RIP 802.11, 1997-2017

[Linguica]

Whispers are going around that a bad WPA2 vulnerability is going to be revealed tomorrow morning that has the potential to make basically all wifi networks effectively unencrypted. So this thread is to remember the good times before we all had to revert to ethernet cables again. We had a good run ;_;

 

 

Edited October 16, 2017 by Linguica

[Nevander]

That feel when I'm still using ethernet cables because I am living in the 90s.

[Avoozl]

I am using ethernet anyway because my modem died and my ISP wasn't able to send me a free replacement.

[Remilia Scarlet]

I use ethernet anyway, wifi is too slow for my tastes.

[GarrettChan]

Oh god, should I go out and buy cables now?

[Wereknight]

sooooo... what possibly go wrong?

[SuperCupcakeTactics]

I already use Ethernet cabling anyway mostly since it's faster and more secure, according to my Dad anyway. Hopefully nothing bad happens still, since the Internet as a whole is quite precious to me :/

[EmotionalFelineinaMadstate]

Ah shit.

[Caffeine Freak]

Different hardware vendors are said to be expected to release patches soon. But the same source Linguica posted says it's a core protocol issue, so any patches at this point are workarounds at best, and that this may be a case of 'throw away your router and buy a new one.' Fucking great, that's just what I need.

 

WPA2 has been around for quite some time, has this vulnerability been there all along?

[Dravencour]

I primarily use ethernet for the same reasons as Cupcake -- ethernet isn't dependent upon your general area and cell reception.

[Teivman]

Is this everywhere or is it only in the U

Edited October 16, 2017 by MrD!zone

[boris]

It's been released.

 

https://www.krackattacks.com/

 

 

[UglyStru]

52 minutes ago, boris said:

It's been released.

 

https://www.krackattacks.com/

 

 

I feel like this has been known for a while. Not sure if this is truly the downfall of WPA2. 

[StevieWolfe]

This is nothing new.  Cracking into wifi has been simple as hell for ages.  WPA was never a secure thing lol.

[Quasar]

This weakness is specifically in WPA2 security and not the broad 802.11 standard, so saying "RIP" to it is really premature and definitely not called for - as the authors of this paper have stated, this can be resolved with patches for wireless clients and may not even require new routers or access points, and many of those are patchable via firmware updates where and if required.

[Remilia Scarlet]

After having a night to think about this, what I'm more concerned about is not my own wifi (my wife and I hardly ever use it), but the wifi being used by people like my mom and in-laws who aren't as skilled with computer-related technology.  Essentially, the weakest of the weakest links.

[fraggle]

1 hour ago, Quasar said:

This weakness is specifically in WPA2 security and not the broad 802.11 standard, so saying "RIP" to it is really premature and definitely not called for 

Speak for yourself. I for one am dropping off the internet entirely and going back to copying things between computers manually using floppy disks until this is all sorted out. You can never be certain which lines the Illuminati have tapped, even in your own home. See you all in a few months, folks!

[Caffeine Freak]

Microsoft already released a patch. This is one time I regret not having automatic updates turned on, but at least I'm getting the patch now. From what I'm reading, Linux operating systems and Android devices (which I also have, unfortunately) are among the hardest hit by this. 

 

https://www.pcworld.com/article/3233255/windows/krack-wi-fi-attacks-shouldnt-harm-updated-windows-pcs.html

[Jon]

Debian GNU/Linux patch was out ages ago

[Remilia Scarlet]

39 minutes ago, fraggle said:

Speak for yourself. I for one am dropping off the internet entirely and going back to copying things between computers manually using floppy disks until this is all sorted out. You can never be certain which lines the Illuminati have tapped, even in your own home. See you all in a few months, folks!

What, no IP over Avian Carrier?

[Da Werecat]

I literally switched back to cable yesterday, because my connection started acting up when using wi-fi. And I only switched to wi-fi because my connection started acting up when using cable and I didn't care enough to investigate at the time.

 

I'm that lazy.

[Linguica]

57 minutes ago, Jon said:

Debian GNU/Linux patch was out ages ago

I read that OpenBSD was apprised of the issue months ago and refused to sit on their patch and so the researchers have said that next time they just won't tell the OpenBSD people until the embargo is almost up, lol.

[leodoom85]

Not pressing F yet for the encryption?

[boris]

18 minutes ago, Linguica said:

I read that OpenBSD was apprised of the issue months ago and refused to sit on their patch and so the researchers have said that next time they just won't tell the OpenBSD people until the embargo is almost up, lol.

 

It's on the site in the FAQ:

 

Quote

 

Why did OpenBSD silently release a patch before the embargo?

OpenBSD was notified of the vulnerability on 15 July 2017, before CERT/CC was involved in the coordination. Quite quickly, Theo de Raadt replied and critiqued the tentative disclosure deadline: “In the open source world, if a person writes a diff and has to sit on it for a month, that is very discouraging”. Note that I wrote and included a suggested diff for OpenBSD already, and that at the time the tentative disclosure deadline was around the end of August. As a compromise, I allowed them to silently patch the vulnerability. In hindsight this was a bad decision, since others might rediscover the vulnerability by inspecting their silent patch. To avoid this problem in the future, OpenBSD will now receive vulnerability notifications closer to the end of an embargo.

 

 

[fraggle]

That's how security researchers call someone an asshole.

[Edward850]

8 minutes ago, Eric the Sandvich said:

I would use ethernet, but I don't own the router in my house! It's on the other side of the house, and I don't know any ethernet cable that extends to 15 meters.

... That's a pretty standard length for Ethernet cable. Most stores will sell that length in cat5e for like 20 bux.

[Nevander]

3 hours ago, YukiRaven said:

but the wifi being used by people like my mom and in-laws who aren't as skilled with computer-related technology.  Essentially, the weakest of the weakest links.

That is the single greatest problem with technology ever since the inception of computers. Truly a terrifying circumstance.

[leodoom85]

59 minutes ago, Eric the Sandvich said:

I would use ethernet, but I don't own the router in my house! It's on the other side of the house, and I don't know any ethernet cable that extends to 15 meters.

Fortunately, I know how to make a proper cable and put the RJ45 connectors with the proper tools....but thing is, the location of the router and my laptop is not ideal to connect such a cable. Too much obstacles to deal between both things.

[Remilia Scarlet]

14 minutes ago, Nevander said:

That is the single greatest problem with technology ever since the inception of computers. Truly a terrifying circumstance.

Well, it just makes sense.  People tend to always be the weakest link in any security system ("system" in a more abstract sense here), and the people who don't have the expertise are the weakest of the weak links.

 

11 minutes ago, leodoom85 said:

Fortunately, I know how to make a proper cable and put the RJ45 connectors with the proper tools....but thing is, the location of the router and my laptop is not ideal to connect such a cable. Too much obstacles to deal between both things.

I ended up running a cable through the floor from the basement, then through two walls in my mom's house just to wire up my bedroom.  It was well worth it in the end.

[leodoom85]

Just now, YukiRaven said:

I ended up running a cable through the floor from the basement, then through two walls in my mom's house just to wire up my bedroom.  It was well worth it in the end.

:D

Good job though. I guess that you had to use a drill to make those holes just to reach the destination. And yes, it has a satisfactory feeling for accomplishing that work.