Home | Community | Message Board


This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: PhytoExtractum Buy Bali Kratom Powder   Kraken Kratom Red Vein Kratom

Jump to first unread post Pages: 1
OfflineMrMalone
Stranger
I'm a teapot


Registered: 10/16/17
Posts: 14
Last seen: 4 years, 1 month
KRACK attack renders WPA/WPA2 (WIFI) broken * 1
    #24720279 - 10/18/17 06:31 PM (6 years, 5 months ago)

https://www.krackattacks.com/

Looks like a security researcher by the name of Mathy Vanhoef has found a critical exploit with WPA2 security... rendering all of our wireless networks vulnerable. I believe this attack works by exposing a weakness with the four-way handshake the client and the router have to confirm keys, opening ways for a hacker to use a man-in-the-middle attack against you and your private information.

Quote:

The attack works against all modern protected Wi-Fi networks




Seems like shit is going to hit the fan if this isn't fixed anytime soon...

Extras: Filter Print Post Top
InvisibleBacchus
Lurker
Male User Gallery

Folding@home Statistics
Registered: 10/10/06
Posts: 914
Loc: ::1
Re: KRACK attack renders WPA/WPA2 (WIFI) broken [Re: MrMalone] * 1
    #24720493 - 10/18/17 07:49 PM (6 years, 5 months ago)

It's bad but not "hair on fire" bad. By repeating the 3rd packet from the handshake, the clients reuse the absolutely-never-reuse-this nonce. Then, the attacker can work out the state of the PRNG for that specific session between client and AP. The rest of your session will be decryptable. The attacker does not get your wifi password. The attacker does not get the ability to start scanning your network. All of your TLS connections underneath the WPA2 are still safe.

Using a home network with vulnerable clients is safer than going on public wifi with a patched client.

It's an attack against the client, so our wireless routers don't need to be updated. That's fortunate, because most of them have been abandoned by their manufacturers. Just update your phones and computers, and then you'll be fine. If you have a mesh network, then you definitely need to update the firmware to your nodes.

Windows and most Linux distros are already patched. I don't know about apple. Android is going to be the real problem. So many phones will never see another patch.


--------------------


Living on a no-Flash diet is way easier than you think. Give it a shot.

Edited by Bacchus (10/18/17 07:51 PM)

Extras: Filter Print Post Top
InvisibleDieCommie

Registered: 12/11/03
Posts: 29,258
Re: KRACK attack renders WPA/WPA2 (WIFI) broken [Re: Bacchus]
    #24720506 - 10/18/17 08:01 PM (6 years, 5 months ago)

Thanks each of you for the news and description.

Where can I read more about this?

Extras: Filter Print Post Top
Invisibleteknix
π“‚€βŸπ“…’π“π“…ƒπ“Š°π“‰‘ 𓁼𓆗⨻
 User Gallery


Registered: 09/16/08
Posts: 11,953
Re: KRACK attack renders WPA/WPA2 (WIFI) broken [Re: DieCommie]
    #24720798 - 10/18/17 10:33 PM (6 years, 5 months ago)

Quote:

DieCommie said:
Thanks each of you for the news and description.

Where can I read more about this?




Same, I'm intrigued.

Extras: Filter Print Post Top
OfflineMrMalone
Stranger
I'm a teapot


Registered: 10/16/17
Posts: 14
Last seen: 4 years, 1 month
Re: KRACK attack renders WPA/WPA2 (WIFI) broken [Re: teknix]
    #24720991 - 10/19/17 01:17 AM (6 years, 5 months ago)

Quote:

teknix said:
Quote:

DieCommie said:
Thanks each of you for the news and description.

Where can I read more about this?




Same, I'm intrigued.




If you go onto the link I gave before, it outlines the general attack, then there's some more comprehensive stuff you can dig for. :smile: I think all tech news sites have listed it in pretty good non-jargon detail too.
Here's some I found by a quick google :smile:

WHY THE KRACK WI-FI MESS WILL TAKE DECADES TO CLEAN UP

What You Should Know About the β€˜KRACK’ WiFi Security Weakness

and here's a nice little video for your viewing pleasure.

Krack Attacks (WiFi WPA2 Vulnerability) - Computerphile

Happy reading!

Extras: Filter Print Post Top
OfflineLightRay
Lord Hubert
 User Gallery

Registered: 07/18/17
Posts: 598
Last seen: 5 years, 11 months
Re: KRACK attack renders WPA/WPA2 (WIFI) broken [Re: MrMalone]
    #24748903 - 10/30/17 11:59 PM (6 years, 4 months ago)

Isn't WPA2 already easy to break into.

Hackers send a deauth packet to your router and then when you try to reconnect or your devices auto-reconnect they can then captchure the handshake and gain access that way.

As I understand It, its basically looking for the encrypted password and cloning it so the attacker can gain access and this is done by knocking you offline and and waiting for the reconnect.


--------------------
The secret to life is to put positive loving energy Into every thought and action you do <3
Be Aware. Believe. Be here now
Everything is a reflection of ones self.  Of God and you are God.  All is conscious.  All is consciousness. 
There is no death, only life. Your mission is to raise your vibration and every one else around you.
Open Your Mind!

Edited by LightRay (11/01/17 11:47 AM)

Extras: Filter Print Post Top
InvisibleBacchus
Lurker
Male User Gallery

Folding@home Statistics
Registered: 10/10/06
Posts: 914
Loc: ::1
Re: KRACK attack renders WPA/WPA2 (WIFI) broken [Re: LightRay]
    #24754592 - 11/02/17 01:41 PM (6 years, 4 months ago)

That was WEP. RC4 was seeded with an initialization vector and the static key. Deauth (and magnified by reinjection) would force new IVs to be sent. The IV space was too small, so an attacker could force an IV reuse in just a few seconds. That allowed the key to be computed.


--------------------


Living on a no-Flash diet is way easier than you think. Give it a shot.

Extras: Filter Print Post Top
Jump to top Pages: 1

Shop: PhytoExtractum Buy Bali Kratom Powder   Kraken Kratom Red Vein Kratom


Similar ThreadsPosterViewsRepliesLast post
* ubuntu re enter wpa2 personal password everytime?? the man 807 1 07/04/08 06:15 AM
by iateshaggy
* wifi software Bridgeburner 951 9 03/23/08 01:23 AM
by OJK
* Man Arrested For Leeching WiFi DiploidM 1,978 19 08/26/07 02:31 AM
by delta9
* WPA and WEP Aiko Aiko 788 4 09/21/07 02:27 PM
by Aiko Aiko
* Wifi antennas / wardriving and the likes. Cepheus 633 3 02/06/08 08:26 AM
by Cepheus
* WIFI - Any idea how I can increase the internet connection on my WIFI?
( 1 2 all )
Fliquid 3,001 22 10/04/05 08:03 PM
by Rustifer
* Getting past wireless security (WPA) Konnrade 4,177 6 05/25/09 03:06 PM
by Annom
* Monitoring my wifi Nashbar 1,065 6 03/27/07 08:10 PM
by delta9

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
634 topic views. 0 members, 0 guests and 2 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.024 seconds spending 0.006 seconds on 14 queries.