RIP 802.11, 1997-2017

[therektafire]

Crap, I thought this would be about how to get free wifi on WPA2 networks by cracking the password on linux and android devices, not intercepting peoples data :( Oh well, my family does not have wifi at home so it doesn't really effect us that much...

[hobomaster22]

I wrapped my router and ethernet cables in tinfoil. I also made tinfoil hats for my cats. Does this protect me from the vulnerability?

[Kirby]

Ahhhhhh fuck me, where's the foil I need it

 

There is utterly no efficient way I can work ethernet cables in my apartment. FAAAAAAAAAAAAAAACK

Edited October 17, 2017 by Kirby

[Jello]

I thought you could already do this by taking a butterfly net and trapping the packets as they float through the air.

[Buckshot]

Just go out and buy 2gbps ethernet-over-power (EOP) line adapters for your wall outlets if you don't have cable that reaches all over.

 

They're amazing, cheap, and work nearly as perfect as Ethernet cable itself.

 

You'll never get the full 2gbps, but I get a steady 900mbps (which is 600mbps faster than my internet connection anyway)  from my upstairs room we're my router is to my main floor where my tv/game consoles are. No buffering, no latency like wifi. Just converts the Ethernet signal through your power lines in your house. 

 

There's cheaper ones available, but this is the one I use. Can just add more to any outlet in your house wherever you need an Ethernet connection. Can even plug switches into them if you need more ports in the immediate area (did this with my game consoles and tv). They take like 30 seconds to plug in.. autodetect each other, and that's it.

 

 

Generally, expect 3/4 to 1/2 the performance advertised... If you buy a 2gbps model, you'll get about 1gbps, if you buy a 1200gbps model... You'll get about 600mbps, if you buy a 500mbps model, you'll get about 250mbps. Line quality of your wiring in your house makes a slight difference, but not much. My sister has a 70 year old home... They still get about 900mbps on a 2gbps model.

 

 

D-Link Powerline AV2 2000 Gigabit Passthrough Starter Kit (DHP-P701AV) https://www.amazon.com/dp/B00PVD4318/ref=cm_sw_r_cp_apap_qonfnuDOEQTpX

 

[Reisal]

Desktops use ethernet so I'm fine. Only phones and mobile devices use wireless.

[Tristan]

As a desktop user on wifi, I have to object to that.

[leodoom85]

56 minutes ago, Eris Falling said:

As a desktop user on wifi, I have to object to that.

Those PCI wifi adapters are quite cheap and good...

[Misty]

Sadly, my room mates and family won't understand this issue and I don't have much chance to tell them in proper understandable, simplified language and use cables for internet. 

[leodoom85]

7 minutes ago, Myst.Haruko said:

Sadly, my room mates and family won't understand this issue and I don't have much chance to tell them in proper understandable, simplified language and use cables for internet. 

Because they don't have the knowledge to understand that, which is normal.

[fraggle]

15 minutes ago, Myst.Haruko said:

Sadly, my room mates and family won't understand this issue and I don't have much chance to tell them in proper understandable, simplified language and use cables for internet. 

Quite honestly they don't need to switch to using cables. I don't think this issue is anywhere near as big a deal as some people seem to think. For example, the website says this:

 

Quote

 

Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.

 

This is only true if you're accessing email without encryption, or are using unencrypted (non-HTTPS) websites for chat, photos or buying stuff (credit card numbers? really?). I believe recent versions of Chrome even pop up a huge warning if you try to submit a form with a password field that submits to unencrypted HTTP.

 

There was a time when protecting the security of your wifi network was much more important, that time has mostly passed. While it's still good to have, your online safety is no longer dependent on keeping malicious people out of your network. If it was we'd have an endemic problem with people getting hacked after using their laptops at Starbucks.

 

It's worth remembering that this requires physical proximity to your network to work. Probably nobody is parking a van outside your house to hack into your home wifi network. The biggest risk is probably to businesses who will be vulnerable to network intrusions. I suspect we'll see a few things in the news about businesses being hacked, having confidential data stolen etc. - but once the software patches are in place these should die down pretty quickly.

[Maisth]

gg

[Nevander]

Times like these I'm glad I live in a relatively isolated area of my state. I don't think anyone is interested in my extensive Doom media and file collection and literally no personal data stored on my PC anyway. My PC doesn't even support wireless connections! So they'd see my phone but then again I'm rarely on Wi-Fi, I usually use the network unless I plan to use my phone to do heavy stuff.

 

Is there a way to reduce the range of a Wi-Fi network? I can connect all the way at the end of my driveway... but I want it to only reach the front door.

[Remilia Scarlet]

 

[RedDash16]

I'm on all WiFi, bleh.

[Quasar]

9 hours ago, fraggle said:

This is only true if you're accessing email without encryption, or are using unencrypted (non-HTTPS) websites for chat, photos or buying stuff (credit card numbers? really?). I believe recent versions of Chrome even pop up a huge warning if you try to submit a form with a password field that submits to unencrypted HTTP.

Problem being an increasing number of people do these things on their phones and not in a browser, and many many many apps are being found - including ones explicitly for banking - that are leaking sensitive information into unencrypted channels - hardcoded http:// links inside the app with plaintext POST parameters being one such sin observed widely in the wild now, and other out-of-band issues with the same apps that don't even require attacking the app itself - just the phone it runs on. Several apps were found to expose any sensitive information that was on screen at the time they suffer a crash by dumping the entire displayed page of HTML into the crash log, form fields and all, with no obfuscation or encryption.

 

So I'd say you cannot be too safe either way. You might think you're being secure when you're actually not.

[Chronohunter45]

Wait, I'm confused...

 

How does this effect RADIUS setups? Is the vulnerability specific to WPA2 AES personal? Or enterprise with handshakes and PKI? I read that this was only relevant to your basic ISP modem with built in wifi...

 

Did more come of this?

[Jon]

4 hours ago, Chronohunter45 said:

Wait, I'm confused...

 

How does this effect RADIUS setups? Is the vulnerability specific to WPA2 AES personal? Or enterprise with handshakes and PKI? I read that this was only relevant to your basic ISP modem with built in wifi...

 

Did more come of this?

 

I haven't read the technical stuff directly, only chewed-up journo interpretations of ti but I think it's the WPA2 personal (pre-shared key) that is affected,  there is a family of vulnerabilities and some apply to WPA2 Enterprise but not all so the impact there is less severe.

[Graf Zahl]

9 hours ago, Quasar said:

Problem being an increasing number of people do these things on their phones and not in a browser, and many many many apps are being found - including ones explicitly for banking - that are leaking sensitive information into unencrypted channels - hardcoded http:// links inside the app with plaintext POST parameters being one such sin observed widely in the wild now, and other out-of-band issues with the same apps that don't even require attacking the app itself - just the phone it runs on. Several apps were found to expose any sensitive information that was on screen at the time they suffer a crash by dumping the entire displayed page of HTML into the crash log, form fields and all, with no obfuscation or encryption.

 

 

This and my personal experiences as an app developer made me discontinue using any kind of app entirely a long time ago. It is utterly unbelievable how much data these things are leaking into the internet, and if anyone can net that off people will be in deep trouble.

 

Using a smartphone is fine, but I restrict myself to the web browser - especially for sensitive tasks.

 

[geo]

On 10/16/2017 at 0:18 PM, StevieCybernetik said:

This is nothing new.  Cracking into wifi has been simple as hell for ages.  WPA was never a secure thing lol.

I remember a guy at work showing me how its done back in 99 or 2000 (maybe later). I was wired up until 3 years ago. Now I just don't care.

[printz]

On 17.10.2017 at 7:05 PM, fraggle said:

It's worth remembering that this requires physical proximity to your network to work. Probably nobody is parking a van outside your house to hack into your home wifi network.

Well you can still have bored neighbours who live below you and try to see what you're doing on the internet. I see lots of weirdly named wi-fi access points in my area, what if some of them belong to hackers?

 

Luckily mobile data is becoming cheap and fast, so my phone can just stay out of wi-fi. Unluckily, I still need wi-fi to power the internet connection of non-phone portable devices.

[カイ・Kai]

56K modems people...

[Vorpal]

On 10/17/2017 at 3:10 PM, Nevander said:

Is there a way to reduce the range of a Wi-Fi network? I can connect all the way at the end of my driveway... but I want it to only reach the front door.

 

Yes but the "how" varies from one router model to the next and will likely need consultation with the dreaded user manual. Usually it'll have something to do with "Levels" or "Power" or "Transmission".

 

Orientation of the device also affects the shape of your signal coverage.

[notjimmyboigreez]

On 22/10/2017 at 0:00 AM, Bob Saget said:

56K modems people...

128 dual isdn people...