[Chugalug] Linux on KRACK

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

[Chugalug] Linux on KRACK

Chad Smith
So apparently, in the first time in the history of ever - Linux is *less* secure than Windows or Mac against this one specific kind of attack. (it involves WiFi networks.)



- Chad W. Smith

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Linux on KRACK

Sean Brewer
Unless folks on OS X, iOS, Windows, etc. install their most recent updates they're still vulnerable. 

On Mon, Oct 16, 2017 at 2:26 PM, Chad Smith <[hidden email]> wrote:
So apparently, in the first time in the history of ever - Linux is *less* secure than Windows or Mac against this one specific kind of attack. (it involves WiFi networks.)



- Chad W. Smith

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Linux on KRACK

Dave Brockman
On 10/17/2017 11:11 PM, Sean Brewer wrote:
> Unless folks on OS X, iOS, Windows, etc. install their most recent
> updates they're still vulnerable. 

OSX has not yet released patches to mainstream, only Beta.  Windows was
patched pre-release of the KRACK paper.  With that being said, there is
no way every WiFi device vulnerable will be patched.  I stand by my
previous statements that there is no such thing as secure wifi, and all
wireless networks should always be treated as hostile.

Regards,

dtb



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Linux on KRACK

Sean Brewer
Agreed. Use a VPN on all wireless networks you don't manage yourself.

On Wed, Oct 18, 2017 at 12:16 PM, Dave Brockman <[hidden email]> wrote:
On 10/17/2017 11:11 PM, Sean Brewer wrote:
> Unless folks on OS X, iOS, Windows, etc. install their most recent
> updates they're still vulnerable. 

OSX has not yet released patches to mainstream, only Beta.  Windows was
patched pre-release of the KRACK paper.  With that being said, there is
no way every WiFi device vulnerable will be patched.  I stand by my
previous statements that there is no such thing as secure wifi, and all
wireless networks should always be treated as hostile.

Regards,

dtb



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Linux on KRACK

Dan Lyke
On Wed, 18 Oct 2017 12:32:47 -0400
Sean Brewer <[hidden email]> wrote:
> Agreed. Use a VPN on all wireless networks you don't manage yourself.

Uh: Isn't the point of KRACK that even the ones you manage yourself are
vulnerable?

Best observation I saw, though: How many of those ESP8266 devices are
gonna get patched?

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Linux on KRACK

Dave Brockman
On 10/18/2017 2:15 PM, Dan Lyke wrote:
> On Wed, 18 Oct 2017 12:32:47 -0400
> Sean Brewer <[hidden email]> wrote:
>> Agreed. Use a VPN on all wireless networks you don't manage yourself.
>
> Uh: Isn't the point of KRACK that even the ones you manage yourself are
> vulnerable?

IPSEC on my LAN is a thing.

> Best observation I saw, though: How many of those ESP8266 devices are
> gonna get patched?

I suspect that number pales in comparison to the number of no longer
supported Netgear/Linksys/TPLink/Asus/DLink/etc Home routers that also
won't get patched.

Regards,

dtb


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Linux on KRACK

Sean Brewer
In reply to this post by Dan Lyke
Uh: Isn't the point of KRACK that even the ones you manage yourself are vulnerable?

Yeah, but you can at least control who/what connects to your network. From what I understand, KRACK affects the client more than anything.

How many of those ESP8266 devices are gonna get patched?

lol.

On Wed, Oct 18, 2017 at 2:15 PM, Dan Lyke <[hidden email]> wrote:
On Wed, 18 Oct 2017 12:32:47 -0400
Sean Brewer <[hidden email]> wrote:
> Agreed. Use a VPN on all wireless networks you don't manage yourself.

Uh: Isn't the point of KRACK that even the ones you manage yourself are
vulnerable?

Best observation I saw, though: How many of those ESP8266 devices are
gonna get patched?

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Linux on KRACK

Mike Harrison-4

> On Oct 18, 2017, at 6:13 PM, Sean Brewer <[hidden email]> wrote:
> > How many of those ESP8266 devices are gonna get patched?
>
> lol.

It is the Internet of Insecure Things.
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug