KRACK! Wifi's go-to security, WPA2, is fatally flawed, and will probably never be patched in many places

Nope.

It doesn’t affect Routers it only affects Clients.

1 Like

Sure read the article… It could use an upgrade anyway,

It’s great for me at the moment I’ll have the patches on my phone by Saturday, https://lineageos.org/ All my Debian boxes got patched within 3 hours of the news.

KRACK Attacks: Breaking WPA2
What if there are no security updates for my router?

Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.

1 Like

I got patches for Fedora and Ubuntu yesterday as well. That’s the top three Linux distros.

2 Likes

enh. it is old and while it still works like a champ it should probably be replaced.

Unless, you, you know, want to use 802.11r, in which case you need to patch your router. (Also is nice to have it patched for client side in case you ever decide to use it as the client end of a wireless bridge.)

That sounds like a great thing to argue about :smiley:

I’ll start:

Well actually DistroWatch says Manjaro and OpenSUSE are more popular than Fedora and that’s if you even discount Mint as a distinct distribution in the first place …

2 Likes

That would be a fun thread, but please don’t do it here, it’s way too far off topic.

2 Likes

Also that way lies madness… may as well grumble about vi and emacs. :smiling_imp:

1 Like

Hasn’t that been done here, yet? If not, we owe that to ourselves.

1 Like

No not we don’t.

regarding: “The need for security standards to be freely auditable was also at the center of the W3C’s catastrophic decision to standardize DRM for 3 billion browser users: EFF proposed that W3C members should pledge not to threaten security researchers who discovered defects in the W3C standard, and the members refused, with the backing of the W3C exec (which is why EFF resigned).”

Clarification from the W3C:
Unlike WPA2, W3C standards, including EME, are entirely open and free to read. The longstanding claim that W3C has "standardized DRM” is untrue and part of years-long misinformation to conflate EME, an API for interacting with DRM, with DRM itself.

It is also demonstrably untrue that “W3C members refused” efforts for a covenant to protect researchers since many W3C members recently voted to do just that; though many more (by about double) voted against the one particular method proposed by EFF to do so. The decision was not about the “backing of the W3C exec” but the result of an appeal vote of all W3C members. requested by a member (EFF), which was carried by a majority of members.

3 Likes

I don’t know if you’re a legit representative of the W3C or not, but I hope you come back to post more here.

5 Likes

A couple of our Communications representatives have responded individually on behalf of the W3C in the past on BoingBoing, before.
We only created that dedicated account this week (which we should have done years ago). Our message is consistent with what we said here before as individuals.

4 Likes

We are from the W3C. Thanks for the note.

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.