Page 4 of 4 FirstFirst ... 234
Results 31 to 33 of 33

Thread: WPA2 situation

  1. #31
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: WPA2 situation

    Quote Originally Posted by dcurtisfra View Post
    The openSUSE Security Alert is here: <https://lists.opensuse.org/opensuse-.../msg00024.html> -- "openSUSE-SU-2017:2755-1: important: Security update for wpa_supplicant".

    The SUSE Security Alert is here: <https://www.suse.com/de-de/support/u...su-20172752-1/> -- "SUSE-SU-2017:2752-1 Security update for wpa_supplicant".

    There is a German language list (being continually updated) of manufacturer comments and updates here: <https://www.heise.de/security/meldun...n-3863455.html>.
    • The URLs in the manufacturer list point mostly to English language information.
    • At least one exception is AVM (FRITZ!Box) but, English language notes are available -- for example for the FRITZ!WLAN Repeater 1750E: <http://ftp.avm.de/fritz.box/fritz.wl...lisch/info.txt>
    Based on the openSUSE Security Alert referenced,
    I stand corrected that if a patched openSUSE station connects to an unpatched AP, the patched client should prevent the unpatched AP from being exploited, at least for sessions from patched openSUSE only.

    But, this is probably something that others will take a close look at into the future, it sounds like a "best effort" action to minimize the AP vulnerabilities which may be specific to current published exploit methods, and could be vulnerable to inventive alternate methods.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  2. #32
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    4,949

    Exclamation Re: WPA2 situation

    Quote Originally Posted by tsu2 View Post
    if a patched openSUSE station connects to an unpatched AP, the patched client should prevent the unpatched AP from being exploited, at least for sessions from patched openSUSE only.

    But, this is probably something that others will take a close look at into the future, it sounds like a "best effort" action to minimize the AP vulnerabilities which may be specific to current published exploit methods, and could be vulnerable to inventive alternate methods.
    For the case of my DSL Router and WiFi Access Point, the statements from the AVM folks in Berlin are either soothing or worrying -- depending on your point-of-view: <https://en.avm.de/service/current-se...notifications/>.
    The AVM folks also point to a WiFi Alliance statement here: <https://www.wi-fi.org/news-events/ne...ecurity-update>.

  3. #33
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: WPA2 situation

    Slightly off-topic, but my strong recommendation for anyone who is in any way interested in the general events when a business is hacked, is to watch at least the first half season of tSeason 1 of "Mr. Robot" on the USA channel. I consider this almost a "must see" for anyone who is responsible for computing security, regardless if your personal skills are on the technical computing end or the non-technical Business end.

    Unlike other Computer hacking films and shows, depictions of the sequence of what happens and the whole psychology of when a business finds itself unexpectedly compromised is at a very high level of realism including common exploit tools, reconnaissance, depositing malware payload and more. Slo-mo your DVR for highly detailed commands if you wish, they're real.

    And, for the entire series there is a very high level of other hacking methods, depicting a variety of ways networks are exploitable.

    There's a lot there for everyone at every level from technical illiterates to highly seasoned hackers already familiar with offensive hacking.

    As for whether the overall plot arcs are realistic...
    The main arc of world-wide destruction is a bit fanciful, but only in the scope. Scale the "The End of the World" down a bit, the lessons are pretty exacting at business or industry levels, almost a blueprint for what could become reality.

    the other stuff like the psychological plot twist... Hum.

    A couple weeks ago, "Mr. Robot" began Season 3.
    An interview with the show's technical creators
    http://thehill.com/policy/cybersecur...yan-kazanciyan

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

Page 4 of 4 FirstFirst ... 234

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •