Important Update on Recent Hack of Wireless
As many of you are now aware there was a rather dangerous hack released the other day ( CVE-2017-13077) that affects nearly all devices' utilization of the WPA/WPA2 wireless security protocol. The details of which can be read about here:
Now before anyone panics I should point out a couple things:
1. A patch for this has been released already for the following distros:
Debian (and most distros based on Debian)
opesource Android Lineage OS
Simply run your update manager (or sudo apt update && sudo apt upgrade in terminal) and you are good to go.
2. If you were following my advice and utilizing the WPA2-CCMP/AES version as opposed to WPS or TKIP the damage would have been far less.
3. There are currently no patches available for:
Windows (I know, shocking)
non-Debian Linux (Suse, Fedora, Arch, etc)
If you are on one of these systems you need to:
- Use a wired connection if possible
- Use WPA2-CCMP (AES)
- Use a VPN (OpenVPN protocol with RSA-4096 DHE, AES-265 and SHA2+)
- Make sure you have HTTPS Everywhere enabled in your browser
- Ensure that TLS 1.2 is being utilized by your browser and the sites you visit.
There was also a hack discovered in Adobe Flash, which if you have been paying attention happens on a fairly regular basis. There are patches available for Linux, but frankly I would just disable it in your browser (or uninstall it completely) as it is a constant attack surface anymore.
Keep in mind that digital security is a dynamic sport and requires constant vigilance on our part.
I will post any relevant updates to this issue.....
** Update **
- Microsoft is claiming that they have addressed the issue. So take that for what it's worth.
- Apple states they will have a patch available in a few weeks.