On 2017-10-29, harry newton wrote:
How does this colloquial summary for my family look - in case you want to
send one to YOUR family?
========
People are asking what to do about the KRACK Attack vulnerability (note the
pleonasm), so I figured I'd let everyone know what it is & I figured I'd
give folks the opportunity to ask question if they're concerned.

The canonical site for the attack is written by the white hat who found it:
https://www.krackattacks.com/

Here's my ad-hoc summary, written with respect to what you and I need to
know & do.

1. In May, the white hat notified the government & vendors he found a bug
in all WPA WiFi (e.g., WPA2) where someone who is *close* enough to
intercept the signals can see everything you do.

No, whose interception point is close enough. Thus your wirelessly
connected fridge, which usually has attrocious security, could possibly
be used as an interception point for an attacker who is in Mongolia say.


2. It affects all WiFi but the worst affected is Android at or over version
6, macOS, Linux, and really fast (i.e., 802.11r fast roaming) routers set
up as repeaters (i.e., as a second router).

All wifi is susceptible, including Windows. The problem with Android and
Linux is they all use wpa_supplicant and it has a problem that, for
security, it zeros the password after using it. But that means that when
the replay occurs it uses that 0 password. Thus fixing wpa_supplicant
fixes the problem, and it has in principle been fixed. Of course one needs
to get that fixed version into the devices.


Far less affected are iPhones, WiFi iPads, WiFi iPods, older Android
devices, Windows computers, and normal routers (e.g., 802.11n or 802.11ac),
especially if they're set up as the main router (and not as a repeater).

The problem is a client side problem. But all of those devices are
susceptible to at least some version of Krack, and should not assumed to
be "far less affected". They are all affected. That they do not have the
"zero password" problem is irrelevant since they have other attack
vectors.


3. There is only one viable solution, which is to *update* your device
firmware or software, whether that be a mobile phone, a laptop, a desktop,
a router working as a repeater, or the main router.

Yes, for all of them, not just Linux and Android.


The order of priority should be:
a. If you have Android 6+, then you *should* update soon.
b. If you have MacOS or Linux, then you should update soon.
c. If you have an 802.11r router, then you should update soon.

If you have any wireless device you should update soon. I have no idea
why you are categorizing them.


You can take your sweet time on everything else, but everything needs to be
updated.

Why in the world would you say you can take your sweet time on them.
They are all vulnerable.



4. The problem, of course, is *how* to update each device.
a. First look for your device to see if there is an update
https://www.kb.cert.org/vuls/id/228519
b. Then try to find the update
http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/
c. Then update.

What a pain. Let me know if you have questions.

So, 4 is the only thing you really need to say. Of course how you are
going to update your fridge or your toaster is a bit obscure. Do you
really want a "owned" wifi device anywhere on your internal network?