XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
It is currently Sat Nov 18, 2017 1:30 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 30 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: KRACK/WPA2 exploit
PostPosted: Tue Oct 17, 2017 5:57 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5967
Location: NYC
https://arstechnica.com/information-tec ... sdropping/

https://www.krackattacks.com/

From what I'm reading, Linux, at least a certain version, may be especially vulnerable. Wonder if any Tomato (Linux based) developer is going to be issuing any patches or new firmware to close off this vulnerability? Not finding anything when I search, and Asus (for stock firmware) is listed as "unknown" for this vulnerability. And FWIW, from the researchers:
Quote:
What if there are no security updates for my router?

Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.


Question: Can Tomato on an N12 D1 even use 802.11r? Is it implemented by default? Long thread here. Based on that, doesn't seem like it is implemented by default. Besides, using the Asus only as a single access point, no repeaters involved.

Both Macs are hardwired, so no concern there, but the iPad2 wireless (latest iOS not supposed to be very vulnerable, but this is a quite old version-can't update beyond 9.3.5.) Apple TV2, also wireless, so not going to buy any movies, etc., from iTunes, which would expose my Apple ID and password linked to Credit Card. Or could that stuff be exfiltrated without even making a purchase?

Not holding my breath for a Tomato patch, so maybe revert to the stock firmware and update, if Asus issues something for the RT-N12 D1?

Is the Asus stock firmware Linux based also?

No real immediate concern, but Krebs and others point out that this attack takes quite a bit of skill to pull off. But sooner rather than later, some kind of crime kit will be made available for sale so that any dumb ass can pull this off, and maybe eventually by way of a nearby computer taken over by a bot.


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Wed Oct 18, 2017 10:38 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5967
Location: NYC
MB, I realize you may not have had a chance yet to catch up with this stuff--there's a lot of confusion and conflicting advice out there. But when you do I'd like to know what you may have decided is needed, if anything, to protect your own Tomato installations + connected clients.


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Wed Oct 18, 2017 4:15 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9561
Location: Caught between the moon and NYC
I've looked into it a little but much of the hyperbole is overblown as is common with really technical things like KRACK. I haven't read the white paper because it's really dry reading and written by Belgians in English so its kind of hard to read. At least I think thats why it's hard to read... could just be engineers being engineers. :D

Tomato doesn't implement two of the four main avenues of router-to-client attacks: WPA2/GCMP and 802.11r. GCMP is essentially a "streamlined" AES/CCMP rolled out as an optional component in 802.11ac and, surprise surprise, that streamlining introduced security issues. But woo, it's slightly faster (twirls finger).

WPA2/TKIP is vulnerable, but TKIP already had known exploits so it should never be used. I don't know how much of the TKIP exploits are new vs. just TKIP being TKIP.

WPA2/AES is vulnerable to making clients replay packets but you can't inject data, making it of limited use. They can basically make you replay data, capture that data, then sit there crunching away to decode that still-encrypted data at a later time. I haven't really dug too much into this, they may have the ability to decode the WPA2 key at which point they could come back and setup a same-name access point and have you join it, but I believe that may be dependent on the client (e.g. Android/Linux wpa_supplicant's zero bug).

Everything else in KRACK are client-side exploits, which can only be resolved by updating the OS to the latest version once a patch is available. For example, if you're running 10.9 Apple will likely not be releasing an update to cure KRACK, so you will be eternally vulnerable unless you update (how far depends on what OSes they release the patch for). iOS 6, same deal. Obviously if you never use WiFi and you're using 10.9 then hooray, no big deal, ignore the hoopla and move on.

That's my understanding for now.

DD-WRT was patched but they got bit by the wpa_supplicant bug because that's partially because they're using a newer Linux kernel which uses wpa_supplicant, and they also implemented 802.11r so they needed those fixes too. I don't know how much of this is in the closed-source driver that comes from Broadcom vs. Tomato's code itself because the two main developers are either busy/missing (Toastman) or busy/married (Shibby).

I am ruefully shaking my head at all the memories of people who screamed and pouted about the lack of 802.11r support in Tomato... most of them were using devices which didn't even support 802.11r, making them guilty of magical thinking.

As far as reverting to OEM firmware, I don't believe ASUS or Broadcom have posted anything yet. They have to release an update before you can update. :coffee:


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Wed Oct 18, 2017 10:42 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:07 pm
Posts: 2416
Location: Inside Flatus Maximus
And nobody outside of the enterprise level would be using 802.11r anyway, as it has severe compatibility issues with clients that aren't 802.11r aware, making such a deployment only usable with other 802.11r clients. This is a non-issue on the consumer level unless you're a "prosumer" using Aruba hardware or a high level equivalant. And the primary vector here isn't the actual access point, it's the repeaters, which sadly the newfangled mesh systems use.

The biggest bottleneck in fixing the problem will be the ISPs themselves as they are notoriously slow to push fixes to their leased hardware and for customer owned hardware, it's up to the end user to find and install the latest firmware updates, if they're even ever made available. And some ISPs such as Armstong won't even allow customer owned CPE to be updated. Ever.

_________________
Official Mac Tech Support Forum Cookie™ (Mint Chocolate Chip)
Guaranteed tasty; Potentially volatile when dipped in WWIII Forum Syrup®
Caution: This cookie bites back.


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Thu Oct 19, 2017 6:07 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5967
Location: NYC
Peeking further into this rabbit hole, I'm reading at one of the reddit sub forums that one option to protect an older iPad2, running iOS 9.3.5, and an Apple TV2, which will never be patched, is to set up a guest network in Tomato. As I already said, both Macs are hardwired, so that leaves the older iPad2 and the older Apple TV2 as the only vulnerable clients.

A guest network would presumably be isolated from this kind of attack, although not really certain how that works. What do you think of these instructions--by far, the least complicated I've found?

https://learntomato.com/setup-guest-net ... mato-vlan/

The idea, as far as I can understand it, seems to be that clients allowed on this guest network would still be able to connect to the Internet by way of this VLAN bridge, but be isolated from this kind of attack.

Tomato version is Tomato Firmware 1.28.0000 MIPSR2-132 K26 Max

EDIT: also reading that for this attack to be successful, both the router and client need to be compromised. No way to know if this is true.


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Thu Oct 19, 2017 12:50 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9561
Location: Caught between the moon and NYC
The guest network would still be vulnerable to the same kinds of attacks, it would just limit what data someone could glean. So long as you're using WPA2/AES (AKA WPA/CCCMP) you're as buttoned up as you can be.

ASUS is still selling RT-N12D1s so they will likely either discontinue the N12 or release an update for it. I would guess they're waiting on code from Broadcom.

I have no idea WTF telcos are going to do. If they don't release an update for this they open themselves for class action suits. Of course they just can keep ignoring all the pre-Android 6 phones they're still selling, and they'd just have to push out updates to the newer phones.


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Thu Oct 19, 2017 1:49 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5967
Location: NYC
Quote:
The guest network would still be vulnerable to the same kinds of attacks, it would just limit what data someone could glean.

Just to be clear: in other words, since the purpose of this would be to protect the iPad and Apple TV from this attack, this means any data on either of those would still be vulnerable? If not that, can you please explain just what kinds of data would be limited?

I'm thinking now that we should wait for the first signs of this to emerge in the wild before getting too put out about it.


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Thu Oct 19, 2017 3:54 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9561
Location: Caught between the moon and NYC
The exploit I'm thinking of tricks the client into sending the exact same data multiple times. Unpatched Android & Linux systems are particularly vulnerable because on the first retry attempt one of the source files for encryption contains all zeros rather than functional data, making it easier to decode. Other clients simply resend packets multiple times, each time encrypted just as strongly as the last, although using the same key which theoretically makes it easier to decode but it each one is still encrypted. If the client is using https or another form of encryption on top of wpa2/aes then stripping away aes doesn't yields them data of value.

At this point this is a proof of concept and not an actual functioning exploit. Unless you're implementing 802.11r, WPA2/TKIP, or WPA2/GCMP there doesn't seem to be much to worry about. So long as they can't inject data all they can do is capture your data, which they could do at any time anyway. The only way they could possibly attack the client using AES is to already be joined to your network and send spoofed data your way by analyzing unencrypted data (e.g. HTTP sessions), which they can then use to spoof data sent your way. The paper seems to indicate that KRACK doesn't allow them to crack the session key, so they can't actually join your network using this exploit, just decrypt a packet of data. If you use encryption, that packet won't do them much good. Even if you don't use encryption, they just get a packet of data, and would have to be already on your network to send data your way.

The timing of this for iOS couldn't be worse, since Apple still hasn't yet ironed out the bugs in iOS 11 (including their favorite villain they keep bringing back, disastrously short battery life) and you damn well know they're only going to release the update for iOS 11.

If you're asking if any data on an actual client would be vulnerable after KRACK, assuming one isn't talking about TKIP, GCMP, or 802.11r, that would be up to exploiting network-accessible flaws in the OS of the device they're exploiting. So if your Mac got infected, could it infect your iOS device over the network? That level of security is what's going on here.


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Thu Oct 19, 2017 8:34 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5967
Location: NYC
I'm ready to go to bed and my head isn't clear enough to parse everything you've said above--will have to try again tomorrow morning--but for now can you just explain why setting up the guest account in the Tomato router (or a guest account in any router, for that matter) isn't an effective strategy to protect the never to be patched clients, the iPad 2, running iOS 9.3.5, and older Apple TV against this attack? What did you mean that using a guest account would just limit what data someone could glean? Since I've seen this guest account suggestion both at reddit, and from one of the commenters at Krebs, maybe you can explain what they may have been thinking?

Perhaps your reply above already covers this, but after reading it through more than several times, how this relates to the guest account not being effective protection for any connected, unpatched clients isn't at all clear to me.


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Thu Oct 19, 2017 9:15 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9561
Location: Caught between the moon and NYC
Its not effective for the same reason its not effective to have them joined to your main network. In either case the client can be exploited. The only solution to KRACK is to either disable WiFi or update the client. Assuming we're not talking about TKIP, GCMP, or 802.11r. If you're worried about the client being exploited, putting them on a guest WiFi isn't going to stop them from being exploited. KRACK is just as effective against guest WiFi as it is against regular WiFi.

Old clients need to run encryption to be secure, which is pretty much par for the course for WiFi. Its amazing that it took this long for a non-brute force exploit to come up.

Right now there's a lot of misinformation floating around. I wouldn't be surprised if most of DD-WRT's updates had to do with WiFi client mode, which is where you make your router attach to another WiFi network as a client... usually for the purpose of stealing WiFi. However their support of 802.11r certainly opened them up the 802.11r parts of KRACK.

The second part of your question seemed to ask if data on the iPad was vulnerable due to KRACK. Provided they can't remotely inject data into your network - which is not possible with WPA2/AES - then they'd have to already be ON your network for the spoof to be effective. Otherwise they're limited to capturing packets and decrypting them. If the data in those packets is also encrypted then they have to also break that encryption. In either case there is no traffic flow from attacker to iPad, just iPad to router and someone forcing it to be slow and resend packets so they can capture it.

Here. I'm sitting in my car outside your home. I'm using KRACK to make your client resend packets. Your network connection is herking and jerking like crazy, far more than normal. I then capture those resends. For reasons I don't understand this somehow allows me to defeat the encryption even if the client's resends are just as encrypted as any other packet (in all honesty I think this part depends mostly on client-side encryption failures like Linux/Android leading to much wailing and gnashing of teeth trying to imply wpa supplicant on Linux/Android is used on every client). Okay great now I have a packet of data. If it's encrypted I can't do a anything with it besides brute force the encryption. If it's unencrypted and a TCP session I have that packet of data. In that packet I can know certain information about your session, like what sequence number the TCP packet was at. Now in an instant after I capture the packet I have to glean what type of client you are, what version of the OS you're running, what application you're running, etc., etc. and in that fraction of a second send to your router's public IP address (which may very well not be present in the captured data) a specially crafted TCP packet with the same source address as the site you're getting data from, using the next sequence number in the TCP session, containing a payload that will exploit some vulnerability in your client. It just isn't all that easy. And what network am I on in the car? Cellular? With high packet loss and low transmission rates? What's the chance my packet will arrive in time? What's the chance some router between me and you wouldn't say "heyyyy this source address isn't from any the networks downstream from me, someone's trying to spoof a source address" and drop it? What happens if I manage to get it there in time but guess the wrong OS and/or application? Your application probably barfs and stops streaming video or doing whatever it was doing. Crap, now I don't have that application to exploit, I have to start all over and instantly figure out what other application you're using now.

KRACK being the end of the world depends, for the most part, on people who don't know how WiFi works and conflating things out of their scope.

Until Apple releases updates we don't know how far back they're going to release updates. Microsoft is releasing updates for all supported OSes with WiFi support, so Windows 7+ (oh god I can't imagine someone running a server over WiFi, but they'll probably push updates for server OSes too since 2008+ are from the same code base). Linux has mostly released updates already. Android is mostly the ones who get screwed since Google doesn't just have to release an update, the phone vendor doesn't just have to release an update, but the actual goddamn telecom company who's made the vendor customize their handset to a model only available for them has to release the update AND push it out to the handsets. Something virtually none of them have done before. Do they even have the infrastructure in place?

This has reminded me is that I have some Windows 10 laptops that have been turned off... guess its time to fire them up and start the upgrade train rolling. Fall Creator's Update is out, oh joy. Time to sit through an hour or more of that updating itself. :upset:


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Fri Oct 20, 2017 6:45 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5967
Location: NYC
Some questions--more confused than ever:

First off, from what I can understand, your remarks seems focused mostly on MITM, hijacking, injecting malware/spoofed data from outside the LAN, which you appear to say is not easily accomplished. You wrote earlier, "So long as they can't inject data all they can do is capture your data, which they could do at any time anyway." But why isn't having ones data captured bad enough? Looks like I probably don't understand what you mean by "data." Besides, how could an attacker have been able to do this at any time anyway, before KRACK? I understand that the PSK could have been brute forced perhaps, especially a simple one, but wasn't WPA2 itself quite secure?

And you also wrote: " If you use encryption, that packet won't do them much good. Even if you don't use encryption, they just get a packet of data, and would have to be already on your network to send data your way." So why couldn't that packet of data, sent unencrypted be read, and stolen? And why is it being suggested to use HTTPS?

From the very beginning of the Ars article:
Quote:
Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.

What's supposed to be able to defeat this attack is to use only HTTPS when connecting. Big question: Does this mean use HTTPS only for sites to which one sends sensitive information, passwords, credit card etc? Or to any site? (Discovered a browser for iPad/iOS, "Brave Browser," with awkward, not great UI, which includes option for "HTTPS everywhere.") Should that browser be used only to connect to sensitive sites, or to any site? Don't like its UI, would make it much easier if that browser were only needed when connecting to sites which require sensitive information
Quote:
The only way they could possibly attack the client using AES is to already be joined to your network and send spoofed data your way by analyzing unencrypted data (e.g. HTTP sessions), which they can then use to spoof data sent your way. The paper seems to indicate that KRACK doesn't allow them to crack the session key, so they can't actually join your network using this exploit, just decrypt a packet of data. If you use encryption, that packet won't do them much good. Even if you don't use encryption, they just get a packet of data, and would have to be already on your network to send data your way.

"They can't actually join your network" That's a bit of good news. So this means that, even if they are able to see the traffic from one client to the router, they can't get on the network to see traffic originating from all clients, including even the hardwired ones? And again, if they can get a packet of unencrypted data, why is that not something to be avoided?

Another question out of my confusion, must be blindingly obvious, but not to me: I thought that WPA2 encrypts wireless traffic between client and router on the LAN. Then why is outbound traffic to the Internet a concern with this attack? Is that purely because of the possibility that this may present the opportunity for MITM, malware, spoofing etc.? Why is WPA2 encryption for wireless LAN traffic, if compromised, a concern for outbound WAN traffic?

(Will have to keep reading what you wrote, and elsewhere on all this. Will probably keep editing here, as I may have mistakenly taken some of your comments out of context. The actual details of this attack and hypothetical scenarios are extremely confusing.)

I take it that you're not ready yet to make any changes to your own home setup.

EDIT: and this is interesting. No idea how to use it myself, but maybe you can: test to see if AP is vulnerable to the attack. Since we may be running the same or similar versions of Tomato, I would love to know what results you get.

https://github.com/vanhoefm/krackattacks-test-ap-ft


Last edited by WZZZ on Fri Oct 20, 2017 12:06 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Fri Oct 20, 2017 12:06 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9561
Location: Caught between the moon and NYC
For them to get data from a wired client that data would have to be sent to a wireless client that they were capturing data from. Even if they were sneakily plugged into your network they could only capture data that was sent to them. The closest they could come to capturing data from all clients is to compromise the router and dump data sent to the router, but that won't include traffic sent between two clients, because the router isn't involved - it's local traffic. WLAN to LAN traffic is local, but traffic isn't sent indiscriminately, they're a specific host to another specific host. The exception to this is broadcast/multicast traffic, which are sent to all hosts, but very little data of consequence is sent this way. So I could capture traffic to/from a particular WiFi client but that wouldn't let me capture traffic to/from a wired or even another WiFI client unless it was being sent from or to the particular WiFi client I was capturing.

Whats far more useful is if I was sending authentication over unencrypted methods (POP, IMAP, HTTP, etc.) and reused that name/password on other sites. Then I not only would have gained access to the accounts they logged into while I was capturing, but accounts on other sites. However this would have to be a particularly lucky capture, or a persistent capture with a boneheaded target who sees all these hiccups and errors and thinks its normal.

If you sent credit card or other financial details over an unencrypted connection then that could be captured, sure, but who is going to do that in 2017?

In short, I can in theory read data that someone else is requesting over WiFi, but I can't read whatever I want to read on my own. The closest I can come is to discern their router's IP address and (for unencrypted TCP-only connections) in a fraction of a second send off a request that will trick them into requesting the data I want, or exploit a vulnerability in their client to do what I want, but if I wait longer than it takes for the actual server to send the next packet of data then my specially crafted response will be discarded.


Last edited by MonkeyBoy on Fri Oct 20, 2017 12:12 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Fri Oct 20, 2017 12:08 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5967
Location: NYC
Thanks, did you see my latest edit at the bottom of my last post, re. test at github to see if AP is vulnerable?

EDIT: Plus still not understanding why compromised WiFi encryption (WPA2) via this attack can lead to possibly compromised connections to Internet. What does one have to do with the other?


Last edited by WZZZ on Fri Oct 20, 2017 12:29 pm, edited 2 times in total.

Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Fri Oct 20, 2017 12:22 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9561
Location: Caught between the moon and NYC
Actually at home I'm not running Tomato anymore, but I do have some routers here at work I could poke at.

It looks like that download just tests the 802.11r vulnerability. Since Tomato doesn't implement 802.11r, it's not vulnerable to it. Very few routers implement 802.11r, I'm not aware of any consumer-level routers like ours that do.

In reviewing the recent code commits I think DD-WRTs 802.11r support may be limited to client mode, so it can join networks that have implemented 802.11r. As Tia mentioned, if a network has implemented 802.11r then all clients need to also have implemented 802.11r. All you have to do instead of 802.11r is toggle WiFi off and on, or have the AP configured to disconnect weak clients so they'll be forced to roam to an AP with a stronger signal. It takes a couple seconds to roam this way versus a split second with 802.11r, but who's such a primadonna that they not only need to walk long distances but also can't handle a couple seconds of downtime?


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Fri Oct 20, 2017 12:31 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5967
Location: NYC
Well, anyway, if you get a chance, poke away at those routers at work.


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Fri Oct 20, 2017 12:53 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9561
Location: Caught between the moon and NYC
But that tester just tests FT vulnerability, which is 802.11r. No 802.11r, no 802.11r vulnerability. 802.11r/FT is just one of KRACK's vulnerabilities.

I actually don't have a laptop running Linux I could put the code on, all my Linux systems are hardwired servers or desktops.


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Sat Oct 21, 2017 8:11 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5967
Location: NYC
Reading that there may be other testers on the way. What about this? Just found, looks quite interesting--could it be run on RT-12 Tomato?

https://github.com/securingsam/krackdetector

And still unsure about whether forcing HTTPS is really needed everywhere, even for plain vanilla non-sensitive sites. Could an ordinary non-https site (requiring no login credentials--just visiting) be used in some kind of exploit via this attack?


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Sat Oct 21, 2017 9:11 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9561
Location: Caught between the moon and NYC
Tomato is based on busybox, which is a Linux-like OS, but isn't really Linux. It doesn't implement hostapd. Still that looks interesting, although rather annoying since simple interference (aka common) will cause retries.


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Sun Oct 22, 2017 2:12 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5967
Location: NYC
Hmmm, time to restore the stock Asus firmware on the RT-N12 D1? Or better off on balance staying with Tomato? Not an easy decision for me. Would much prefer to stay with Tomato.
Quote:
Additionally, an email response from "security@asus.com" says that they are "co-working with chipset vendors for solutions and will release patched firmware for affected routers soon. If your router is RT-N12 D1, RT-N66U, RT-AC66U, RT-AC68U, RT-AC3200, RT-AC88U, RT-AC3100, RT-AC5300 or GT-AC5300 then your router is not affected by the WPA2 vulnerability in router and AP mode."

https://github.com/kristate/krackinfo

As of now, it remains only proof of concept, but when tools are published or sold I think it will become a much more realistic threat. I live in an apartment building with many nearby houses and apartment buildings. I can see numerous wireless networks, some stronger or weaker, any of which might contain some malicious asshole, or someone just trying this out for "fun." If I can see them, they can see me. Would be wonderful if Shibby decided to take time out from his other "hobby," like marriage, and provide a fix. :welcome:


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Mon Oct 23, 2017 9:34 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9561
Location: Caught between the moon and NYC
I think the same may apply to Tomato, since I believe the only router-based exploit is 802.11r. Once the clients are patched then the other issues resolve themselves.


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Mon Oct 23, 2017 3:13 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5967
Location: NYC
Thanks MB. Not so sure the clients will get patched--as in iPad2/iOS 9.3.5, Apple TV3. Could be the Apple TV will get a patch, but pretty sure the iPad won't. What might solve that is a new iPad (mostly for my wife), as this old 16GB is getting quite creaky, with not a lot of free space.

Out of curiosity to see if it had become a very heavy doorstop, just started up the old G3/10.4.11, after around 2 years of just patiently sitting (kept plugged in all this time.) Booted right up, and still keeping the right time, but very doubtful, as in 150%+ certain, Apple will offer a patch. Besides, never had Wi-Fi, so no patch needed.


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Mon Oct 23, 2017 4:00 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9561
Location: Caught between the moon and NYC
There's an ethernet adapter for iOS if you feel like paying through the nose and are lucky/unlucky enough to have a lightning port.


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Tue Oct 24, 2017 6:55 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5967
Location: NYC
No lightning, 30 pin. Anyway, besides being overpriced, connecting by Ethernet destroys the main point of the iPad, its portability.

Thinking about getting one of the 2016 refurbed 32GB iPad Pros/WiFi only, 9.7". Any opinion on any of these?

Would hope that any of them can be kept updated, at least for a good long time.

https://www.apple.com/shop/browse/home/ ... deals/ipad


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Tue Oct 24, 2017 10:45 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9561
Location: Caught between the moon and NYC
I'd expect it to last a good long time. They just nuked the iPad 4 in iOS 11, and that was the last original form-factor iPad. iOS 11 is apparently 64-bit only and the A6/A6X is 32-bit, so (finger twirl) it got axed. Sometimes I think they do things just to do things, like SSE2 instructions in launchd.


Top
 Profile  
 
 Post subject: Re: KRACK/WPA2 exploit
PostPosted: Tue Nov 07, 2017 4:08 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9561
Location: Caught between the moon and NYC
The 2017-001 update released last week is, among other things, a patch for the KRACK exploit. Its a big update, around 770MB for 10.12.

Since they didn't release an update for 10.10, I think that means 10.10 has received its last update now that 10.13 and all its many compatibility issues are upon us.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 30 posts ]  Go to page 1, 2  Next

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group