WPA2 situation

[tsu2]

The openSUSE Security Alert is here: <https://lists.opensuse.org/opensuse-.../msg00024.html> -- "openSUSE-SU-2017:2755-1: important: Security update for wpa_supplicant".

The SUSE Security Alert is here: <https://www.suse.com/de-de/support/u...su-20172752-1/> -- "SUSE-SU-2017:2752-1 Security update for wpa_supplicant".

There is a German language list (being continually updated) of manufacturer comments and updates here: <https://www.heise.de/security/meldun...n-3863455.html>.

• The URLs in the manufacturer list point mostly to English language information.
• At least one exception is AVM (FRITZ!Box) but, English language notes are available -- for example for the FRITZ!WLAN Repeater 1750E: <http://ftp.avm.de/fritz.box/fritz.wl...lisch/info.txt>

Based on the openSUSE Security Alert referenced,
I stand corrected that if a patched openSUSE station connects to an unpatched AP, the patched client should prevent the unpatched AP from being exploited, at least for sessions from patched openSUSE only.

But, this is probably something that others will take a close look at into the future, it sounds like a "best effort" action to minimize the AP vulnerabilities which may be specific to current published exploit methods, and could be vulnerable to inventive alternate methods.

TSU

[dcurtisfra]

if a patched openSUSE station connects to an unpatched AP, the patched client should prevent the unpatched AP from being exploited, at least for sessions from patched openSUSE only.

But, this is probably something that others will take a close look at into the future, it sounds like a "best effort" action to minimize the AP vulnerabilities which may be specific to current published exploit methods, and could be vulnerable to inventive alternate methods.

For the case of my DSL Router and WiFi Access Point, the statements from the AVM folks in Berlin are either soothing or worrying -- depending on your point-of-view: <https://en.avm.de/service/current-se...notifications/>.
The AVM folks also point to a WiFi Alliance statement here: <https://www.wi-fi.org/news-events/ne...ecurity-update>.

[tsu2]

Slightly off-topic, but my strong recommendation for anyone who is in any way interested in the general events when a business is hacked, is to watch at least the first half season of tSeason 1 of "Mr. Robot" on the USA channel. I consider this almost a "must see" for anyone who is responsible for computing security, regardless if your personal skills are on the technical computing end or the non-technical Business end.

Unlike other Computer hacking films and shows, depictions of the sequence of what happens and the whole psychology of when a business finds itself unexpectedly compromised is at a very high level of realism including common exploit tools, reconnaissance, depositing malware payload and more. Slo-mo your DVR for highly detailed commands if you wish, they're real.

And, for the entire series there is a very high level of other hacking methods, depicting a variety of ways networks are exploitable.

There's a lot there for everyone at every level from technical illiterates to highly seasoned hackers already familiar with offensive hacking.

As for whether the overall plot arcs are realistic...
The main arc of world-wide destruction is a bit fanciful, but only in the scope. Scale the "The End of the World" down a bit, the lessons are pretty exacting at business or industry levels, almost a blueprint for what could become reality.

the other stuff like the psychological plot twist... Hum.

A couple weeks ago, "Mr. Robot" began Season 3.
An interview with the show's technical creators
http://thehill.com/policy/cybersecur...yan-kazanciyan

TSU