Important Update on Recent Hack of Wireless


As many of you are now aware there was a rather dangerous hack released the other day ( CVE-2017-13077) that affects nearly all devices' utilization of the WPA/WPA2 wireless security protocol. The details of which can be read about here:

https://www.schneier.com/blog/archives/2017/10/new_krack_attac.html

Now before anyone panics I should point out a couple things:

1. A patch for this has been released already for the following distros:

    SEPIO OS
    Linux Mint
    Ubuntu
    Debian (and most distros based on Debian)
    opesource Android Lineage OS

Simply run your update manager (or sudo apt update && sudo apt upgrade in terminal) and you are good to go.

2. If you were following my advice and utilizing the WPA2-CCMP/AES version as opposed to WPS or TKIP the damage would have been far less.

3. There are currently no patches available for:

    Windows (I know, shocking)
    Mac OSX
    iOS
    Android
    non-Debian Linux (Suse, Fedora, Arch, etc)

If you are on one of these systems you need to:

- Use a wired connection if possible
- Use WPA2-CCMP (AES)
- Use a VPN (OpenVPN protocol with RSA-4096 DHE, AES-265 and SHA2+)
- Make sure you have HTTPS Everywhere enabled in your browser
- Ensure that TLS 1.2 is being utilized by your browser and the sites you visit.

There was also a hack discovered in Adobe Flash, which if you have been paying attention happens on a fairly regular basis. There are patches available for Linux, but frankly I would just disable it in your browser (or uninstall it completely) as it is a constant attack surface anymore.


Keep in mind that digital security is a dynamic sport and requires constant vigilance on our part.


I will post any relevant updates to this issue.....


** Update **

- Microsoft is claiming that they have addressed the issue. So take that for what it's worth.

- Apple states they will have a patch available in a few weeks.



 


Comments

Post a Comment

Popular posts from this blog

The Insecurity of "Push Notifications" and What to Do About It

Image
 By now it has been widely circulated that the US government (and their 5 Eyes friends) has been secretly snooping on phone user's messaging in the form of Push Notifications. Not only are they snooping, but they applied a legal gag order to Apple and Google to prevent them from alerting you the customer of this fact. What's that you say? You are using an end-to-end encrypted messenger such as Signal and therefore are safe from said intrusion? Not so fast... While there are indeed some well designed and audited secure chat apps out there, that is only part of the story. Most, if not all, messaging applications employ Push notifications as a way to let you know that someone just reached out to you, even if you didn't happen to have the corresponding application open at the moment. This is, of course, very convenient for the end user, but the problem lies in how this is facilitated on the back end. Apple and Google both employ proprietary servers that intercept a message head
Read more

Winter 2024 Courses (Updated FEB 29)

Image
  - Hard Target Traveler                Bozeman, MT                       JAN 13              $280 - Hard Target Traveler                CDA, Idaho                          FEB 17              $280 - GroundRod Level 1                   Kalispel, MT                        MAR 2-3           $475 - CQB/ Home Defense                 Midland,  TX                        TBD                  $800 - Gunfight Concepts                    N. Carolina                           MAR 22-24      $800 - Tactical Night Operations       N. Carolina                           MAR 25-27      $800 - GroundRod Level 1                  N. Carolina                            MAR 28-29      $475 - GroundRod Level 2                 N. Carolina                             MAR 30-31      $475 - GroundRod Level 4                  CDA, Idaho                           APR 12-14       $800 - Gunfight Concepts                   Three Forks, MT                   APR                 $800 - GroundRod Level 3               
Read more

GroundRod Level 1 in Missouri

Image
  We will be holding a GroundRod Level One tradecraft course in Hartville, MO June 15-16 2024. Course is $480 and seats will be limited. To register, you can visit the Store page and make a class deposit ($100) and then email us at comstugrp@protonmail.com to confirm, also feel free to email with any questions.
Read more