Stories
Slash Boxes
Comments

SoylentNews is people

Breaking News
posted by martyb on Monday October 16 2017, @12:46PM   Printer-friendly
from the the-sky-is-slowly-descending dept.

Multiple Soylentils submitted stories about a newly-reported vulnerability that has been discovered in the WPA-2 protocol that secures communications on Wi-Fi networks. This is a significant vulnerability, but not quite as bad as some sensationalist headlines and stories would suggest. As I understand it, there is a 4-step process by which keys are exchanged to set up wireless encryption. An attacker can force a connection to repeat the 3rd step and thus force known values for the nonce. An attacker can leverage that information to break the encryption and, in many cases, eavesdrop on communications. In certain cases, it is possible to manipulate the communications and modify/insert a payload.

The vulnerability is in the protocol, not in a specific implementation. The spec fails to call out a mitigation that could preclude key re-use. So, it is an error of omission instead of an error of commission. An implementation can avoid this problem by refusing to reuse a previously received key.

The defect is primarily in the remote device, not in the base station. The researcher called out Android 6+ as being especially vulnerable.

A fix for BSD was silently released ahead of the announcement. I saw a report that Linux has already been patched, but without any supporting link.

The researcher, Mathy Vanhoef, has created a web site with details: https://www.krackattacks.com/. A research paper, Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 (pdf), is available.

See the Vulnerability Notes Database for information on specific vendors.

Sensationalist reports are already appearing. For a calmer view, see Kevin Beaumont's take on this at Regarding Krack Attacks — WPA2 flaw where he notes:

  • It is patchable, both client and server (Wi-Fi) side.
  • Linux patches are available now. Linux distributions should have it very shortly.
  • The attack doesn't realistically doesn't[sic] work against Windows or iOS devices. The Group vuln is there, but it's not near enough to actually do anything of interest.
  • There is currently no publicly available code out there to attack this in the real world — you would need an incredibly high skill set and to be at the Wi-Fi base station to attack this.
  • Android is the issue, which is why the research paper concentrates on it. The issue with Android is people largely don't patch.

My suggestion for organisations is they ask their Wi-Fi network providers for patches — this is absolutely patchable, as per the researcher's own website.

Severe Flaw in WPA2 Protocol Leaves Wi-Fi Traffic Open to Eavesdropping

The Guardian has an article on it here https://www.theguardian.com/technology/2017/oct/16/wpa2-wifi-security-vulnerable-hacking-us-government-warns.

Heres the researchers description...

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

From https://www.krackattacks.com

Severe Flaw in WPA2 Protocol Leaves Wi-Fi Traffic Open to Eavesdropping

Warning: This may give you a case of the Mondays:

An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that's scheduled for 8 a.m. Monday, east coast time. An advisory the US CERT recently distributed to about 100 organizations described the research this way:

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.

Wi-Fi WPA2 Security may be Irretrievably Broken

Woody Leonhard has been my go-to source for the status of safety and usability of updates to Windows for years. He's not usually prone to alarmism, so I'm looking at this announcement on his site with a great deal of trepidation:

There's a lot of buzz this weekend about a flaw that's purported to break security on most Wi-Fi connections, allowing an eavesdropper to snoop or use the connection without permission.

Said to involve CVE-2017-13077, 13078, 13079, 13080, 13081, 13082, 13084, 13086, 13087, 13088, when they're posted.

See this thread from @campuscodi and be watching Bleepingcomputer tomorrow for details.

The reference to the tweet by @campuscodi is to "Catalin Cimpanu [who] is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more." See the tweet for references to background papers which may be of assistance in understanding the nature of the flaw and possible preparations to help try and mitigate the breakage.

There is a web site — https://www.krackattacks.com/ — which was created on October 10 that seems to be a placeholder for posting the details when they are released.

Time to stock up on energy drinks, coffee, and Pringles®?


Original Submission #1Original Submission #2Original Submission #3

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 0) by Anonymous Coward on Monday October 16 2017, @01:18PM (6 children)

    by Anonymous Coward on Monday October 16 2017, @01:18PM (#582975)

    I've not had a patch for my phone in 2 years. Nothing wrong with the phone, everything wrong with the carriers who do not push updates. Think I'm going to look at upgrading it myself.

    • (Score: 3, Insightful) by DannyB on Monday October 16 2017, @02:25PM (3 children)

      by DannyB (5839) on Monday October 16 2017, @02:25PM (#583000)

      Now that I've had a Nexus 6P, I will never (willingly) go back to a phone from an OEM or mobile network operator. I get patches every month. I'm first in line for OS upgrades. I got the phone in Feb 2016, on sale $100 off. I got Oreo just last month, which was the last promised OS upgrade. (Not that they couldn't go above and beyond.) But I'm also promised security upgrades until September 2018. I might be able to keep this phone that long. Possibly longer. The battery might be the limiting factorization.

      • (Score: 2) by Nerdfest on Monday October 16 2017, @03:39PM

        by Nerdfest (80) Subscriber Badge on Monday October 16 2017, @03:39PM (#583023)

        After the security updates end, go to Lineage, or another OS. The batteries are generally quite simple to replace as well if you need to. I just replaced the battery in my girlfriend's 4+ year old Nexus 5, but mine is still hanging in there.

      • (Score: 2) by forkazoo on Tuesday October 17 2017, @03:11AM

        by forkazoo (2561) on Tuesday October 17 2017, @03:11AM (#583287)

        sigh... I am also resolved that the only phone that meets all my needs would be an Android phone direct from Google.

        Now, if only they made a phone I want so I don't have to throw out all my old headphones and crap because they decided to kill the headphone jack for no reason, I'll get right on it. A successor to the Nexus4 or 5 would be amazing. Reasonably priced, unlocked bootloader, headphone jack. Google seems to be making their phones worse and worse with each successive generation, while still having the best phones available by virtue of software updates being so fundamentally broken in the Android ecosystem.

      • (Score: 2) by DECbot on Tuesday October 17 2017, @03:19PM

        by DECbot (832) on Tuesday October 17 2017, @03:19PM (#583495) Journal

        Be wary of when Google will drop support. I have a Nexus 5 that hasn't received updates in months. New phone is not in the budget, so I'm on my own. I might be trying Lineage here in the near future, when I have time to deal with flashing a phone.

        --
        cats~$ sudo chown -R us /home/base
    • (Score: 3, Funny) by bob_super on Monday October 16 2017, @04:32PM

      by bob_super (1357) on Monday October 16 2017, @04:32PM (#583043)

      > Nothing wrong with the phone

      Of course, something's wrong with the phone! It's not The New Shiny! How dare you demand to get updates, if you don't pay your annual contribution to The New Shiny?
      Next, you're gonna want some pudding, and you didn't eat your meat...

    • (Score: 4, Insightful) by driverless on Tuesday October 17 2017, @02:12AM

      by driverless (4770) on Tuesday October 17 2017, @02:12AM (#583268)

      Yup:

      The issue with Android is people largely don't patch.

      is incorrect, it should say:

      The issue with Android is vendors largely don't patch.

      "People" don't have any say in the matter.

  • (Score: 2) by canopic jug on Monday October 16 2017, @01:31PM

    by canopic jug (3949) on Monday October 16 2017, @01:31PM (#582979)

    From what I've read of it, the problem is not with the protocol though the protocol does suck. Apparently, the implementation has had some serious problems. Some projects were notified under embargo back in June [mastodon.social]. Then the embargo was extended until just the other day when some slobs published their Branded Bug (tm) on a Branded Bug (tm) Website complete with a custom domain name. The bug itself is not so interesting, mostly hype. What is interesting is the handling of the embargo and who had it extended and why.

    --
    Money is not free speech. Elections should not be auctions.
  • (Score: 3, Touché) by SomeGuy on Monday October 16 2017, @01:44PM (1 child)

    by SomeGuy (5632) on Monday October 16 2017, @01:44PM (#582985)

    Get your patch for Wifi here: http://www.belkin.com/us/p/P-A3L850-S/ [belkin.com]

    :)

    • (Score: 2) by DannyB on Monday October 16 2017, @02:19PM

      by DannyB (5839) on Monday October 16 2017, @02:19PM (#582999)

      Who would use a cheap Ethernet cable like that?

      Real men use an Ethernet cable like this [amazon.com].
      Price: $5,494.75 & FREE Shipping.

      Or for those on a budget this one [amazon.com].
      Price: $2,194.75 Free Shipping for Prime Members

  • (Score: 1, Informative) by Anonymous Coward on Monday October 16 2017, @01:55PM (5 children)

    by Anonymous Coward on Monday October 16 2017, @01:55PM (#582989)
    WPA2 shared key is broken by design anyway. Any attacker who sees the 4 step handshake can snoop.

    They could have copied ideas from TLS but they didn't.

    Apologists say it's just supposed to be "wired equivalent" and that wired networks aren't even encrypted but dragging a cable out to your van parked outside tends to be a bit more obvious...
    • (Score: 0) by Anonymous Coward on Monday October 16 2017, @03:07PM

      by Anonymous Coward on Monday October 16 2017, @03:07PM (#583013)

      Make sure to wrap all wireless interfaces with an encrypted tunnel?

    • (Score: 1, Interesting) by Anonymous Coward on Monday October 16 2017, @06:36PM

      by Anonymous Coward on Monday October 16 2017, @06:36PM (#583088)

      That is what drive me nuts about it, even back when it was introduced. At a minimum it should have had some DHE exchange in the handshake at the proper place. At least that would mitigate some weaknesses in the handshake. The people who designed the protocol knew better and didn't do it. Given what we know now about the intelligence agencies and what they did with IPsec, I can only conclude it was done intentionally.

    • (Score: 2) by frojack on Monday October 16 2017, @08:51PM (2 children)

      by frojack (1554) Subscriber Badge on Monday October 16 2017, @08:51PM (#583153) Journal

      WPA2 shared key is broken by design anyway. Any attacker who sees the 4 step handshake can snoop.

      An attacker who sees the 4 step handshake is already inside (associated to) your wifi network. Which means you probably gave them the passphrase.

      --
      No, you are mistaken. I've always had this sig.
      • (Score: 1, Informative) by Anonymous Coward on Tuesday October 17 2017, @04:57AM

        by Anonymous Coward on Tuesday October 17 2017, @04:57AM (#583325)

        Wifi sprays all its frames into the air, which means that anyone can see anything you send with a card in monitor mode. The ONLY thing that saves you from people snooping in is the encryption on your connection. And, as we all know, all encryption is susceptible (in theory) to brute forcing. In fact, Aircrack doesn't even need the whole handshake to crack a passphrase, it can do it with the right combination of steps from the exchange and can also make clients redo the handshake at will, even if unassociated with the network it is trying to crack.

      • (Score: 0) by Anonymous Coward on Tuesday October 17 2017, @07:51AM

        by Anonymous Coward on Tuesday October 17 2017, @07:51AM (#583362)

        Not quite see: https://null-byte.wonderhowto.com/how-to/hack-wi-fi-cracking-wpa2-psk-passwords-using-aircrack-ng-0148366/ [wonderhowto.com]

        Also with TLS anonymous strangers can't decipher each other's traffic but with WPA2-PSK everyone in the same cafe/hotel/whatever who uses the same key can easily decipher each other's traffic. This scenario is very common.

        Perhaps one day Microsoft, Apple, Google, D-Link etc could sit down one day and come up with an equivalent of "anonymous secured" WPA2-Enterprise or similar. But till then, it's best to behave as if your WiFi traffic is decryptable by others (e.g. use VPNs and TLS to secure your traffic).

  • (Score: 2) by DannyB on Monday October 16 2017, @02:11PM (5 children)

    by DannyB (5839) on Monday October 16 2017, @02:11PM (#582993)

    The defect is primarily in the remote device, not in the base station. The researcher called out Android 6+ as being especially vulnerable.

    That is good that it's not the hotspot base station. The remote devices are in many cases easier to update. Except for IoT devices like light bulbs, thermostats, teddy bears, vibrators, and Microsoft OSes, etc. The Android phones can be patched. Not that they will be. My Nexus 6P causes me to assume things like this are quickly fixed because I get software updates from Google so frequently.

    OTOH, if it were the hotspots that could be fixed, there would be fewer of them to fix, and most of them today get updates from the mother ship.

    A fix for BSD was silently released ahead of the announcement. I saw a report that Linux has already been patched, but without any supporting link.

    That is evidence that a lot of things will be quickly fixed. But not everything.

    So it isn't quite the disastrophe I expected as I began to read TFA.

    • (Score: 2) by zocalo on Monday October 16 2017, @02:47PM

      by zocalo (302) on Monday October 16 2017, @02:47PM (#583006)
      There's a page tracking patch statuses and official announcements [github.com] from major vendors of WiFi products on GitHub. The Linux patch is done and has already started making its way downstream into the testing repositories of major distros, or end-user systems if you're on a bleeding edge release.
      --
      UNIX? They're not even circumcised! Savages!
    • (Score: 3, Interesting) by frojack on Monday October 16 2017, @06:30PM (3 children)

      by frojack (1554) Subscriber Badge on Monday October 16 2017, @06:30PM (#583083) Journal

      That is good that it's not the hotspot base station. The remote devices are in many cases easier to update.

      Hold on there.....

      The vulnerability is indeed in the client side (the phones etc), but that doesn't mean that patching the server (wifi AP) side can't be done. TFS does state this, (somewhat obtusely).

      It is patchable, both client and server (Wi-Fi) side.

      Now the problem, admittedly, is that the routers and APs often don't EVER get updated from the date of manufacture. So while this could be patched in the router, that would only protect clients of that router, and the same client carried to the coffee shop would be at risk.

      Also, it appears this can really only be exploited on wifi networks to which the attacker has already successfully logged in (such as "open" wifi networks with no password or publicly known passwords such as you find in coffee shops.) If you use a password protected wifi network at home you should be safe - AT HOME.

      https://www.krackattacks.com/ [krackattacks.com] :

      Note that our attacks do not recover the password of the Wi-Fi network. They also do not recover (any parts of) the fresh encryption key that is negotiated during the 4-way handshake.

      --
      No, you are mistaken. I've always had this sig.
      • (Score: 2) by JNCF on Monday October 16 2017, @07:13PM (2 children)

        by JNCF (4317) Subscriber Badge on Monday October 16 2017, @07:13PM (#583115) Journal

        Also, it appears this can really only be exploited on wifi networks to which the attacker has already successfully logged in (such as "open" wifi networks with no password or publicly known passwords such as you find in coffee shops.) If you use a password protected wifi network at home you should be safe - AT HOME.
        https://www.krackattacks.com/ [krackattacks.com] :

        Note that our attacks do not recover the password of the Wi-Fi network. They also do not recover (any parts of) the fresh encryption key that is negotiated during the 4-way handshake.

        I think you're misreading that. The fact that a password/key is not recovered does not mean that one is necessary. In the case of Android, they're tricking the system into using an all zero key. Thus, the original isn't recovered, but it doesn't have to be.

        • (Score: 2) by frojack on Monday October 16 2017, @09:03PM (1 child)

          by frojack (1554) Subscriber Badge on Monday October 16 2017, @09:03PM (#583163) Journal

          You are conflating WHICH KEY is being talked about.

          The 4 way handshake is tricked into using a key of zero at CERTAIN STEPS, but this can only be done after the attacker is associated.
          It is not the login (association password) key that is set to zero.

          The attacker has to be already ON the wifi network to observer the 4 way handshake. (not that hard at free wifi access points).

          --
          No, you are mistaken. I've always had this sig.
          • (Score: 2) by JNCF on Tuesday October 17 2017, @03:43AM

            by JNCF (4317) Subscriber Badge on Tuesday October 17 2017, @03:43AM (#583300) Journal

            In case you care, I still think your reading of TFA is incorrect. If the exploit worked as you describe this would be no better than just using the Group Temporal Key to MITM attack traffic.

  • (Score: 0, Disagree) by Anonymous Coward on Monday October 16 2017, @02:11PM (6 children)

    by Anonymous Coward on Monday October 16 2017, @02:11PM (#582994)

    Use MAC access lists to limit access to only the known devices.

    • (Score: 4, Insightful) by canopic jug on Monday October 16 2017, @02:16PM (3 children)

      by canopic jug (3949) on Monday October 16 2017, @02:16PM (#582998)

      Anyone that's going to bother to take the few minutes needed to crack a home network will also be able to take the second or two needed to spoof a wireless MAC address. Filtering by MAC might feel good and it might be fun to click on the buttons to set it, but it is not a barrier.

      --
      Money is not free speech. Elections should not be auctions.
      • (Score: 0) by Anonymous Coward on Monday October 16 2017, @02:38PM (1 child)

        by Anonymous Coward on Monday October 16 2017, @02:38PM (#583002)

        Used to feel good...

      • (Score: 3, Insightful) by bob_super on Monday October 16 2017, @04:28PM

        by bob_super (1357) on Monday October 16 2017, @04:28PM (#583041)

        You need to know the address you want to spoof. Most of the day, there are no active wireless devices on my network.
        Even if there are, and the nosy neighbors don't call the cops on the random car parked within Wi-Fi range of my house, that extra step is enough to send most wardrivers elsewhere.
        I know I can't outrun the bear, but I run faster than most.

    • (Score: 0) by Anonymous Coward on Monday October 16 2017, @04:34PM (1 child)

      by Anonymous Coward on Monday October 16 2017, @04:34PM (#583045)

      and what is preventing someone from continuously sending a stream of i-want-to-disconnect frame thingies from one wireless nic to YOUR device, where frames look like they came from your own device?
      Then stop for a millisecond.
      And then setting the same ("your") MAC on the second wireless card and connecting like that? If this someone bothers to sniff network for a while, and learn AP pass somehow (arp poisoning and ssl-proxy), someone might submit a query to your router to remove the mac block during the time that you reconnect to the AP... =)

      mac blocks are useless!

      • (Score: 0) by Anonymous Coward on Monday October 16 2017, @04:36PM

        by Anonymous Coward on Monday October 16 2017, @04:36PM (#583047)

        i mean to type "YOUR router" not "YOUR device"

  • (Score: 0) by Anonymous Coward on Monday October 16 2017, @02:44PM (6 children)

    by Anonymous Coward on Monday October 16 2017, @02:44PM (#583004)

    This will not go well. Theo is not known to be someone who keeps quiet, on the topic of Security, or any others.

    Quote from the Q&A on the KrackAttack website:

    Why did OpenBSD silently release a patch before the embargo?

    OpenBSD was notified of the vulnerability on 15 July 2017, before CERT/CC was involved in the coordination. Quite quickly, Theo de Raadt replied and critiqued the tentative disclosure deadline: “In the open source world, if a person writes a diff and has to sit on it for a month, that is very discouraging”. Note that I wrote and included a suggested diff for OpenBSD already, and that at the time the tentative disclosure deadline was around the end of August. As a compromise, I allowed them to silently patch the vulnerability. In hindsight this was a bad decision, since others might rediscover the vulnerability by inspecting their silent patch. To avoid this problem in the future, OpenBSD will now receive vulnerability notifications closer to the end of an embargo.

    OpenBSD will now receive vulnerability notifications closer to the end of an embargo.

    yeah, like putting gasoline on a Theo fire. Hope that works out well for you...

    • (Score: 3, Informative) by zocalo on Monday October 16 2017, @02:57PM (2 children)

      by zocalo (302) on Monday October 16 2017, @02:57PM (#583009)
      Read it again. Theo asked to quietly release the patch pre-disclosure and the researchers initially agreed, then changed their minds and decided it was a bad decision. The timeline is unclear on this (as are additional communications between Theo and the researchers where he may have pressured them into allowing it), but I suspect that Theo's patch was already in the wild by then complete with a comment containing a major clue about the nature of what was fixed - which is possibly what prompted the change of heart. Ultimately, it was the researchers that didn't think the process through sufficiently and as a result won't be releasing *their* info to OpenBSD, so the impact on OpenBSD from other researchers in the future is probably minimal - and assumes that they wouldn't find out from people working on multiple projects anyway.
      --
      UNIX? They're not even circumcised! Savages!
      • (Score: 3, Funny) by frojack on Monday October 16 2017, @06:39PM (1 child)

        by frojack (1554) Subscriber Badge on Monday October 16 2017, @06:39PM (#583089) Journal

        which is possibly what prompted the change of heart.

        EVERY conversation with Theo ends in a "Change of Heart", he being as congenial and accommodating as a cactus in an outhouse.

        --
        No, you are mistaken. I've always had this sig.
        • (Score: 2) by Yog-Yogguth on Tuesday October 17 2017, @12:27PM

          by Yog-Yogguth (1862) Subscriber Badge on Tuesday October 17 2017, @12:27PM (#583426) Homepage Journal

          This is as good as any place to comment on all of this :)

          I am certainly not talking from a vantage point of superiority here, far from it (I reside permanently in "the Valley of Slowness"), and I want to make that very clear up front that all of these people are far better and smarter and more efficient than I could ever hope to be, but...

          You're certainly not wrong Frojack and +1 Funny (or more) is well deserved but I do think your point is precisely why everyone ought to appreciate him more; he's one hell of a sane cactus in a mad world :) He is not the only cactus but perhaps the most pointy one and they all deserve a lot more appreciation or dare I say love?

          For anyone wondering why I'll point out that four months is a long time for the technologically superior (not me, see above). Four months is way too long and if those who discovered the flaws had a patch at or near the beginning of those four months (which is incredibly likely since otherwise they would keep on prodding to figure it out first before saying anything), a patch that they could (and as far as I know did) provide as a reference to everyone else, then a single week ought to be enough even for tiny distributions never mind huge companies or established communities.

          Okay, two weeks then. Jeebus Reebus four months!

          If I am wrong then someone tell me why please. Here's how I see the workflow: code language translation (if applicable, will be for some I guess although most will be using C for sure), tweaking (if applicable, will be for many), and testing (rather fast) then push push push should not take four months so release early and if need be release often too, right?

          I did not look at the innards of the patch or count lines of code, maybe I ought to, I'm not trying to claim it doesn't take any work at all, only that it doesn't/shouldn't require months of work. I have looked at their 16 pages long paper (linky here for ease of use [mathyvanhoef.com]) and their two mitigation methods outlined in "6.5 Countermeasures" which doesn't take more than a quarter of a page and all the rest can be seen as detailed background for reference and clarity so it really can't be all that much work for those who are already familiar with the relevant (i.e. their own) source code.

          A race out of the gate creates a swiftly disappearing target as everyone has a fire lit up under their ass. The amount of patching being done will quickly accelerate and then only those who don't patch anyway are left. Microsoft wasn't even affected by this one so what gives? Was this Google's/Alphabet's evilness? Did they (or anyone else) get paid extra to impersonate my level of slowness? :P

          Now on a strictly personal level I don't care (I'm relatively poor and I like big boobies and that's not illegal yet, nor is rum or tobacco, and beyond my insanities I'm rather boring and uninteresting :D ) but the big nasties have it on day 0, they don't respect any embargo and "embargo" is likely a flag for their systems. Four months of jolly good fun for them, free pizza for everyone doing overtime. We know they keep a close eyes on administrators so there's every reason to think all maintainers and researchers and anyone with a whiff of interesting knowledge in the area are under constant surveillance just for nuggets like these.

          Four months embargo, who do they think they are kidding? Self-deception in play in my not so humble big-mouthed ignorant opinion. We all ought to respectfully point that out so they can sleep on it and maybe change their opinion and maybe also become more appreciative of "cactiiuses"¹ in general :D

          This got a bit ranty, it's not directed at you personally Frojack or anyone at all really except the general state of things and well... "four months" ...or even "months".

          ¹ the more pluralals the betterer :)

          --
          Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
    • (Score: 3, Insightful) by darkfeline on Monday October 16 2017, @05:28PM (2 children)

      by darkfeline (1030) on Monday October 16 2017, @05:28PM (#583063) Homepage

      I do not like embargoes either but I at least understand the reasoning behind them. Either Theo does not understand or he does not care; so long as OpenBSD is patched, fuck everyone else who need more time and are now vulnerable since the exploit is out in the wild.

      Well, since Theo does not care about everyone else, it is only fair that everyone else stops caring about OpenBSD. The fact that OpenBSD will now be on the the short end of future disclosures is very much just deserts.

      • (Score: 2) by maxwell demon on Monday October 16 2017, @05:55PM

        by maxwell demon (1608) Subscriber Badge on Monday October 16 2017, @05:55PM (#583072) Journal

        The fact that OpenBSD will now be on the the short end of future disclosures is very much just deserts.

        Sand deserts or ice deserts?

        --
        The Tao of math: The numbers you can count are not the real numbers.
      • (Score: 0) by Anonymous Coward on Tuesday October 17 2017, @08:01AM

        by Anonymous Coward on Tuesday October 17 2017, @08:01AM (#583366)
        Yeah but isn't OpenBSD supposed to be so secure that it wouldn't be vulnerable to such stuff anyway?

        So don't disclose to OpenBSD at all and let Theo gloat about it being already patched in OpenBSD 10 years ago. ;)
  • (Score: 0) by Anonymous Coward on Monday October 16 2017, @02:57PM

    by Anonymous Coward on Monday October 16 2017, @02:57PM (#583011)

    Any info on that?

  • (Score: 2, Informative) by Sourcery42 on Monday October 16 2017, @04:14PM (1 child)

    by Sourcery42 (6400) on Monday October 16 2017, @04:14PM (#583033)

    The issue with Android is people OEM's largely don't patch.

    FTFY

  • (Score: 3, Informative) by RamiK on Monday October 16 2017, @04:25PM (5 children)

    by RamiK (1813) on Monday October 16 2017, @04:25PM (#583038)

    Run this over night using a capable (separate) machine to your radius server\access point:
    openssl dhparam -check -text -5 4096 -out ./dh

    Following this guide [wordpress.com] as a general reference, remove \ avoid installing the demo certs package (freeradius2-democerts) that provides the default nonce file. Instead, copy your own and place it next to your keys while editing /etc/freeradius2/eap.conf to point to it.

    Be sure to copy your generated public key to your phone and define the connection to use it to actually encrypt communication. OpenWrt and Android \ iPhone don't enforce its use meaning you can successfully authenticate and receive an IP without it but you'll be doing so by sending your user name and password un-encrypted over-the-air every time you reconnect\auth to your access point.

    Another option is to use lets encrypt as a cert auth so Android and iPhone will be able to use their built in public certs and you won't have to bother copying your own public to each phone.

    --
    compiling...
    • (Score: 0) by Anonymous Coward on Monday October 16 2017, @05:13PM (1 child)

      by Anonymous Coward on Monday October 16 2017, @05:13PM (#583059)

      Note going WPA2-Enterprise only helps a little by limiting injections per-user and the new nonce file will only make the things a bit (and only a bit) more computationally intensive then with the default nonce file. In the end, you'd NEED either the client or server patched to solve this problem.

      Regardless, if you can run WPA2-Enterprise then you should. Personal has many weaknesses in the key-exchange that get mitigated by issuing your own keys or your own CA so the OP is still a good advice.

    • (Score: 3, Informative) by Hyperturtle on Monday October 16 2017, @10:40PM (2 children)

      by Hyperturtle (2824) Subscriber Badge on Monday October 16 2017, @10:40PM (#583201)

      Yes, this is all good advice.

      It can be much more complex, but one can also generate local certs as I had done. It doesn't take much to set up a CA server, but it is easier if the certs can be more easily obtained (and trusted).

      I'll admit a vulnerability in my home network, so that everyone else may benefit about what to do about it on theirs -- wireless printers. If they are old, even high end ones, they often cannot be made to host certificates for authentication/authorization. There is often no 802.1x capability for wireless printers, but a workaround can be via an ethernet to wireless bridge, like what the old Xbox used to use to connect to wifi. Similar hardware would work; if it can present a cert. There are some devices that can do that.

      What I've done otherwise and for clients is to put their printers on the wire... convenient or not. In locations where that simply is not acceptable for some reason, then the printers get put on a private network that is isolated somehow -- firewalled off, access listed off, *something* on top of the WPA2. (Don't assail me because of some problem with arp poisoning or whatever you think of -- I'm not curing a problem, I'm prolonging the inevitable and making the fruit a little too high to grab easily.)

      There are so many places with so many wifi devices and so few people checking their logs. People may laugh about printer isolation, but masquerading on a network with a printer mac address is one of the oldest tricks in the book--predating wifi, I assure you. It is incredibly easier to penetrate a network nowadays with wireless printers, outdated android devices that can be exploited over wifi are near the top of the list, too. (But now it seems that any *new* android device is at the top...)

      The Pwnpad and other open source devices have some fantastic resources regarding this--even if you don't intend to put such practice into production, I encourage anyone to take a look at what might be possible against your own network.

      I mean -- when was the last time you checked your phone's logs for hacking attempts? Or your printer? You can use a tablet nowadays to capture all print requests, save a copy, and redirect the print job to the original printer. Sure it'll drop traffic like crazy but no one is going to notice at most places. And the os will just resend the job. Griping about slow print jobs is part of life.

      Anyway, for those of you that are reading the vulnerability details, make a note of how its mostly newer, client specific OS problems that are mostly in trouble. Enterprise APs and good consumer APs already have fixes, but that doesn't stop people from wandering with their vulnerable and unpatched client devices that are the bulk of the problem.

      I would consider it strange that most new OS updates/releases seem to be preferring the method that is the easiest to hack... otherwise I have to cynically suggest it was by design, to leverage the problem and make it easier to take over the newest and otherwise most secure tablets and phones...

      • (Score: 2) by Yog-Yogguth on Tuesday October 17 2017, @12:47PM

        by Yog-Yogguth (1862) Subscriber Badge on Tuesday October 17 2017, @12:47PM (#583431) Homepage Journal

        Printers... as an aside how ironic it is that according to lore the GNU GPL got its start in order to fix some printer source code but still the world does not (yet?) have a free source/open source printer for sale :|

        Not even an eight point dot matrix one... KRA-CAATCH :P :D (I wonder if I still have one hidden away in someone else's storage, I think it was an OKI, it looked an awful lot like the first picture here [wikipedia.org] but then they all did).

        --
        Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
      • (Score: 2) by RamiK on Tuesday October 17 2017, @02:50PM

        by RamiK (1813) on Tuesday October 17 2017, @02:50PM (#583483)

        A $20 GL.iNet AP can be used as a print server (if drivers permit) or maybe a tunneled bridge: https://www.gl-inet.com/products/ [gl-inet.com]

        I think other manufacturers are also available but I don't think you can find anything as remotely open, well-supported and with such great specs-per-dollar as their hardware unless you need 5g wifi.

        --
        compiling...
  • (Score: 2) by crafoo on Tuesday October 17 2017, @01:51AM

    by crafoo (6639) on Tuesday October 17 2017, @01:51AM (#583258)

    Ahahahahh oooooooh NO! All encryption protocols of WPA2, all devices. Linux, BSD, iOS especially fucked because valued _technical_ compliance to the spec rather than common sense practice. Fucking glorious. I especially enjoyed their description of dealing with Ratt of BSD. LOL! They will handle that differently next time! What an unpleasant fellow.

  • (Score: 2) by Techwolf on Tuesday October 17 2017, @03:15AM (1 child)

    by Techwolf (87) on Tuesday October 17 2017, @03:15AM (#583291)

    Can this be used to gain access to a WPA/WPA2 AP without knowing the password? This would be good for getting net access on the road.

    • (Score: 3, Informative) by rob_on_earth on Tuesday October 17 2017, @06:29AM

      by rob_on_earth (5485) on Tuesday October 17 2017, @06:29AM (#583348) Homepage

      no. The demo video had the attacker already having access to the internet and explicitly routed the the victim through them to allow the victim the illusion that everything was fine and so snooping could take place. In the example Match.com

(1)