WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Chat about just about anything else
User avatar
SwanRider
Level 1
Level 1
Posts: 45
Joined: Sun Sep 17, 2017 1:16 pm
Location: Isle of Man

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Postby SwanRider » Wed Oct 18, 2017 4:38 pm

I am glad that this was asked as I am sure that many of us would be concerned about. However as has been already stated if we have applied the updates through update manager which I did last night then I believe that we should be okay from what I have read on here and on the net
Traa dy liooar

rene
Level 6
Level 6
Posts: 1366
Joined: Sun Mar 27, 2016 6:58 pm

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Postby rene » Wed Oct 18, 2017 5:01 pm

BG405 wrote:This would surely cause the printer to disappear from the genuine network?

Surely. If however as I usually see these days a single home Wi-Fi network is the only network then the same shenanigans that bumped the printer on over to the malicious clone may have triggered all/most home-devices onto the same, leaving "genuine network" as a term ill-defined and as a network ill-detectable.

Note by the way that this cloning business requires sincere proximity; tricking devices onto a clone basically amounts to having the stronger radio. Which is to say that slapping your neighbour's nerdy kid around a bit might be a more effective precaution then going on a patch collection spree right now. The protocol layer in which this issue lives makes it a fundamental problem but "fundamental" is not the same as "severest ever". Which, mind you, would not be conversely to say that it's not severe; it is, but practical impact for the individual user is not as big as the amount of press could have one believe. Which is always the case with security issues. In the end this one stands out mostly due to not being rubbish.

User avatar
karlchen
Level 18
Level 18
Posts: 8023
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Postby karlchen » Wed Oct 18, 2017 6:07 pm

xenopeek wrote:Ideally, yes home routers are also patched, but the krackattacks folks had this to say about it: [...]

Should the sentence not rather read
Yes, home routers should also be patched [...]

Let us be realistic. Patching our Linux client side is the right thing to do and absolutely necessary. Glad the fix has been available so quickly.
But the other side, our routers should be patched as well.
Yet, router producers are not always very responsive when it comes to patching bugs and security vulnerabilities. And as a rule they are definitely much slower in doing so than software producers.

Sorry, if at the moment I can only provide a link to a German computer magazine webpage, where links to comments on the WPA2 KRACK problem can be found by those few (hard- and software) vendors who could be bothered to reply at all.
But not even all of them could state that a fix were already available or would be available soon.
KRACK: Hersteller-Updates und Stellungnahmen (KRACK: Producer Updates and Statements)
(as soon as I locate a similar English article I will add the link here)

And finally, let us not forget our dearest tamagotchies, which we carry around all the time, our oh so smart smart phones. Most of them will never see any more bug fixes and security patches for the rest of their lives, because most smart phone producers are very good at releasing new smart phone models in short intervals, but cannot be bothered to provide software updates for the same smart phones.
Image
Old bugs good, new bugs bad! Updates are evil: might fix old bugs and introduce no new ones.

User avatar
BG405
Level 5
Level 5
Posts: 856
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Postby BG405 » Wed Oct 18, 2017 6:15 pm

rene wrote:If however as I usually see these days a single home Wi-Fi network is the only network then the same shenanigans that bumped the printer on over to the malicious clone may have triggered all/most home-devices onto the same, leaving "genuine network" as a term ill-defined and as a network ill-detectable.

True, if all the devices are connected wirelessly to the router(s). I expect it would be more obvious on a hybrid setup like mine, where only portable machines use WiFi (netbooks, very occasionally a phone - when I can find it - and my mate's phone & tablet) so in my case, the WiFi connections would be the targets and the printer will not be accessible if the computer's WiFi was connected to a spoof, as the netbooks are the only ones with working printer drivers at present. The 64-bit OS on the server, which doesn't have WiFi, doesn't currently have a working printer driver.

Whilst WiFi printers might be a convenience for some, I think they are largely unnecessary as they tend to be installed and left in one place so a wired connection is far more practical, using the router to access via WiFi. Considering their vulnerability (note my comment re. my mate's phantom photo coming out of his printer) I wouldn't use a WiFi printer any more than any other device which isn't likely to get prompt updates. Stinks of the IOT rubbish.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Acer D255E 2GB - LM17.3 KDE 32
Toshiba NB305 - LM17.3 Xfce 32--------------------K7S5A Athlon 1.2GHz - LM17.3 Xfce 32 & WinXP-Pro
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 -----Dell PII 350 64MB - Puppy 4.3 & Win98-SE

jglen490
Level 1
Level 1
Posts: 43
Joined: Sat Jul 15, 2017 9:57 pm

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Postby jglen490 » Wed Oct 18, 2017 9:47 pm

So fix what you can - patch your wifi router and your wifi connected computers (Windows, Apple, Linux, BSD). For the ones that don't have a patch available - especially tablets, phones running Android - turn off your wifi connection as much as possible and use your data connection. If you absolutely need to use wifi with your Android device, turn wifi on when you need it, turn it off when you don't. You'll be minimizing your risk. For any other devices, same pattern - on when you need it, off when you don't.

The fact is the KRACK vulnerability can only be leveraged within close proximity to your devices - that's a max of about 100 meters. It's not all that convenient for bad guys, but it could happen. Pay attention to what's happening at your wifi router or repeater, and watch for unusual activity at your computing devices. It's kinda scary, but not if you do what you need to do. Patch what you can, minimize your wifi activity on the rest.

We patched our Netgear router yesterday as soon as we found the patch, and updated the wpa-related packages/software on our Linux computers. Windows had been patched sometime ago. Moving on with life.
I feel more like I do than I did when I got here.
Toshiba A135-S2386, Intel T2080, ATI Radeon® Xpress 200M Chipset, 2GB RAM, 500GB

Jat
Level 1
Level 1
Posts: 33
Joined: Tue Aug 09, 2016 6:19 am

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Postby Jat » Thu Oct 19, 2017 8:33 pm

What about game systems? There are other things that might never get a patch. Refrigerators for example.

Too bad my laptop is outdated and might not get a patch. I don't think my router is affected, at least Netgear says it's not, if I'm reading the site right. WNR2000v5.
https://kb.netgear.com/000049498/Securi ... -2017-2837

List of vendors:
https://www.kb.cert.org/vuls/byvendor?s ... rchOrder=4

User avatar
BG405
Level 5
Level 5
Posts: 856
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Postby BG405 » Thu Oct 19, 2017 8:43 pm

The timestamp on the patch is 16/10/2017 at 08:20 IIRC. That's a pretty quick fix I think. But I was rather surprised to see that "Urgency: Medium" in the notes rather than "Urgency: Critical" or equivalent.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Acer D255E 2GB - LM17.3 KDE 32
Toshiba NB305 - LM17.3 Xfce 32--------------------K7S5A Athlon 1.2GHz - LM17.3 Xfce 32 & WinXP-Pro
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 -----Dell PII 350 64MB - Puppy 4.3 & Win98-SE

User avatar
xenopeek
Level 24
Level 24
Posts: 21462
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Postby xenopeek » Fri Oct 20, 2017 12:01 am

BG405 wrote:I was rather surprised to see that "Urgency: Medium" in the notes rather than "Urgency: Critical" or equivalent.

Like others have said, an attacker would need to be within range of your wifi signal. It's not like everybody lives next to somebody with the technical know-how and malicious mindset to do this attack.
Image

User avatar
Moem
Level 11
Level 11
Posts: 3987
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Postby Moem » Fri Oct 20, 2017 3:30 am

Jat wrote:Too bad my laptop is outdated and might not get a patch.

That's up to you. If it's running an up-to-date OS, it will or it already has. If not, it's not the laptop that's outdated.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

User avatar
BG405
Level 5
Level 5
Posts: 856
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Postby BG405 » Fri Oct 20, 2017 10:48 am

xenopeek wrote:It's not like everybody lives next to somebody with the technical know-how and malicious mindset to do this attack.

Whilst that is true for the majority of people as a whole, there are areas such as this one with a large student and health worker population, in fact yet another new 10-storey building has just opened down the road and now houses hundreds more students, hence my elevated concern.

There are public WiFi hotspots everywhere in and around student-land including the parks and recreation areas, also the hospital provides wifi to the nurses' accommodation and the patients. So I'd consider that risk to be much higher round here, due to the population density and demographic. I just thought that they would take a "worst case scenario" on something like this, that's all. :wink:

There are also long-range WiFi devices such as those directional antennas giving a range in the order of several miles! A suitably-equipped scrote would have a field-day in this area.

To conclude, we Mint users have (or should have!) applied the patch, it's the phone users who are still at risk. I don't know how it's been dealt with in Windows, Mac, ChromeOS, Android & iOS land; I presume they've been patched too.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Acer D255E 2GB - LM17.3 KDE 32
Toshiba NB305 - LM17.3 Xfce 32--------------------K7S5A Athlon 1.2GHz - LM17.3 Xfce 32 & WinXP-Pro
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 -----Dell PII 350 64MB - Puppy 4.3 & Win98-SE

User avatar
xenopeek
Level 24
Level 24
Posts: 21462
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Postby xenopeek » Fri Oct 20, 2017 12:01 pm

Yes, phones and tablets are the real targets. Phones and tablets and other "smart" devices just won't be patched in many cases due to the non-sustainable business practices of most manufacturers and mobile operators.
Image

Jat
Level 1
Level 1
Posts: 33
Joined: Tue Aug 09, 2016 6:19 am

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Postby Jat » Fri Oct 20, 2017 8:05 pm

So far I haven't be able to find info on if video game system are getting patched. There is this where someone asks Nintendo if there systems will be patched. But I can't find anything else. https://en-americas-support.nintendo.co ... ElMjElMjE=

xenopeek wrote:Like others have said, an attacker would need to be within range of your wifi signal. It's not like everybody lives next to somebody with the technical know-how and malicious mindset to do this attack.

Couldn't there be an easy script or program to run that automates the process developed?

Moem wrote:That's up to you. If it's running an up-to-date OS, it will or it already has. If not, it's not the laptop that's outdated.


I have an Apple Macbook that won't let me update to Sierra (or High Sierra now). If I can't get the latest operating system, or if I don't have the system requirements to run the OS, then my laptop is indeed outdated.

User avatar
Moem
Level 11
Level 11
Posts: 3987
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Postby Moem » Fri Oct 20, 2017 8:16 pm

Jat wrote:
Moem wrote:That's up to you. If it's running an up-to-date OS, it will or it already has. If not, it's not the laptop that's outdated.


I have an Apple Macbook that won't let me update to Sierra (or High Sierra now). If I can't get the latest operating system, or if I don't have the system requirements to run the OS, then my laptop is indeed outdated.

Many Macbooks can be upgraded to Mint or another Linux based OS.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

Jat
Level 1
Level 1
Posts: 33
Joined: Tue Aug 09, 2016 6:19 am

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Postby Jat » Sun Oct 22, 2017 1:03 am

Oh, that's what you meant.

User avatar
Moem
Level 11
Level 11
Posts: 3987
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Postby Moem » Sun Oct 22, 2017 7:09 am

Yes, sorry if that wasn't clear.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

JChristensen
Level 2
Level 2
Posts: 62
Joined: Sat Apr 25, 2015 8:52 pm

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Postby JChristensen » Mon Oct 23, 2017 6:00 pm

BigEasy wrote:It is good that issue already fixed on Mint. But it is far from the end of story - who and when will fix our WIFI routers?

I would expect that most of the popular router vendors would respond in a fairly timely manner. However, I'm taking the same approach with my routers as I am with my PCs, mainly, running open-source Linux distributions. I've upgraded my router from OpenWrt to LEDE, who responded to the KRACK vulnerability with a new release within a couple days. I'm pretty happy about that!
LM18.3 C64 on Dell Optiplex 745, HP Pavilion dv6, dv7; LM18 C64 on HP h8.

User avatar
kenetics
Level 5
Level 5
Posts: 644
Joined: Thu Dec 14, 2006 9:57 pm
Location: Somewhere on a Florida beach
Contact:

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Postby kenetics » Fri Nov 17, 2017 12:38 pm

Finally got a software update for my Buffalo router (It uses a version or DDWRT). The first update in about 5 years!

User avatar
Portreve
Level 5
Level 5
Posts: 830
Joined: Mon Apr 18, 2011 12:03 am
Location: Florida

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Postby Portreve » Fri Nov 17, 2017 10:52 pm

Jat wrote:I have an Apple Macbook that won't let me update to Sierra (or High Sierra now). If I can't get the latest operating system, or if I don't have the system requirements to run the OS, then my laptop is indeed outdated.

I know you've already seen and read Moem's posts, but this is really a teachable moment, not just for you, but for many others out there.

The problem is that people do not have the savvy to understand what it means for something to be merely a software issue. If they did and a situation came up like Apple not backporting a fix to prior versions of Mac OS X, there would be nonstop howls of outrage directed most rightly toward Cupertino.

Generally, many issues out there aren't hardware ones, but have directly to do with software, and what producers thereof choose to do (or choose not to do as the case may be) and this is yet another sterling argument for people to migrate away from proprietary operating systems like Mac OS X or Windows, and move to one of the many distributions of GNU+Linux, such as the very fine LinuxMint.

Apple is, in a great many respects, the entirety of the Windows ecosystem rolled into one ball. With Apple, if they introduce something, you *have* to get the newest OS to have it. Sometimes, that means you have to replace otherwise good hardware. In the Windows world, people have problems with crud and cruft gathering with their installation of Windows. This can and often does include spyware and other malware, but does not necessarily have to be. Perhaps they try and fix it. Perhaps they take the computer to a local tech shop. Perhaps this happens a few times, and eventually they just replace perfectly good hardware with a new computer. I've personally witnessed people replacing their box practically on a year-and-a-half to two-year cycle, just because they couldn't contend with various forms of maintenance issues which crop up because of their OS choice.

None of this is to say certain needs don't dictate certain ends. It may well be you need some piece of software that's only written for Windows, or Mac OS X. It could be that there is a GNU+Linux choice, but it basically sucks, and so the only useful choice is one written for either of the two main proprietary OSs. In some cases you can get around this using something like WINE, or Crossover Office. In other cases, you can't, and the only option is to run one of those systems.

But, for a great many things, there are equal (sometimes better) choices for GNU+Linux, and at least then one can have some degree of confidence there is no commercial agenda waiting in the wings to get you.
Everything is in hand. With this tapestry... and with patience, there is nothing one cannot achieve.

No hamsters were harmed in the authoring of this post.


Return to “Open chat”