How screwed are you?

That depends on who lives near you and how much you've pissed them off because as usual hacking WiFi networks requires the attacker to be physically close. On the down side, the short story is that there are no more secure wireless protocols.

WPA2 GCMP, WPA2/WPA TKIP: attackers can decrypt your packets, steal your network key, and spoof your clients to switch to their access point for other nefarious man-in-the-middle attacks
WPA2 CCMP/AES: attackers can decrypt your packets and spoof your clients to switch to their access point but can't steal your network key.
WEP: completely cracked years ago, you are better off using WPA2 CCMP/AES.

The industrial and national espionage opportunities are more compelling than Eve going after Alice and Bob's home network traffic so some of you are more screwed than others. Authenticated WPA2 Professional still relies on the same underlying technology that has this intrinsic flaw. Additionally, some implementations are more susceptible to certain classes of attacks than others.

Problematically, the extremely-vulnerable wpa_supplicant implementation is at the heart of any Linux-based system including and especially embedded ones such as consumer WiFi routers, smart TVs, and pretty much any Internet of Things device. For a lot of these things you'll be lucky to ever see a firmware update.

The good news

This can be fixed by a minor revision to the WPA2 specification that's backwards-compatible with existing devices/software/whatever. Network traffic that's designed to operate over unsecure links is unaffected (e.g. https://, encrypted VPN). Read a Mickens about security and feel better.

The bad news

Any fix will require a patch, a lot of stuff won't get patched, and any unpatched device/software/whatever is an attack vector. Unsecure network services (e.g. everything not designed to operate on the raw Internet) are exposed to attackers on your network. An attacker on your network can turn all your stuff into zombies, access your open network shares, and otherwise do anything that someone you've given your network password can do.

Closing thoughts

Have a nice day, patch all your stuff, and don't forget to use AES.

https://youtu.be/JsIux0SvQXY?t=8m58s

drasnor

14

Re: Civ V - Xenophobia [complete]

@Gargoyle said:

@CrazyJoe said:
So what do you think I should do with my bomb? Should I use it to take out some of the units attacking me, or should I put it on a carrier and send it towards the enemy?

I think if the carrier can survive long enough to get in range of their cities, go for it. But do you have enough cover against subs and planes?

Probably not, so I probably need to use my first nuke to take out the carrier that is coming around the northern part of the continent.

CrazyJoe

1

Re: 10 Years Of TF2

Would you look at that, a new official video and update!

After a decade of dustbowls and gravel pits, it’s time to pack your snorkel, find your flip-flops, and endure a series of painful yellow fever vaccinations to your abdomen, because Team Fortress is heading to the tropics!

RahnalH102

7

Re: ICOK 2017 - Oktoberfest Travel and Sleeping Plans

@Gargoyle said:
OK, I reserved a car. @Ryder, I'll plan on giving @Tushon and @mertesn a ride to ICHQ around 11am. @mertesn, just let me know if you decide to rent one of your own instead.

Roger, will proceed on my own then. Thank you.