WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Chat about just about anything else
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
SwanRider

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Post by SwanRider »

I am glad that this was asked as I am sure that many of us would be concerned about. However as has been already stated if we have applied the updates through update manager which I did last night then I believe that we should be okay from what I have read on here and on the net
rene
Level 20
Level 20
Posts: 12240
Joined: Sun Mar 27, 2016 6:58 pm

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Post by rene »

BG405 wrote:This would surely cause the printer to disappear from the genuine network?
Surely. If however as I usually see these days a single home Wi-Fi network is the only network then the same shenanigans that bumped the printer on over to the malicious clone may have triggered all/most home-devices onto the same, leaving "genuine network" as a term ill-defined and as a network ill-detectable.

Note by the way that this cloning business requires sincere proximity; tricking devices onto a clone basically amounts to having the stronger radio. Which is to say that slapping your neighbour's nerdy kid around a bit might be a more effective precaution then going on a patch collection spree right now. The protocol layer in which this issue lives makes it a fundamental problem but "fundamental" is not the same as "severest ever". Which, mind you, would not be conversely to say that it's not severe; it is, but practical impact for the individual user is not as big as the amount of press could have one believe. Which is always the case with security issues. In the end this one stands out mostly due to not being rubbish.
User avatar
karlchen
Level 23
Level 23
Posts: 18155
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Post by karlchen »

xenopeek wrote:Ideally, yes home routers are also patched, but the krackattacks folks had this to say about it: [...]
Should the sentence not rather read
Yes, home routers should also be patched [...]
Let us be realistic. Patching our Linux client side is the right thing to do and absolutely necessary. Glad the fix has been available so quickly.
But the other side, our routers should be patched as well.
Yet, router producers are not always very responsive when it comes to patching bugs and security vulnerabilities. And as a rule they are definitely much slower in doing so than software producers.

Sorry, if at the moment I can only provide a link to a German computer magazine webpage, where links to comments on the WPA2 KRACK problem can be found by those few (hard- and software) vendors who could be bothered to reply at all.
But not even all of them could state that a fix were already available or would be available soon.
KRACK: Hersteller-Updates und Stellungnahmen (KRACK: Producer Updates and Statements)
(as soon as I locate a similar English article I will add the link here)

And finally, let us not forget our dearest tamagotchies, which we carry around all the time, our oh so smart smart phones. Most of them will never see any more bug fixes and security patches for the rest of their lives, because most smart phone producers are very good at releasing new smart phone models in short intervals, but cannot be bothered to provide software updates for the same smart phones.
Image
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 750 days now.
Lifeline
User avatar
BG405
Level 8
Level 8
Posts: 2475
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Post by BG405 »

rene wrote:If however as I usually see these days a single home Wi-Fi network is the only network then the same shenanigans that bumped the printer on over to the malicious clone may have triggered all/most home-devices onto the same, leaving "genuine network" as a term ill-defined and as a network ill-detectable.
True, if all the devices are connected wirelessly to the router(s). I expect it would be more obvious on a hybrid setup like mine, where only portable machines use WiFi (netbooks, very occasionally a phone - when I can find it - and my mate's phone & tablet) so in my case, the WiFi connections would be the targets and the printer will not be accessible if the computer's WiFi was connected to a spoof, as the netbooks are the only ones with working printer drivers at present. The 64-bit OS on the server, which doesn't have WiFi, doesn't currently have a working printer driver.

Whilst WiFi printers might be a convenience for some, I think they are largely unnecessary as they tend to be installed and left in one place so a wired connection is far more practical, using the router to access via WiFi. Considering their vulnerability (note my comment re. my mate's phantom photo coming out of his printer) I wouldn't use a WiFi printer any more than any other device which isn't likely to get prompt updates. Stinks of the IOT rubbish.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Lenovo T440 - Manjaro KDE with Mint VMs
Toshiba NB250 - Manjaro KDE------------------------Acer Aspire One D255E - LM21.3 Xfce
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Two ROMS don't make a WRITE
jglen490

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Post by jglen490 »

So fix what you can - patch your wifi router and your wifi connected computers (Windows, Apple, Linux, BSD). For the ones that don't have a patch available - especially tablets, phones running Android - turn off your wifi connection as much as possible and use your data connection. If you absolutely need to use wifi with your Android device, turn wifi on when you need it, turn it off when you don't. You'll be minimizing your risk. For any other devices, same pattern - on when you need it, off when you don't.

The fact is the KRACK vulnerability can only be leveraged within close proximity to your devices - that's a max of about 100 meters. It's not all that convenient for bad guys, but it could happen. Pay attention to what's happening at your wifi router or repeater, and watch for unusual activity at your computing devices. It's kinda scary, but not if you do what you need to do. Patch what you can, minimize your wifi activity on the rest.

We patched our Netgear router yesterday as soon as we found the patch, and updated the wpa-related packages/software on our Linux computers. Windows had been patched sometime ago. Moving on with life.
Jat
Level 2
Level 2
Posts: 61
Joined: Tue Aug 09, 2016 6:19 am

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Post by Jat »

What about game systems? There are other things that might never get a patch. Refrigerators for example.

Too bad my laptop is outdated and might not get a patch. I don't think my router is affected, at least Netgear says it's not, if I'm reading the site right. WNR2000v5.
https://kb.netgear.com/000049498/Sucuri ... -2017-2837

List of vendors:
https://www.kb.cert.org/vuls/byvendor?s ... rchOrder=4
User avatar
BG405
Level 8
Level 8
Posts: 2475
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Post by BG405 »

The timestamp on the patch is 16/10/2017 at 08:20 IIRC. That's a pretty quick fix I think. But I was rather surprised to see that "Urgency: Medium" in the notes rather than "Urgency: Critical" or equivalent.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Lenovo T440 - Manjaro KDE with Mint VMs
Toshiba NB250 - Manjaro KDE------------------------Acer Aspire One D255E - LM21.3 Xfce
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Two ROMS don't make a WRITE
User avatar
xenopeek
Level 25
Level 25
Posts: 29459
Joined: Wed Jul 06, 2011 3:58 am

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Post by xenopeek »

BG405 wrote:I was rather surprised to see that "Urgency: Medium" in the notes rather than "Urgency: Critical" or equivalent.
Like others have said, an attacker would need to be within range of your wifi signal. It's not like everybody lives next to somebody with the technical know-how and malicious mindset to do this attack.
Image
User avatar
Moem
Level 22
Level 22
Posts: 16193
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Post by Moem »

Jat wrote:Too bad my laptop is outdated and might not get a patch.
That's up to you. If it's running an up-to-date OS, it will or it already has. If not, it's not the laptop that's outdated.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
User avatar
BG405
Level 8
Level 8
Posts: 2475
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Post by BG405 »

xenopeek wrote:It's not like everybody lives next to somebody with the technical know-how and malicious mindset to do this attack.
Whilst that is true for the majority of people as a whole, there are areas such as this one with a large student and health worker population, in fact yet another new 10-storey building has just opened down the road and now houses hundreds more students, hence my elevated concern.

There are public WiFi hotspots everywhere in and around student-land including the parks and recreation areas, also the hospital provides wifi to the nurses' accommodation and the patients. So I'd consider that risk to be much higher round here, due to the population density and demographic. I just thought that they would take a "worst case scenario" on something like this, that's all. :wink:

There are also long-range WiFi devices such as those directional antennas giving a range in the order of several miles! A suitably-equipped scrote would have a field-day in this area.

To conclude, we Mint users have (or should have!) applied the patch, it's the phone users who are still at risk. I don't know how it's been dealt with in Windows, Mac, ChromeOS, Android & iOS land; I presume they've been patched too.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Lenovo T440 - Manjaro KDE with Mint VMs
Toshiba NB250 - Manjaro KDE------------------------Acer Aspire One D255E - LM21.3 Xfce
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Two ROMS don't make a WRITE
User avatar
xenopeek
Level 25
Level 25
Posts: 29459
Joined: Wed Jul 06, 2011 3:58 am

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Post by xenopeek »

Yes, phones and tablets are the real targets. Phones and tablets and other "smart" devices just won't be patched in many cases due to the non-sustainable business practices of most manufacturers and mobile operators.
Image
Jat
Level 2
Level 2
Posts: 61
Joined: Tue Aug 09, 2016 6:19 am

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Post by Jat »

So far I haven't be able to find info on if video game system are getting patched. There is this where someone asks Nintendo if there systems will be patched. But I can't find anything else. https://en-americas-support.nintendo.co ... ElMjElMjE=
xenopeek wrote: Like others have said, an attacker would need to be within range of your wifi signal. It's not like everybody lives next to somebody with the technical know-how and malicious mindset to do this attack.
Couldn't there be an easy script or program to run that automates the process developed?
Moem wrote: That's up to you. If it's running an up-to-date OS, it will or it already has. If not, it's not the laptop that's outdated.
I have an Apple Macbook that won't let me update to Sierra (or High Sierra now). If I can't get the latest operating system, or if I don't have the system requirements to run the OS, then my laptop is indeed outdated.
User avatar
Moem
Level 22
Level 22
Posts: 16193
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Post by Moem »

Jat wrote:
Moem wrote: That's up to you. If it's running an up-to-date OS, it will or it already has. If not, it's not the laptop that's outdated.
I have an Apple Macbook that won't let me update to Sierra (or High Sierra now). If I can't get the latest operating system, or if I don't have the system requirements to run the OS, then my laptop is indeed outdated.
Many Macbooks can be upgraded to Mint or another Linux based OS.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
Jat
Level 2
Level 2
Posts: 61
Joined: Tue Aug 09, 2016 6:19 am

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Post by Jat »

Oh, that's what you meant.
User avatar
Moem
Level 22
Level 22
Posts: 16193
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Post by Moem »

Yes, sorry if that wasn't clear.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
JChristensen
Level 3
Level 3
Posts: 113
Joined: Sat Apr 25, 2015 8:52 pm

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Post by JChristensen »

BigEasy wrote:It is good that issue already fixed on Mint. But it is far from the end of story - who and when will fix our WIFI routers?
I would expect that most of the popular router vendors would respond in a fairly timely manner. However, I'm taking the same approach with my routers as I am with my PCs, mainly, running open-source Linux distributions. I've upgraded my router from OpenWrt to LEDE, who responded to the KRACK vulnerability with a new release within a couple days. I'm pretty happy about that!
User avatar
kenetics
Level 5
Level 5
Posts: 806
Joined: Thu Dec 14, 2006 9:57 pm
Location: Tampa Bay, Florida
Contact:

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Post by kenetics »

Finally got a software update for my Buffalo router (It uses a version or DDWRT). The first update in about 5 years!
Using Mint as primary OS since 2006.
User avatar
Portreve
Level 13
Level 13
Posts: 4882
Joined: Mon Apr 18, 2011 12:03 am
Location: Within 20,004 km of YOU!
Contact:

Re: WPA2 is no longer safe ? [issue is already fixed on all Mint versions]

Post by Portreve »

Jat wrote:I have an Apple Macbook that won't let me update to Sierra (or High Sierra now). If I can't get the latest operating system, or if I don't have the system requirements to run the OS, then my laptop is indeed outdated.
I know you've already seen and read Moem's posts, but this is really a teachable moment, not just for you, but for many others out there.

The problem is that people do not have the savvy to understand what it means for something to be merely a software issue. If they did and a situation came up like Apple not backporting a fix to prior versions of Mac OS X, there would be nonstop howls of outrage directed most rightly toward Cupertino.

Generally, many issues out there aren't hardware ones, but have directly to do with software, and what producers thereof choose to do (or choose not to do as the case may be) and this is yet another sterling argument for people to migrate away from proprietary operating systems like Mac OS X or Windows, and move to one of the many distributions of GNU+Linux, such as the very fine LinuxMint.

Apple is, in a great many respects, the entirety of the Windows ecosystem rolled into one ball. With Apple, if they introduce something, you *have* to get the newest OS to have it. Sometimes, that means you have to replace otherwise good hardware. In the Windows world, people have problems with crud and cruft gathering with their installation of Windows. This can and often does include spyware and other malware, but does not necessarily have to be. Perhaps they try and fix it. Perhaps they take the computer to a local tech shop. Perhaps this happens a few times, and eventually they just replace perfectly good hardware with a new computer. I've personally witnessed people replacing their box practically on a year-and-a-half to two-year cycle, just because they couldn't contend with various forms of maintenance issues which crop up because of their OS choice.

None of this is to say certain needs don't dictate certain ends. It may well be you need some piece of software that's only written for Windows, or Mac OS X. It could be that there is a GNU+Linux choice, but it basically sucks, and so the only useful choice is one written for either of the two main proprietary OSs. In some cases you can get around this using something like WINE, or Crossover Office. In other cases, you can't, and the only option is to run one of those systems.

But, for a great many things, there are equal (sometimes better) choices for GNU+Linux, and at least then one can have some degree of confidence there is no commercial agenda waiting in the wings to get you.
Flying this flag in support of freedom 🇺🇦

Recommended keyboard layout: English (intl., with AltGR dead keys)

Podcasts: Linux Unplugged, Destination Linux

Also check out Thor Hartmannsson's Linux Tips YouTube Channel
Locked

Return to “Open Chat”