cancel
Showing results for 
Search instead for 
Did you mean: 
smf22
Recognised Expert
6,118 Views
Message 11 of 39

Re: WPA2 security flaw

If HTTPS, TLS etc., are not secure then I'm more concerned about that than the WPA2 vulnerability. HTTPS provides end-to-end security and encryption, and if that's broken I care more about that than the encryption between my device and the AP to which it's associated.

 

Personally I think that's a rather stupid statement from the researchers.

 

0 Ratings
Brandscill
Aspiring Expert
6,110 Views
Message 12 of 39

Re: WPA2 security flaw


@smf22 wrote:

If HTTPS, TLS etc., are not secure then I'm more concerned about that than the WPA2 vulnerability. HTTPS provides end-to-end security and encryption, and if that's broken I care more about that than the encryption between my device and the AP to which it's associated.

 

Personally I think that's a rather stupid statement from the researchers.

 


In fairness, they do link to proven research and existing news stories.

 

https://arxiv.org/ftp/arxiv/papers/1505/1505.00589.pdf

 

https://pdfs.semanticscholar.org/48fc/8f1aa0b6d1e4266b8017820ff8770fb67b6f.pdf

 

https://arstechnica.com/information-technology/2015/04/android-apps-still-suffer-game-over-https-def...

0 Ratings
smf22
Recognised Expert
6,101 Views
Message 13 of 39

Re: WPA2 security flaw


@Brandscill wrote:

@smf22 wrote:

If HTTPS, TLS etc., are not secure then I'm more concerned about that than the WPA2 vulnerability. HTTPS provides end-to-end security and encryption, and if that's broken I care more about that than the encryption between my device and the AP to which it's associated.

 

Personally I think that's a rather stupid statement from the researchers.

 


In fairness, they do link to proven research and existing news stories.

 

https://arxiv.org/ftp/arxiv/papers/1505/1505.00589.pdf

 

https://pdfs.semanticscholar.org/48fc/8f1aa0b6d1e4266b8017820ff8770fb67b6f.pdf

 

https://arstechnica.com/information-technology/2015/04/android-apps-still-suffer-game-over-https-def...


Look at the dates of the research in those links... anything between 2012 and 2015. Not exactly current.

Brandscill
Aspiring Expert
6,096 Views
Message 14 of 39

Re: WPA2 security flaw


@smf22 wrote:

@Brandscill wrote:

@smf22 wrote:

If HTTPS, TLS etc., are not secure then I'm more concerned about that than the WPA2 vulnerability. HTTPS provides end-to-end security and encryption, and if that's broken I care more about that than the encryption between my device and the AP to which it's associated.

 

Personally I think that's a rather stupid statement from the researchers.

 


In fairness, they do link to proven research and existing news stories.

 

https://arxiv.org/ftp/arxiv/papers/1505/1505.00589.pdf

 

https://pdfs.semanticscholar.org/48fc/8f1aa0b6d1e4266b8017820ff8770fb67b6f.pdf

 

https://arstechnica.com/information-technology/2015/04/android-apps-still-suffer-game-over-https-def...


Look at the dates of the research in those links... anything between 2012 and 2015. Not exactly current.



Not here to argue it's relevance. Just highlighting the research done on the matter and referenced.

If it's not valid then I am sure when peer reviewed it will be highlighted.

0 Ratings
Jonkarra
Expert
5,986 Views
Message 15 of 39

Re: WPA2 security flaw

The problem is this hack targets the protocol itself, some vendors might find ways to limit exposure but that is likely to compromise interoperability. The fix for this will take some time unfortunately. Please bear in mind that this attack is limited to your local area and running anything which requires confidentiality even over a wired network should be via an encrypted protocol. 

 

Best thing you can do is as others have suggested consider running over a VPN but also make sure you verify secure websites that the padlock icon is showing the connection as fully encryped. if you are reusing password credentials across multiple sites you really should stop anyway, and doubly so if the site you are using does not fully support encryption. As always if in doubt stop!

0 Ratings
5,889 Views
Message 16 of 39

Re: WPA2 security flaw

Just been onto Bt online help who told me it would take 2 weeks to organise a patch! I find that totally unbelievable and unacceptable. We need a patch for this straightaway. Apparently some companies have already updated. Should be an interesting 14 days for us Bt customers then.

 

0 Ratings
Distinguished Sage
Distinguished Sage
5,879 Views
Message 17 of 39

Re: WPA2 security flaw

I'd be very surprised if the first line Customer Service have had any information regarding this let alone when/if a patch is being supplied.

0 Ratings
Bill_Cumming
Contributor
5,811 Views
Message 18 of 39

Re: WPA2 security flaw

Patches take time to produce and test!

Windows and Linux systems already have a patch out. (Updated my Linux box a few hours ago)

Android and Apple devices will take a couple of weeks as well .

As for routers. Netgear have a patch for *some* of ther devices and others will be rolled out on the coming weeks. Other makers are somewhere between "got a patch about to roll out" and "well have one in a few weeks or so."

BT will have to wait to test any patch to make sure it does not cause more problems than it solves in their devices...

0 Ratings
hin-lee-home
Beginner
5,899 Views
Message 19 of 39

Patch for Krack

Hello,

 

Could you please provide information when my BT Homehub will be patched for Krack? http://home.bt.com/tech-gadgets/tech-news/wi-fi-networks-around-the-world-at-risk-from-hackers-thank...

 

Thanks,

Hin

Tags (1)
0 Ratings
Brandscill
Aspiring Expert
5,761 Views
Message 20 of 39

Re: WPA2 security flaw

Do any home hubs support 802.11r? If not they might not even be vunreable. 

 

I am more expectant of Apple to release their current betas to the public so I can patch all my devices. Luckily Windows PC is hardwired. 

0 Ratings