Jump to content

LAwLz

Member
  • Content count

    10,764
  • Joined

  • Last visited

Awards


About LAwLz

  • Title
    Pseudo-intellectual Charlatan
  • Birthday 1993-02-11

System

  • CPU
    AMD Ryzen 1700X
  • Motherboard
    Gigabyte GA-AX370-GAMING 5
  • RAM
    32GB @ 2666MHz CL16 (Corsair)
  • GPU
    MSI 1060 6GB Gaming
  • Case
    Cooler Master HAF 922
  • Storage
    512GB Samsung 960 Pro - 500GB Samsung 850 EVO - 1TB Samsung Spinpoint F3 - 2TB Samsung Spinpoint F4
  • PSU
    Corsair RM750X
  • Display(s)
    Dell U2312HM - Dell U2211H - a crappy TN monitor (Philips 221EL)
  • Cooling
    Noctua D15
  • Keyboard
    Corsair K95 (Brown switches)
  • Mouse
    Logitech G502
  • Sound
    AKG K702 - FiiO E9
  • Operating System
    Windows 10
  • PCPartPicker URL

Profile Information

  • Gender
    Female
  • Location
    Sweden
  • Interests
    Anime/manga, networks, some gaming, tabletop RPGs and posting on forums.
  • Occupation
    Consultant (networking)

Recent Profile Visitors

8,518 profile views
  1. WPA2 has been cracked

    There were multiple exploits published with that white paper. Some are client related, and some are access point related. Honestly, you shouldn't really worry anyway because the attack is tricky to execute (for now) and patches are already rolling out for devices. It is still recommended to install all updates which fixes the holes related to this.
  2. AV capabilities built into Chrome

    Thanks for the info. So it will prompt the user to do a scan, and if you opt out no data about the scan will leave your system. Not a big fan of having an AV baked into the browser but it could be far worse.
  3. WPA2 has been cracked

    Haven't looked into it but my guess is that their have either patched it already (it's been known for quite a while, but not made public) or their implementation of the spec (IEEE 802.11i which WPA2 is based on is not super well defined) is just not vulnerable. Windows was patched back in October apparently. Cisco has started releasing updates for their APs now. My college spoke to a Cisco rep and they will hopefully push out updates for more devices in the coming days. You can check which models have gotten an update using this link.
  4. AV capabilities built into Chrome

    I think people should calm down until we actually know what this does. The actual blog post, which is he source used by other sites such as AndroidPolice, is like one paragraph long and doesn't really go into what it does. So it seems like it's a lot of speculation and very little actual facts being thrown around. From what I can tell, this is only for things such as files you download with Chrome, or protecting and restoring addons and other programs from tampering with your Chrome settings. But that's just speculation on my part too. I hope that's what it is.
  5. WPA2 has been cracked

    If you use a VPN then everything will still be encrypted. This exploit will strip away the WPA2 encryption, but underneath that you got the IPsec/OpenVPN/whatever encryption from the VPN. There is no need to panic or spread fear. No need to worry. Like you said, your bank uses HTTPS and this security hole will only remove the WPA2 encryption.
  6. That's because Mozilla are (usually) awesome and very open about things. They have been tracking JS performance for several years now. AreWeFastYet. They started it back when they were working on Minefield (aka Firefox 4.0). Chrome got like 3 times the benchmark results and Mozilla was publicly displaying it on that site. But they did it to easily show people what progress they were making, and oh boy did they catch up. Ehm, what developers? It's been known for a year or more. Here is a blog post from 2016 where the developer of DownThemAll is furious that Mozilla will completely switch to WebExtensions.
  7. WPA2 has been cracked

    There is no need to develop WPA3 or whatever it would be called. WPA2 will be safe as soon as patches are released (a lot of vendors are already releasing patches). It could have been a catastrophe, but luckily for us WPA2 will remain safe.
  8. WPA2 has been cracked

    Well... I might be wrong. It is very much up in the air at this point. The updates that have been pushed out fixes issues mentioned in the paper, but the client patches are apparently the really important ones. So it is unclear if just updating the AP, or just updating the client will be enough. Also, I found this blog post which tries to keep an updated list of which vendors have fixed it. At the time of writing: Clients: Microsoft - Have said that they have issued a patch but did not say which one. A proper statement should be released later today. It seems like Windows in general is unaffected. Apple - No statement yet but as with Windows, it seems like it is largely unaffected by this. Android - A fix as been released but as we all know, it is very unclear how many users will actually get updated. If you get a patch after November 6 then you are most likely safe. Linux - A patch has been released. BSD - A patch has been released since quite a while back. WiFi hardware: Ubiquiti - Fix has been released. MikroTik - Fix has been released. Meraki - Fix has been released. Aruba - Fix has been released. FortiNet - Fix has been released. Cisco - Has released a Security Advisory about it but all patches are labeled as "TBD". Probably won't take long though considering they have already fixed Meraki products.
  9. Yeah... It's a "security feature" according to Microsoft. It "protects" against "malicious" programs which tries to use the host file to redirect traffic.
  10. WPA2 has been cracked

    From my understanding (I can't stress it enough that I have not looked into this very much) you will be safe if either the AP or the client (or preferably both) are patched. So a patched client connected to an unpatched AP will be safe, and an unpatched client connected to a patched AP will be safe (I've only spent like 5 minutes reading this so I might be wrong).
  11. WPA2 has been cracked

    Finally found it. I was looking under the network-wide tab and not the organization tab. According to Meraki support KRACK has been fixed in version 24.11 (latest stable release). They also recommend disabling 802.11r on all SSIDs but I have not looked into it enough to understand why that would be an issue. It sounds to me like an update to the APs will be enough, but i haven't looked into it enough to say for sure yet. Let's hope that is the case. Wireless vendors have been very quick with updating their stuff though, and I don't see a reason why they would fix anything if it was purely a client issue.
  12. WPA2 has been cracked

    WPA Enterprise is vulnerable, but it depends on the client OS and patch status. You sure? Some people on Twitter said that there had been a non-descriptive update for Meraki in the last couple of weeks. That was me. I can not for the life of me find change logs for previous releases. Change logs for firmware updates that are pending? Easy to find. Change logs for firmware I already have installed? More well hidden than the aliens at area 51. 1) It's news because this is a brand new flaw. 2) WPA2 was not broken ages ago. 3) How anyone can think that WPA is less secure than no password is beyond me. It most certainly is not. The full paper is out now. It's a lot less serious than I thought.
  13. WPA2 has been cracked

    The report is out now. I haven't had the time to look at it but at a glance it seems like: 1) It affects WPA-Enterprise too (really, really bad news). 2) It can be patched either at the client or the access point (good news) 3) The patch is backwards compatible, which means that there will be no issues with a patched client talking to an unpatched AP, or vice versa. TL;DR: Update your clients and access points and you will be fine.
  14. WPA2 has been cracked

    I don't think there is a standard for how access points handle that. Guess it would vary based on vendor implementation. It will probably not refuse the connection from the attacker, but MAC collisions will occur (and how that is handled varies greatly from network to network).
  15. WPA2 has been cracked

    I don't remember where the WPA2 encryption is applied, but chances are the MAC address is not encrypted. If that's the case then finding a white listed mac address will take like 10 seconds (not hyperbole).
×