Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6
1962 posts

Uber Geek
+1 received by user: 547


  Reply # 1885318 17-Oct-2017 22:19
3 people support this post
Send private message

They've added the following to the Q&A on the KrackAttack website which removes any doubt for those who were still unsure:

 

although an unpatched client can still connect to a patched AP, and vice versa, both the client and AP must be patched to defend against all attacks

 

In the modern world of BYOD this isn't going to be fun.




Meow
7098 posts

Uber Geek
+1 received by user: 3338

Moderator
Trusted
Lifetime subscriber

  Reply # 1885399 18-Oct-2017 01:15
Send private message

MadEngineer:

 

Mikrotik:  Fixed weeks ago (AP has no re-use vulnerabilities, client mode fixed)

 

Ubiquiti: Oh, it's in beta (client mode fix only)

 

Incorrect. I've already rolled this out to everyone on the UniFi controller I host and it is in stable. You also can't mitigate this from the router, it has to be both ends.

 

kyhwana2:
Benjip:

 

Who else will be demanding a refund of their iPhones, Macs, and iPads, under the CGA?

 

(I kid, I kid)

 

:trollface: You mean androids :P

 

You can have a Sony Xperia Z3 for that comment. Kudos.





 
 
 
 


BDFL - Memuneh
59637 posts

Uber Geek
+1 received by user: 10783

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1885419 18-Oct-2017 07:53
Send private message

From Spark:

 

 

Spark can confirm that our home broadband modems are not vulnerable to the “Krack” Wi-Fi security issue, which was publicised globally overnight. This is because the Krack vulnerability only applies to private Wi-Fi networks that involve multiple access points (modems) as well as a WiFi protocol that enables end users’ devices to seamlessly switch from one access point to another.  Spark modems are single access points secured by their individual passwords.

 

Spark’s own Wi-Fi phone box network, as is the case of most public Wi-Fi networks, is an open network which does not use the WPA or WPA2 security standards that may be open to the Krack vulnerability.  Therefore, the performance of the Spark WiFi network has also not been impacted by this latest security vulnerability.  We continue to advise customers to take care, as always, when using any public Wi-Fi network including Spark Wi-Fi.

 

As the Krack vulnerability affects both WiFi access points and end devices, and is relevant to every end device globally that can connect to Wi-Fi networks (e.g. smartphones, tablets, PCs and laptops, other Wi-Fi enabled devices).  This includes devices sold by Spark as well as devices our customers have purchased separately and that are WiFi enabled.

 

Spark is liaising with all its device manufacturers as a matter of urgency to understand when they will have patches available for their devices and the process for installing those patches on devices.  For the majority of devices, this is likely to occur via a remote software upgrade that occurs over the internet.  We encourage all our customers to enable automatic upgrades on their devices and/or action any prompts they receive to install software upgrades.

 

We remain unware of any Spark customers who have been compromised by the vulnerability to date. 

 

 

Also, just received an update for my Synology router fixing this.





dt

206 posts

Master Geek
+1 received by user: 26

Subscriber

  Reply # 1885428 18-Oct-2017 08:19
Send private message

Paul1977:

 

They've added the following to the Q&A on the KrackAttack website which removes any doubt for those who were still unsure:

 

although an unpatched client can still connect to a patched AP, and vice versa, both the client and AP must be patched to defend against all attacks

 

In the modern world of BYOD this isn't going to be fun.

 

 

 

 

Thanks for the update


1962 posts

Uber Geek
+1 received by user: 547


  Reply # 1885438 18-Oct-2017 09:00
One person supports this post
Send private message

freitasm:

 

From Spark:

 

 

Spark can confirm that our home broadband modems are not vulnerable to the “Krack” Wi-Fi security issue, which was publicised globally overnight. This is because the Krack vulnerability only applies to private Wi-Fi networks that involve multiple access points (modems) as well as a WiFi protocol that enables end users’ devices to seamlessly switch from one access point to another.  Spark modems are single access points secured by their individual passwords.

 

Spark’s own Wi-Fi phone box network, as is the case of most public Wi-Fi networks, is an open network which does not use the WPA or WPA2 security standards that may be open to the Krack vulnerability.  Therefore, the performance of the Spark WiFi network has also not been impacted by this latest security vulnerability.  We continue to advise customers to take care, as always, when using any public Wi-Fi network including Spark Wi-Fi.

 

As the Krack vulnerability affects both WiFi access points and end devices, and is relevant to every end device globally that can connect to Wi-Fi networks (e.g. smartphones, tablets, PCs and laptops, other Wi-Fi enabled devices).  This includes devices sold by Spark as well as devices our customers have purchased separately and that are WiFi enabled.

 

Spark is liaising with all its device manufacturers as a matter of urgency to understand when they will have patches available for their devices and the process for installing those patches on devices.  For the majority of devices, this is likely to occur via a remote software upgrade that occurs over the internet.  We encourage all our customers to enable automatic upgrades on their devices and/or action any prompts they receive to install software upgrades.

 

We remain unware of any Spark customers who have been compromised by the vulnerability to date. 

 

 

Also, just received an update for my Synology router fixing this.

 

 

I worry that the average user will read this and interpret it to mean they are safe as long as they are connected to wifi on their Spark supplied router, which most definitely not the case.


1962 posts

Uber Geek
+1 received by user: 547


  Reply # 1885456 18-Oct-2017 09:30
Send private message

michaelmurfy:

 

MadEngineer:

 

Mikrotik:  Fixed weeks ago (AP has no re-use vulnerabilities, client mode fixed)

 

Ubiquiti: Oh, it's in beta (client mode fix only)

 

Incorrect. I've already rolled this out to everyone on the UniFi controller I host and it is in stable. You also can't mitigate this from the router, it has to be both ends.

 

 

While technically it's a stable release, Ubiquiti's weird policy of delaying pushing out stable releases means you will likely have to do a custom firmware update as it hasn't been pushed to the 5.5 controller branch yet. You need 3.9.3.7537 that Michael linked above (not 3.8.14.6780 which is what is still posted as the "latest" on the main download page).

 

I can understand people not realising this is a stable release.


1497 posts

Uber Geek
+1 received by user: 368


  Reply # 1885538 18-Oct-2017 10:23
Send private message

^ “both ends” can be a “router”, hence “client mode”

3563 posts

Uber Geek
+1 received by user: 1361


  Reply # 1885565 18-Oct-2017 10:55
Send private message

If my S7 is update to date with security patches etc is there anything else I can do?





Mike

171 posts

Master Geek
+1 received by user: 39


  Reply # 1885566 18-Oct-2017 10:58
Send private message

MikeAqua:

 

If my S7 is update to date with security patches etc is there anything else I can do?

 

 

Wait for Samsung to release a security patch for KRAck. AFAIK, they haven't released one yet, and it has been confirmed that all Android 6.0+ devices are vulnerable. In the meantime, I would use a VPN on your device while connecting to any wifi access point.


3563 posts

Uber Geek
+1 received by user: 1361


  Reply # 1885578 18-Oct-2017 11:30
Send private message

stinger:

 

MikeAqua:

 

If my S7 is update to date with security patches etc is there anything else I can do?

 

 

Wait for Samsung to release a security patch for KRAck. AFAIK, they haven't released one yet, and it has been confirmed that all Android 6.0+ devices are vulnerable. In the meantime, I would use a VPN on your device while connecting to any wifi access point.

 

 

Can anyone recommend a good VPN service?

 

(my research lead me to Nord but I really know very little)





Mike

2165 posts

Uber Geek
+1 received by user: 1040


  Reply # 1885584 18-Oct-2017 11:46
Send private message

Can someone explain for what the consequences of this KRACK are, or could be?

 

My understanding so far is that it allows someone to read your WiFi traffic, and therefore anything not-otherwise-encrypted on WiFi is readable.

 

What I don't understand is whether it also allows connections. I have a Spark-provided modem/router, a Linux desktop and Raspberry Pi (connected by Ethernet to the modem), and phones and ESP8266-controlled-lights connected via WiFi. None of these devices is patched (yet). Does that mean that (in theory) someone could sit outside my house and read *all* the not-otherwise-encrypted traffic from my router to/from all my WiFi devices? So, for example, the contents of an FTP file transfer between my phone and desktop would be readable.  But the outsider wouldn't be able to establish an FTP session to read everything on my HDD or RPi unless they also somehow got the user account password? If the Wifi comms from phone-to-router-to-lights was just HTTP packets, could the outsider use their browser to turn my lights on/off? Could they hook up their own device via DHCP and use my Internet connection?

 

 


1962 posts

Uber Geek
+1 received by user: 547


  Reply # 1885585 18-Oct-2017 11:49
Send private message

MikeAqua:

 

Can anyone recommend a good VPN service?

 

(my research lead me to Nord but I really know very little)

 

 

I use an OpenVPN server on an oDroid, so no 3rd party service required. Hairpin NAT on my router also allows me to use this to encrypt all my traffic even when I am on my own internal network (at least I think it does, @michaelmurfy is this correct?)

 

EDIT: I'm not sure if all routers support hairpin NAT for connecting the VPN while on your internal network.


171 posts

Master Geek
+1 received by user: 39


  Reply # 1885586 18-Oct-2017 11:50
Send private message

MikeAqua:

 

Can anyone recommend a good VPN service?

 

(my research lead me to Nord but I really know very little)

 

 

I use PIA because a) they really don't keep any logs ( https://torrentfreak.com/vpn-providers-no-logging-claims-tested-in-fbi-case-160312/ ), and b) they have a chrome extension so that my browsing on my work laptop can go via a VPN while other traffic remains untouched and c) they have an Android app for my phone, and d) they're pretty cheap. YMMV.


171 posts

Master Geek
+1 received by user: 39


  Reply # 1885592 18-Oct-2017 11:56
Send private message

frankv:

 

Can someone explain for what the consequences of this KRACK are, or could be? 

 

 

In summary, any traffic from an unpatched device can be read (of course the contents of encrypted traffic cannot be read, but the IP address you are using can be). They cannot make a connection to the wifi network itself (i.e. get an IP address from DHCP and run wild on your network).


BDFL - Memuneh
59637 posts

Uber Geek
+1 received by user: 10783

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1885615 18-Oct-2017 12:08
Send private message

I use Norton WiFi Privacy (review) and my own OpenVPN server at home (Synology router). I also have a Witopia subscription since they have an Auckland node now.





1 | 2 | 3 | 4 | 5 | 6
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Fujifilm X beats its best with new top of the range, high-performance camera
Posted 24-Feb-2018 14:05


One million kiwis affected by cybercrime
Posted 24-Feb-2018 13:58


New Zealanders want to engage with government online and via mobile apps
Posted 24-Feb-2018 13:56


Samsung launches Samsung Max
Posted 24-Feb-2018 13:52


CPTPP text and National Interest Analysis released for public scrutiny
Posted 21-Feb-2018 19:43


Foodstuffs to trial digitised shopping trolleys
Posted 21-Feb-2018 18:27


2018: The year of zero-login, smart cars & the biometrics of things
Posted 21-Feb-2018 18:25


Intel reimagines data centre storage with new 3D NAND SSDs
Posted 16-Feb-2018 15:21


Ground-breaking business programme begins in Hamilton
Posted 16-Feb-2018 10:18


Government to continue search for first Chief Technology Officer
Posted 12-Feb-2018 20:30


Time to take Apple’s iPad Pro seriously
Posted 12-Feb-2018 16:54


New Fujifilm X-A5 brings selfie features to mirrorless camera
Posted 9-Feb-2018 09:12


D-Link ANZ expands connected smart home with new HD Wi-Fi cameras
Posted 9-Feb-2018 09:01


Dragon Professional for Mac V6: Near perfect dictation
Posted 9-Feb-2018 08:26


OPPO announces R11s with claims to be the picture perfect smartphone
Posted 2-Feb-2018 13:28



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.