Important Update on Recent Hack of Wireless


As many of you are now aware there was a rather dangerous hack released the other day ( CVE-2017-13077) that affects nearly all devices' utilization of the WPA/WPA2 wireless security protocol. The details of which can be read about here:

https://www.schneier.com/blog/archives/2017/10/new_krack_attac.html

Now before anyone panics I should point out a couple things:

1. A patch for this has been released already for the following distros:

    SEPIO OS
    Linux Mint
    Ubuntu
    Debian (and most distros based on Debian)
    opesource Android Lineage OS

Simply run your update manager (or sudo apt update && sudo apt upgrade in terminal) and you are good to go.

2. If you were following my advice and utilizing the WPA2-CCMP/AES version as opposed to WPS or TKIP the damage would have been far less.

3. There are currently no patches available for:

    Windows (I know, shocking)
    Mac OSX
    iOS
    Android
    non-Debian Linux (Suse, Fedora, Arch, etc)

If you are on one of these systems you need to:

- Use a wired connection if possible
- Use WPA2-CCMP (AES)
- Use a VPN (OpenVPN protocol with RSA-4096 DHE, AES-265 and SHA2+)
- Make sure you have HTTPS Everywhere enabled in your browser
- Ensure that TLS 1.2 is being utilized by your browser and the sites you visit.

There was also a hack discovered in Adobe Flash, which if you have been paying attention happens on a fairly regular basis. There are patches available for Linux, but frankly I would just disable it in your browser (or uninstall it completely) as it is a constant attack surface anymore.


Keep in mind that digital security is a dynamic sport and requires constant vigilance on our part.


I will post any relevant updates to this issue.....


** Update **

- Microsoft is claiming that they have addressed the issue. So take that for what it's worth.

- Apple states they will have a patch available in a few weeks.



 


Comments

Popular posts from this blog

Upcoming Courses Summer/Fall 2023 *Updated*

Become More Dangerous...

The Insecurity of "Push Notifications" and What to Do About It