Thread: Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet?
View Single Post
  #27   Report Post  
Posted to alt.comp.os.windows-10,alt.os.linux,sci.electronics.repair
David_B David_B is offline
external usenet poster
  
Posts: 80
Default Did you update your router for the WPA2/PSK KRACK nonce re-useattack yet?
On 17-Oct-17 1:17 AM, harry newton wrote:
He who is harry newton said on Mon, 16 Oct 2017 22:03:42 +-0000 (UTC):

Thanks for explaining that as this nonce stuff has certain unexpected
nuances.

Here's every patch for KRACK Wi-Fi vulnerability available right now
http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/


Apple: The iPhone and iPad maker confirmed to sister-site CNET that fixes
for iOS, macOS, watchOS and tvOS are in beta, and will be rolling it out in
a software update in a few weeks.

MORE SECURITY NEWS

WPA2 security flaw puts almost every Wi-Fi device at risk of hijack,
eavesdropping
Homeland Security orders federal agencies to start encrypting sites, emails
+IAs-OnePlus dials back data collection after users protest
These fake tax documents spread jRAT malware
Arris: a spokesperson said the company is "committed to the security of our
devices and safeguarding the millions of subscribers who use them," and is
"evaluating" its portfolio. The company did not say when it will release
any patches.

Aruba: Aruba has been quick off the mark with a security advisory and
patches available for download for ArubaOS, Aruba Instant, Clarity Engine
and other software impacted by the bug.

AVM: This company may not be taking the issue seriously enough, as due to
its "limited attack vector," despite being aware of the issue, will not be
issuing security fixes "unless necessary."

Cisco: The company is currently investigating exactly which products are
impacted by KRACK, but says that "multiple Cisco wireless products are
affected by these vulnerabilities."

"Cisco is aware of the industry-wide vulnerabilities affecting Wi-Fi
Protected Access protocol standards," a Cisco spokesperson told ZDNet.
"When issues such as this arise, we put the security of our customers first
and ensure they have the information they need to best protect their
networks. Cisco PSIRT has issued a security advisory to provide relevant
detail about the issue, noting which Cisco products may be affected and
subsequently may require customer attention.

"Fixes are already available for select Cisco products, and we will
continue publishing additional software fixes for affected products as they
become available," the spokesperson said.

In other words, some patches are available, but others are pending the
investigation.

Espressif Systems: The Chinese vendor has begun patching its chipsets,
namely ESP-IDF and ESP8266 versions, with Arduino ESP32 next on the cards
for a fix.

Fortinet: At the time of writing there was no official advisory, but based
on Fortinet's support forum, it appears that FortiAP 5.6.1 is no longer
vulnerable to most of the CVEs linked to the attack, but the latest branch,
5.4.3, may still be impacted. Firmware updates are expected.

FreeBSD Project: There is no official response at the time of writing.

Google: Google told sister-site CNET that the company is "aware of the
issue, and we will be patching any affected devices in the coming weeks."

HostAP: The Linux driver provider has issued several patches in response to
the disclosure.

Intel: Intel has released a security advisory listing updated Wi-Fi drives
and patches for affected chipsets, as well as Intel Active Management
Technology, which is used by system manufacturers.

Linux: As noted on Charged, a patch is a patch is already available and
Debian builds can patch now, while OpenBSD was fixed back in July.

Netgear: Netgear has released fixes for some router hardware. The full list
can be found here.

Microsoft: While Windows machines are generally considered safe, the
Redmond giant isn't taking any chances and has released a security fix
available through automatic updates.

MikroTik: The vendor has already released patches that fix the
vulnerabilities.

OpenBSD: Patches are now available. (The *******s allowed a diff to be
performed by the bad guys!)

Ubiquiti Networks: A new firmware release, version 3.9.3.7537, protects
users against the attack.

Wi-Fi Alliance: The group is offering a tool to detect KRACK for members
and requires testing for the bug for new members.

Wi-Fi Standard: A fix is available for vendors but not directly for end
users.

At the time of writing, neither Toshiba and Samsung responded to our
requests for comment. If that changes, we will update the story.

Thanks, Harry.

Have you read/watched here?
http://www.techrepublic.com/article/...-whos-at-risk/

--
David B.
Reply With QuoteReply With Quote