Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6
1852 posts

Uber Geek
+1 received by user: 513


  Reply # 1885318 17-Oct-2017 22:19
3 people support this post
Send private message quote this post

They've added the following to the Q&A on the KrackAttack website which removes any doubt for those who were still unsure:

 

although an unpatched client can still connect to a patched AP, and vice versa, both the client and AP must be patched to defend against all attacks

 

In the modern world of BYOD this isn't going to be fun.




6819 posts

Uber Geek
+1 received by user: 3143

Moderator
Trusted
Subscriber

  Reply # 1885399 18-Oct-2017 01:15
Send private message quote this post

MadEngineer:

 

Mikrotik:  Fixed weeks ago (AP has no re-use vulnerabilities, client mode fixed)

 

Ubiquiti: Oh, it's in beta (client mode fix only)

 

Incorrect. I've already rolled this out to everyone on the UniFi controller I host and it is in stable. You also can't mitigate this from the router, it has to be both ends.

 

kyhwana2:
Benjip:

 

Who else will be demanding a refund of their iPhones, Macs, and iPads, under the CGA?

 

(I kid, I kid)

 

:trollface: You mean androids :P

 

You can have a Sony Xperia Z3 for that comment. Kudos.





Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


 
 
 
 


BDFL - Memuneh
59078 posts

Uber Geek
+1 received by user: 10349

Administrator
Trusted
Geekzone
Subscriber

  Reply # 1885419 18-Oct-2017 07:53
Send private message quote this post

From Spark:

 

 

Spark can confirm that our home broadband modems are not vulnerable to the “Krack” Wi-Fi security issue, which was publicised globally overnight. This is because the Krack vulnerability only applies to private Wi-Fi networks that involve multiple access points (modems) as well as a WiFi protocol that enables end users’ devices to seamlessly switch from one access point to another.  Spark modems are single access points secured by their individual passwords.

 

Spark’s own Wi-Fi phone box network, as is the case of most public Wi-Fi networks, is an open network which does not use the WPA or WPA2 security standards that may be open to the Krack vulnerability.  Therefore, the performance of the Spark WiFi network has also not been impacted by this latest security vulnerability.  We continue to advise customers to take care, as always, when using any public Wi-Fi network including Spark Wi-Fi.

 

As the Krack vulnerability affects both WiFi access points and end devices, and is relevant to every end device globally that can connect to Wi-Fi networks (e.g. smartphones, tablets, PCs and laptops, other Wi-Fi enabled devices).  This includes devices sold by Spark as well as devices our customers have purchased separately and that are WiFi enabled.

 

Spark is liaising with all its device manufacturers as a matter of urgency to understand when they will have patches available for their devices and the process for installing those patches on devices.  For the majority of devices, this is likely to occur via a remote software upgrade that occurs over the internet.  We encourage all our customers to enable automatic upgrades on their devices and/or action any prompts they receive to install software upgrades.

 

We remain unware of any Spark customers who have been compromised by the vulnerability to date. 

 

 

Also, just received an update for my Synology router fixing this.





dt

169 posts

Master Geek
+1 received by user: 18

Subscriber

  Reply # 1885428 18-Oct-2017 08:19
Send private message quote this post

Paul1977:

 

They've added the following to the Q&A on the KrackAttack website which removes any doubt for those who were still unsure:

 

although an unpatched client can still connect to a patched AP, and vice versa, both the client and AP must be patched to defend against all attacks

 

In the modern world of BYOD this isn't going to be fun.

 

 

 

 

Thanks for the update


1852 posts

Uber Geek
+1 received by user: 513


  Reply # 1885438 18-Oct-2017 09:00
One person supports this post
Send private message quote this post

freitasm:

 

From Spark:

 

 

Spark can confirm that our home broadband modems are not vulnerable to the “Krack” Wi-Fi security issue, which was publicised globally overnight. This is because the Krack vulnerability only applies to private Wi-Fi networks that involve multiple access points (modems) as well as a WiFi protocol that enables end users’ devices to seamlessly switch from one access point to another.  Spark modems are single access points secured by their individual passwords.

 

Spark’s own Wi-Fi phone box network, as is the case of most public Wi-Fi networks, is an open network which does not use the WPA or WPA2 security standards that may be open to the Krack vulnerability.  Therefore, the performance of the Spark WiFi network has also not been impacted by this latest security vulnerability.  We continue to advise customers to take care, as always, when using any public Wi-Fi network including Spark Wi-Fi.

 

As the Krack vulnerability affects both WiFi access points and end devices, and is relevant to every end device globally that can connect to Wi-Fi networks (e.g. smartphones, tablets, PCs and laptops, other Wi-Fi enabled devices).  This includes devices sold by Spark as well as devices our customers have purchased separately and that are WiFi enabled.

 

Spark is liaising with all its device manufacturers as a matter of urgency to understand when they will have patches available for their devices and the process for installing those patches on devices.  For the majority of devices, this is likely to occur via a remote software upgrade that occurs over the internet.  We encourage all our customers to enable automatic upgrades on their devices and/or action any prompts they receive to install software upgrades.

 

We remain unware of any Spark customers who have been compromised by the vulnerability to date. 

 

 

Also, just received an update for my Synology router fixing this.

 

 

I worry that the average user will read this and interpret it to mean they are safe as long as they are connected to wifi on their Spark supplied router, which most definitely not the case.


1852 posts

Uber Geek
+1 received by user: 513


  Reply # 1885456 18-Oct-2017 09:30
Send private message quote this post

michaelmurfy:

 

MadEngineer:

 

Mikrotik:  Fixed weeks ago (AP has no re-use vulnerabilities, client mode fixed)

 

Ubiquiti: Oh, it's in beta (client mode fix only)

 

Incorrect. I've already rolled this out to everyone on the UniFi controller I host and it is in stable. You also can't mitigate this from the router, it has to be both ends.

 

 

While technically it's a stable release, Ubiquiti's weird policy of delaying pushing out stable releases means you will likely have to do a custom firmware update as it hasn't been pushed to the 5.5 controller branch yet. You need 3.9.3.7537 that Michael linked above (not 3.8.14.6780 which is what is still posted as the "latest" on the main download page).

 

I can understand people not realising this is a stable release.


1442 posts

Uber Geek
+1 received by user: 350


  Reply # 1885538 18-Oct-2017 10:23
Send private message quote this post

^ “both ends” can be a “router”, hence “client mode”

3135 posts

Uber Geek
+1 received by user: 1167


  Reply # 1885565 18-Oct-2017 10:55
Send private message quote this post

If my S7 is update to date with security patches etc is there anything else I can do?





Mike

120 posts

Master Geek
+1 received by user: 24


  Reply # 1885566 18-Oct-2017 10:58
Send private message quote this post

MikeAqua:

 

If my S7 is update to date with security patches etc is there anything else I can do?

 

 

Wait for Samsung to release a security patch for KRAck. AFAIK, they haven't released one yet, and it has been confirmed that all Android 6.0+ devices are vulnerable. In the meantime, I would use a VPN on your device while connecting to any wifi access point.


3135 posts

Uber Geek
+1 received by user: 1167


  Reply # 1885578 18-Oct-2017 11:30
Send private message quote this post

stinger:

 

MikeAqua:

 

If my S7 is update to date with security patches etc is there anything else I can do?

 

 

Wait for Samsung to release a security patch for KRAck. AFAIK, they haven't released one yet, and it has been confirmed that all Android 6.0+ devices are vulnerable. In the meantime, I would use a VPN on your device while connecting to any wifi access point.

 

 

Can anyone recommend a good VPN service?

 

(my research lead me to Nord but I really know very little)





Mike

2089 posts

Uber Geek
+1 received by user: 1000


  Reply # 1885584 18-Oct-2017 11:46
Send private message quote this post

Can someone explain for what the consequences of this KRACK are, or could be?

 

My understanding so far is that it allows someone to read your WiFi traffic, and therefore anything not-otherwise-encrypted on WiFi is readable.

 

What I don't understand is whether it also allows connections. I have a Spark-provided modem/router, a Linux desktop and Raspberry Pi (connected by Ethernet to the modem), and phones and ESP8266-controlled-lights connected via WiFi. None of these devices is patched (yet). Does that mean that (in theory) someone could sit outside my house and read *all* the not-otherwise-encrypted traffic from my router to/from all my WiFi devices? So, for example, the contents of an FTP file transfer between my phone and desktop would be readable.  But the outsider wouldn't be able to establish an FTP session to read everything on my HDD or RPi unless they also somehow got the user account password? If the Wifi comms from phone-to-router-to-lights was just HTTP packets, could the outsider use their browser to turn my lights on/off? Could they hook up their own device via DHCP and use my Internet connection?

 

 


1852 posts

Uber Geek
+1 received by user: 513


  Reply # 1885585 18-Oct-2017 11:49
Send private message quote this post

MikeAqua:

 

Can anyone recommend a good VPN service?

 

(my research lead me to Nord but I really know very little)

 

 

I use an OpenVPN server on an oDroid, so no 3rd party service required. Hairpin NAT on my router also allows me to use this to encrypt all my traffic even when I am on my own internal network (at least I think it does, @michaelmurfy is this correct?)

 

EDIT: I'm not sure if all routers support hairpin NAT for connecting the VPN while on your internal network.


120 posts

Master Geek
+1 received by user: 24


  Reply # 1885586 18-Oct-2017 11:50
Send private message quote this post

MikeAqua:

 

Can anyone recommend a good VPN service?

 

(my research lead me to Nord but I really know very little)

 

 

I use PIA because a) they really don't keep any logs ( https://torrentfreak.com/vpn-providers-no-logging-claims-tested-in-fbi-case-160312/ ), and b) they have a chrome extension so that my browsing on my work laptop can go via a VPN while other traffic remains untouched and c) they have an Android app for my phone, and d) they're pretty cheap. YMMV.


120 posts

Master Geek
+1 received by user: 24


  Reply # 1885592 18-Oct-2017 11:56
Send private message quote this post

frankv:

 

Can someone explain for what the consequences of this KRACK are, or could be? 

 

 

In summary, any traffic from an unpatched device can be read (of course the contents of encrypted traffic cannot be read, but the IP address you are using can be). They cannot make a connection to the wifi network itself (i.e. get an IP address from DHCP and run wild on your network).


BDFL - Memuneh
59078 posts

Uber Geek
+1 received by user: 10349

Administrator
Trusted
Geekzone
Subscriber

  Reply # 1885615 18-Oct-2017 12:08
Send private message quote this post

I use Norton WiFi Privacy (review) and my own OpenVPN server at home (Synology router). I also have a Witopia subscription since they have an Auckland node now.





1 | 2 | 3 | 4 | 5 | 6
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Phone prices rising as users move upmarket
Posted 24-Nov-2017 17:16


Talking net neutrality on RNZ Nine-to-Noon
Posted 24-Nov-2017 12:11


Air New Zealand experiments with blockchain technology
Posted 23-Nov-2017 15:39


Symantec selects Amazon Web Services to deliver cloud security
Posted 23-Nov-2017 10:40


New Zealand Ministry of Education chooses Unisys for cloud-based education resourcing management system
Posted 22-Nov-2017 22:00


Business analytics software powers profits for NZ wine producers
Posted 22-Nov-2017 21:52


Pyrios strikes up alliance with Microsoft integrator UC Logiq
Posted 22-Nov-2017 21:51


The New Zealand IT services ecosystem - it's all digital down here
Posted 22-Nov-2017 21:49


Volvo to supply tens of thousands of autonomous drive compatible cars to Uber
Posted 22-Nov-2017 21:46


From small to medium and beyond: Navigating the ERP battlefield
Posted 21-Nov-2017 21:12


Business owners: ERP software selection starts (and finishes) with you
Posted 21-Nov-2017 21:11


Why I'm not an early adopter
Posted 21-Nov-2017 10:39


Netatmo launches smart home products in New Zealand
Posted 20-Nov-2017 20:06


Huawei Mate 10: Punchy, long battery life, artificial intelligence
Posted 20-Nov-2017 16:30


Propel launch Disney Star Wars Laser Battle Drones
Posted 19-Nov-2017 21:26



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.