Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6
Paul1977
3345 posts

Uber Geek


  #1885318 17-Oct-2017 22:19
Send private message

They've added the following to the Q&A on the KrackAttack website which removes any doubt for those who were still unsure:

 

although an unpatched client can still connect to a patched AP, and vice versa, both the client and AP must be patched to defend against all attacks

 

In the modern world of BYOD this isn't going to be fun.


michaelmurfy

/dev/null
9546 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #1885399 18-Oct-2017 01:15
Send private message

MadEngineer:

 

Mikrotik:  Fixed weeks ago (AP has no re-use vulnerabilities, client mode fixed)

 

Ubiquiti: Oh, it's in beta (client mode fix only)

 

Incorrect. I've already rolled this out to everyone on the UniFi controller I host and it is in stable. You also can't mitigate this from the router, it has to be both ends.

 

kyhwana2:
Benjip:

 

Who else will be demanding a refund of their iPhones, Macs, and iPads, under the CGA?

 

(I kid, I kid)

 

:trollface: You mean androids :P

 

You can have a Sony Xperia Z3 for that comment. Kudos.





 
 
 
 


freitasm
BDFL - Memuneh
68384 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #1885419 18-Oct-2017 07:53
Send private message

From Spark:

 

 

Spark can confirm that our home broadband modems are not vulnerable to the “Krack” Wi-Fi security issue, which was publicised globally overnight. This is because the Krack vulnerability only applies to private Wi-Fi networks that involve multiple access points (modems) as well as a WiFi protocol that enables end users’ devices to seamlessly switch from one access point to another.  Spark modems are single access points secured by their individual passwords.

 

Spark’s own Wi-Fi phone box network, as is the case of most public Wi-Fi networks, is an open network which does not use the WPA or WPA2 security standards that may be open to the Krack vulnerability.  Therefore, the performance of the Spark WiFi network has also not been impacted by this latest security vulnerability.  We continue to advise customers to take care, as always, when using any public Wi-Fi network including Spark Wi-Fi.

 

As the Krack vulnerability affects both WiFi access points and end devices, and is relevant to every end device globally that can connect to Wi-Fi networks (e.g. smartphones, tablets, PCs and laptops, other Wi-Fi enabled devices).  This includes devices sold by Spark as well as devices our customers have purchased separately and that are WiFi enabled.

 

Spark is liaising with all its device manufacturers as a matter of urgency to understand when they will have patches available for their devices and the process for installing those patches on devices.  For the majority of devices, this is likely to occur via a remote software upgrade that occurs over the internet.  We encourage all our customers to enable automatic upgrades on their devices and/or action any prompts they receive to install software upgrades.

 

We remain unware of any Spark customers who have been compromised by the vulnerability to date. 

 

 

Also, just received an update for my Synology router fixing this.





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure


dt

dt
718 posts

Ultimate Geek


  #1885428 18-Oct-2017 08:19
Send private message

Paul1977:

 

They've added the following to the Q&A on the KrackAttack website which removes any doubt for those who were still unsure:

 

although an unpatched client can still connect to a patched AP, and vice versa, both the client and AP must be patched to defend against all attacks

 

In the modern world of BYOD this isn't going to be fun.

 

 

 

 

Thanks for the update


Paul1977
3345 posts

Uber Geek


  #1885438 18-Oct-2017 09:00
Send private message

freitasm:

 

From Spark:

 

 

Spark can confirm that our home broadband modems are not vulnerable to the “Krack” Wi-Fi security issue, which was publicised globally overnight. This is because the Krack vulnerability only applies to private Wi-Fi networks that involve multiple access points (modems) as well as a WiFi protocol that enables end users’ devices to seamlessly switch from one access point to another.  Spark modems are single access points secured by their individual passwords.

 

Spark’s own Wi-Fi phone box network, as is the case of most public Wi-Fi networks, is an open network which does not use the WPA or WPA2 security standards that may be open to the Krack vulnerability.  Therefore, the performance of the Spark WiFi network has also not been impacted by this latest security vulnerability.  We continue to advise customers to take care, as always, when using any public Wi-Fi network including Spark Wi-Fi.

 

As the Krack vulnerability affects both WiFi access points and end devices, and is relevant to every end device globally that can connect to Wi-Fi networks (e.g. smartphones, tablets, PCs and laptops, other Wi-Fi enabled devices).  This includes devices sold by Spark as well as devices our customers have purchased separately and that are WiFi enabled.

 

Spark is liaising with all its device manufacturers as a matter of urgency to understand when they will have patches available for their devices and the process for installing those patches on devices.  For the majority of devices, this is likely to occur via a remote software upgrade that occurs over the internet.  We encourage all our customers to enable automatic upgrades on their devices and/or action any prompts they receive to install software upgrades.

 

We remain unware of any Spark customers who have been compromised by the vulnerability to date. 

 

 

Also, just received an update for my Synology router fixing this.

 

 

I worry that the average user will read this and interpret it to mean they are safe as long as they are connected to wifi on their Spark supplied router, which most definitely not the case.


Paul1977
3345 posts

Uber Geek


  #1885456 18-Oct-2017 09:30
Send private message

michaelmurfy:

 

MadEngineer:

 

Mikrotik:  Fixed weeks ago (AP has no re-use vulnerabilities, client mode fixed)

 

Ubiquiti: Oh, it's in beta (client mode fix only)

 

Incorrect. I've already rolled this out to everyone on the UniFi controller I host and it is in stable. You also can't mitigate this from the router, it has to be both ends.

 

 

While technically it's a stable release, Ubiquiti's weird policy of delaying pushing out stable releases means you will likely have to do a custom firmware update as it hasn't been pushed to the 5.5 controller branch yet. You need 3.9.3.7537 that Michael linked above (not 3.8.14.6780 which is what is still posted as the "latest" on the main download page).

 

I can understand people not realising this is a stable release.


MadEngineer
2194 posts

Uber Geek

Trusted

  #1885538 18-Oct-2017 10:23
Send private message

^ “both ends” can be a “router”, hence “client mode”

 
 
 
 


MikeAqua
5961 posts

Uber Geek


  #1885565 18-Oct-2017 10:55
Send private message

If my S7 is update to date with security patches etc is there anything else I can do?





Mike


stinger
628 posts

Ultimate Geek
Inactive user


  #1885566 18-Oct-2017 10:58
Send private message

MikeAqua:

 

If my S7 is update to date with security patches etc is there anything else I can do?

 

 

Wait for Samsung to release a security patch for KRAck. AFAIK, they haven't released one yet, and it has been confirmed that all Android 6.0+ devices are vulnerable. In the meantime, I would use a VPN on your device while connecting to any wifi access point.


MikeAqua
5961 posts

Uber Geek


  #1885578 18-Oct-2017 11:30
Send private message

stinger:

 

MikeAqua:

 

If my S7 is update to date with security patches etc is there anything else I can do?

 

 

Wait for Samsung to release a security patch for KRAck. AFAIK, they haven't released one yet, and it has been confirmed that all Android 6.0+ devices are vulnerable. In the meantime, I would use a VPN on your device while connecting to any wifi access point.

 

 

Can anyone recommend a good VPN service?

 

(my research lead me to Nord but I really know very little)





Mike


frankv
3896 posts

Uber Geek

Lifetime subscriber

  #1885584 18-Oct-2017 11:46
Send private message

Can someone explain for what the consequences of this KRACK are, or could be?

 

My understanding so far is that it allows someone to read your WiFi traffic, and therefore anything not-otherwise-encrypted on WiFi is readable.

 

What I don't understand is whether it also allows connections. I have a Spark-provided modem/router, a Linux desktop and Raspberry Pi (connected by Ethernet to the modem), and phones and ESP8266-controlled-lights connected via WiFi. None of these devices is patched (yet). Does that mean that (in theory) someone could sit outside my house and read *all* the not-otherwise-encrypted traffic from my router to/from all my WiFi devices? So, for example, the contents of an FTP file transfer between my phone and desktop would be readable.  But the outsider wouldn't be able to establish an FTP session to read everything on my HDD or RPi unless they also somehow got the user account password? If the Wifi comms from phone-to-router-to-lights was just HTTP packets, could the outsider use their browser to turn my lights on/off? Could they hook up their own device via DHCP and use my Internet connection?

 

 


Paul1977
3345 posts

Uber Geek


  #1885585 18-Oct-2017 11:49
Send private message

MikeAqua:

 

Can anyone recommend a good VPN service?

 

(my research lead me to Nord but I really know very little)

 

 

I use an OpenVPN server on an oDroid, so no 3rd party service required. Hairpin NAT on my router also allows me to use this to encrypt all my traffic even when I am on my own internal network (at least I think it does, @michaelmurfy is this correct?)

 

EDIT: I'm not sure if all routers support hairpin NAT for connecting the VPN while on your internal network.


stinger
628 posts

Ultimate Geek
Inactive user


  #1885586 18-Oct-2017 11:50
Send private message

MikeAqua:

 

Can anyone recommend a good VPN service?

 

(my research lead me to Nord but I really know very little)

 

 

I use PIA because a) they really don't keep any logs ( https://torrentfreak.com/vpn-providers-no-logging-claims-tested-in-fbi-case-160312/ ), and b) they have a chrome extension so that my browsing on my work laptop can go via a VPN while other traffic remains untouched and c) they have an Android app for my phone, and d) they're pretty cheap. YMMV.


stinger
628 posts

Ultimate Geek
Inactive user


  #1885592 18-Oct-2017 11:56
Send private message

frankv:

 

Can someone explain for what the consequences of this KRACK are, or could be? 

 

 

In summary, any traffic from an unpatched device can be read (of course the contents of encrypted traffic cannot be read, but the IP address you are using can be). They cannot make a connection to the wifi network itself (i.e. get an IP address from DHCP and run wild on your network).


freitasm
BDFL - Memuneh
68384 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #1885615 18-Oct-2017 12:08
Send private message

I use Norton WiFi Privacy (review) and my own OpenVPN server at home (Synology router). I also have a Witopia subscription since they have an Auckland node now.





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure


1 | 2 | 3 | 4 | 5 | 6
View this topic in a long page with up to 500 replies per page Create new topic




News »

HP unveils new innovations for businesses adapting to rapidly evolving workstyles and workforces
Posted 17-Sep-2020 15:36


GoPro launches new HERO9 Black camera
Posted 17-Sep-2020 09:45


Telecommunications industry launches new 5G Facts website
Posted 17-Sep-2020 07:56


New Zealand ranks 3rd in world in GSMA index
Posted 15-Sep-2020 10:13


Trend Micro Security Suite adds web monitoring to prevent identity theft
Posted 14-Sep-2020 15:37


NVIDIA to acquire Arm for US$ 40 billion
Posted 14-Sep-2020 12:27


Epson launches its next gen A3+ colour EcoTank multi-function printer
Posted 10-Sep-2020 16:08


Sony launches three new native 4K SXRD home cinema projectors
Posted 9-Sep-2020 18:00


Catalyst Cloud brings Kubernetes-based open-source web hosting solution to market
Posted 9-Sep-2020 17:54


Verizon Connect eyes further growth in New Zealand
Posted 8-Sep-2020 09:26


PNY launches XLR8 gaming NVIDIA GeForce RTX 30 series powered by the all-new NVIDIA Ampere architecture
Posted 3-Sep-2020 16:39


NVIDIA delivers greatest-ever generational leap with GeForce RTX 30 Series GPUs
Posted 3-Sep-2020 16:17


Weta Digital advances visual effects and animation in the cloud with AWS
Posted 2-Sep-2020 17:09


Kiwrious lab-in-the-pocket kit designed for schoolchildren
Posted 28-Aug-2020 09:03


Fitbit introduces Sense, its most advanced health smartwatch
Posted 26-Aug-2020 10:14



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.