• Welcome to Peterborough Linux User Group (Canada) Forum.
 

Severe flaw in WPA2

Started by ssfc72, October 16, 2017, 05:54:46 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

ssfc72

Mint 20.3 on a Dell 14" Inspiron notebook, HP Pavilion X360, 11" k120ca notebook (Linux Lubuntu), Dell 13" XPS notebook computer (MXLinux)
Cellphone Samsung A50, Koodo pre paid service

Jason

One of the comments mentions that if you're careful about only putting data only over HTTPS, your data is still safe since it's encrypted that way. Good reason to install and use HTTPS Everywhere (it's a plugin).

Think I'm going to just use the mobile network for my phone when I'm away from home now especially with that info about VPNs although at least one was found to be good.

Free wireless access points are probably all going to be scary now because the likelihood they will patch is small. And home routers, ugh, even less likely to be patched unless they're new or expensive. Sigh. Really considering using a Raspberry PI as a router. It's better than cheap routers, I'm sure, and at least you know it's going to continue to be patched.
* Zorin OS 17.1 Core and Windows 11 Pro on a Dell Precision 3630 Tower with an
i5-8600 3.1 GHz 6-core processor, dual 22" displays, 16 GB of RAM, 512 GB Nvme and a Geforce 1060 6 GB card
* Motorola Edge (2022) phone with Android 13

Jason

Been thinking about this more. The biggest concern is really going to be with mobile devices. If you're using wireless at home, an attacker will need to be in range to attack you. Probably an unlikely scenario for most people unless wardriving becomes a thing again.

But if you're using free wifi hotspots, you would be a lot more susceptible since they can hack clients (the biggest problem) such as your phone. Though every device is potentially vulnerable it appears Linux and Android devices are the most problematic. Since we can't control routers on the outside even if we patch our client devices, I'd recommend making sure that you're using https when you log into any websites. Note that the injection means a compromised network can re-direct websites to use HTTP only (those that have the login possibility) so doublecheck you're using a secure connection.
* Zorin OS 17.1 Core and Windows 11 Pro on a Dell Precision 3630 Tower with an
i5-8600 3.1 GHz 6-core processor, dual 22" displays, 16 GB of RAM, 512 GB Nvme and a Geforce 1060 6 GB card
* Motorola Edge (2022) phone with Android 13

ssfc72

My Mint 18 distro just issued a WPA update, today. Oddly, it was only a level 2 update?
Mint 20.3 on a Dell 14" Inspiron notebook, HP Pavilion X360, 11" k120ca notebook (Linux Lubuntu), Dell 13" XPS notebook computer (MXLinux)
Cellphone Samsung A50, Koodo pre paid service

Jason

1 Minimal: No impact on the system or other applications.
2 Normal: Default level. Usually low impact on the system.

This would definitely have would have an impact on the system, at least potentially. Remember levels aren't priority levels. They're impact levels. It's also new, so they probably don't know if it will have unforeseen impacts yet.
* Zorin OS 17.1 Core and Windows 11 Pro on a Dell Precision 3630 Tower with an
i5-8600 3.1 GHz 6-core processor, dual 22" displays, 16 GB of RAM, 512 GB Nvme and a Geforce 1060 6 GB card
* Motorola Edge (2022) phone with Android 13