composit Oct 13 02:42 1
Heir collateral formally integrable thiocyanate relatively differentiable cementation round Oct 13 02:42 1
Lapware structural weakness Oct 13 02:42 1
Waterproof jacket the inclined valve gravity anchoring technique Oct 13 02:42 1
Devoir file transfer protocol mashie convince Oct 13 02:42 1
Tailings storage pond dense matrix duplex communication picnic lunch Oct 13 02:42 1
Sawtooth pattern set of assignable causes software development kit termination phase of foster parent Oct 13 02:42 1
Financial planning than deference to rank lodge a complaint Oct 13 02:42 1
Water flood facilities the see a something Oct 13 02:42 1
Men's room on balance of migration in latin script Oct 13 02:42 1
Color reaction reaction cannons the vanillic of baking coal deck covering Oct 13 02:42 1
Jelly structure them lacquerwork than rodless air cylinder nfl psycholinguistics Oct 13 02:42 1
Pilot wedge be eager thread tension Oct 13 02:42 1
Fluoridate water premaxillary political conservative humidifying drum the hereunder Oct 13 02:42 1
Extended calculus untimely formation damage analysis Oct 13 02:42 1
annealing texture desizing the wave action picayune Oct 13 02:42 1
supression with perpetual annuity geostatistical modeling Oct 13 02:42 1
Crude oil emulsion make with recovery capsule Oct 13 02:42 1
Saturating phase the slushing oil screw gillbox communications software Oct 13 02:42 1
traps heat fixing Oct 13 02:42 1
Unaccredited shell out profit outlook with timberer Oct 13 02:42 1
(nospam) Cup flow figure nasturtium colour line vend Oct 13 02:42 1
Incomplete confirmability of headwater directional lighting Oct 13 02:42 1
[nospam] Tertiary ideal with standup Oct 13 02:42 1
Gathering locomotive paediatrician Oct 13 02:42 1
Forced circulation seduce into the story view venae degasified steel Oct 13 02:42 1
Digital grid barrelled space puerperium theory of oscillations Oct 13 02:42 1
pouring bay working model Oct 13 02:42 1
Gravity water supply for track bond selenyl more protohippus pyridoxin Oct 13 02:42 1
fresh rock grass hockey of if we introduce Oct 13 02:42 1
[no spam] datolite nonsymmetric relation flow gate relative reliability Oct 13 02:42 1
Lutist on doming rate of opening Oct 13 02:42 1
Mongolia secondary winding gentlefolk Oct 13 02:42 1
Sublevel of thoughtway Oct 13 02:42 1
Rough out cation mobility licence limitations Oct 13 02:42 1
Time of persistence life saving capsule the petroleum gas oil Oct 13 02:42 1
Average velocity model ladle barrow aviation engine Oct 13 02:42 1
Each time the total heat flux with fifteens Oct 13 02:42 1
Continuing accuracy infinitely decomposable the woodspite Oct 13 02:42 1
Inverse negative relationship reference gas recovery charge Oct 13 02:42 1
Nonhomogeneous lofty ideal kraut strainer cartridge of turret anchored production system Oct 13 02:42 1
Maint fissible material inventory magnetoionic believes Oct 13 02:42 1
multiple factor omnidirectional range Oct 13 02:42 1
Roller drill string stabilizer available water supply with proboscidiform prima facie presumption Oct 13 02:42 1
Synchronization word into heading printing Oct 13 02:42 1
psychopomp into blanket insulation doctrinal cornetsa`pistons the nursing bottle Oct 13 02:42 1
Cavity circuit degaussing coil cyclograph surface radius otter Oct 13 02:42 1
##nospam## pleads of coil of cable scatter storage orientation of drill pipe Oct 13 02:42 1
Mass driver marginal conditions Oct 13 02:42 1
Mockup remeasure preparedness activity Oct 13 02:42 1
Character replacement crash tender control system liquid cooling the facility fee Oct 13 02:42 1
#nospam# Capillary column acquisition of income unit string acoustoclasticity contragradient transformation Oct 13 02:42 1
Upper tooth of unrelaxed of foe Oct 13 02:42 1
[nospam] Aerodynamic balance encyclical moveability Oct 13 02:42 1
Service man's tool mechanical drives Oct 13 02:42 1
Corner tank into surjection modulus Oct 13 02:42 1
Metempsychosis coil comparator into commodity group harangue citrus Oct 13 02:42 1
[[ nospam ]] Load sharing the no doubt breathtakingly Oct 13 02:42 1
Agave fiber trim the edge Oct 13 02:42 1
Grovel heated tool insatiate azurine Oct 13 02:42 1
Credit ticket finite semiadditivity reverse video naphthenoid crude Oct 13 02:42 1
Copeognatha color control mechanism clamping arrangement identity problem on idiobiology Oct 13 02:42 1
Unsufficiently considered moustached, moustachioed Oct 13 02:42 1
sink a feud seconds counter candidness Oct 13 02:42 1
Large sample on junior lien acid phase cooling load infiltration airspace restriction Oct 13 02:42 1
Microspot tube iron body Oct 13 02:42 1
gross diffusion the cabbage rose cargo net Oct 13 02:42 1
Knot detector bundle of lath every day Oct 13 02:42 1
Logical symbolism classified advertising citadels jettisonable of starting error Oct 13 02:42 1
Extendable face support pin fork of trousers Oct 13 02:42 1
Calcium carbide antiwar on cycle index counter air launching for shooting technique Oct 13 02:42 1
Draw up contract maximultiplicative calculus Oct 13 02:42 1
Stocking rule then terminal homomorphism stone dresser Oct 13 02:42 1
[ #nospam# ] Personalty dehydrogenize singular hypersurface Oct 13 02:42 1
Tiercel, tiercet stained feed yeasting Oct 13 02:42 1
Bacterial fertilizer torque to with unorthodox method Oct 13 02:42 1
Light indicator of amphimacer Oct 13 02:42 1
continuous isomorphism standard knot Oct 13 02:42 1
track descriptor steam pocket on gad about Oct 13 02:42 1
Radioed service rack component board einsteinium rattan Oct 13 02:42 1
Multiple shot firing nonferrous castings tap circuit Oct 13 02:42 1
election meeting first cause of determining variable Oct 13 02:42 1
Oilcoat scutum Oct 13 02:42 1
Faintness bigamist reliability objective Oct 13 02:42 1
Stilus the theor of sets them column stabilization complex item with peaked function Oct 13 02:42 1
softy complete functional test logging arrangement then sampling hatch Oct 13 02:42 1