Personal computing discussed

Moderators: Steel, notfred

 
notfred
Maximum Gerbil
Topic Author
Posts: 4487
Joined: Tue Aug 10, 2004 10:10 am
Location: Ottawa, Canada

Time to update everything WiFi

Mon Oct 16, 2017 8:34 am

https://www.krackattacks.com/

You need to update all your WiFi clients as well as APs.
 
Waco
Gold subscriber
Minister of Gerbil Affairs
Posts: 2391
Joined: Tue Jan 20, 2009 4:14 pm
Location: Los Alamos, NM

Re: Time to update everything WiFi

Mon Oct 16, 2017 9:00 am

Sigh.
Z170A Gaming Pro Carbon | 6700K @ 4.4 | 16 GB | GTX Titan Xm | Seasonic Gold 850 | XSPC RX360 | Heatkiller R3 | D5 + RP-452X2 | Cosmos II | Samsung 4K 40" | 2048 + 240 + LSI 9207-8i (128x8) SSDs
 
just brew it!
Gold subscriber
Administrator
Posts: 51359
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Time to update everything WiFi

Mon Oct 16, 2017 9:03 am

I've been using a SOCKS proxy over SSH with my laptop for years. I guess I should figure out how to do that on my phone too. The extra layer of security/encryption provides some protection from this sort of nonsense.
Nostalgia isn't what it used to be.
 
TwistedKestrel
Gerbil Elite
Posts: 665
Joined: Mon Jan 06, 2003 4:29 pm

Re: Time to update everything WiFi

Mon Oct 16, 2017 9:23 am

Well ****

Do both ends of a WiFi link need to be protected against the attack for it to be ineffective? I wish they actually would iterate WPA for this, because for the vast majority of consumer applicances identifying whether or not they are vulnerable will require you to personally test each and every one of them
 
just brew it!
Gold subscriber
Administrator
Posts: 51359
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Time to update everything WiFi

Mon Oct 16, 2017 9:53 am

It's a client-side vulnerability. Routers/APs should be (mostly) unaffected.
Nostalgia isn't what it used to be.
 
Chrispy_
Maximum Gerbil
Posts: 4385
Joined: Fri Apr 09, 2004 3:49 pm
Location: Europe, most frequently London.

Re: Time to update everything WiFi

Mon Oct 16, 2017 10:00 am

I assume Microsoft and Apple with roll this into their OS updates very quickly.
As for every other appliance? Botnets ahoy!

Oh, what was that, they were already hacked and have been botnetting for years, you say?
Nothing to see here, move along now people....
#OfficerBarbrady
Congratulations, you've noticed that this year's signature is based on outdated internet memes; CLICK HERE NOW to experience this unforgettable phenomenon. This sentence is just filler and as irrelevant as my signature.
 
Topinio
Graphmaster Gerbil
Posts: 1480
Joined: Mon Jan 12, 2015 9:28 am
Location: London

Re: Time to update everything WiFi

Mon Oct 16, 2017 10:59 am

Debian already did, this morning, and OpenBSD jumped the gun with a silently-released patch (based on a PoC diff from the vuln discoverer, who writes "[t]o avoid this problem in the future, OpenBSD will now receive vulnerability notifications closer to the end of an embargo" ).

On AP's, seems at least Broadcom ones don't verify the key MIC of the EAPOL frame sent to the AP which initiates a rekey...
Desktop: E3-1270 v5, X11SAT-F, 32GB, RX Vega 56, 250GB BX100, 2TB Ultrastar, Xonar DGX, XL2730Z + G2420HDB
HTPC: i5-2500K, DH67GD, 6GB, GT 1030 SC, 250GB BX100, 1.5TB Barracuda, Xonar DX
Laptop: MacBook6,1
 
Ryu Connor
Gold subscriber
Global Moderator
Posts: 4313
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA
Contact:

Re: Time to update everything WiFi

Mon Oct 16, 2017 11:37 am

Intel has released drivers that correct the problem.

https://security-center.intel.com/advis ... geid=en-fr
All of my written content here on TR does not represent or reflect the views of my employer or any reasonable human being. All content and actions are my own.
 
trackerben
Minister of Gerbil Affairs
Posts: 2134
Joined: Mon Jun 15, 2009 12:28 am
Location: 'Tween oceans...

Re: Time to update everything WiFi

Mon Oct 16, 2017 11:46 am

Chrispy_ wrote:
I assume Microsoft and Apple with roll this into their OS updates very quickly.


iOS 11.03 updates downloading even before the news broke. They might have been counseled to hold off until things went irretrievably public.
 
Usacomp2k3
Gerbil God
Posts: 22095
Joined: Thu Apr 01, 2004 4:53 pm
Location: Orlando, FL
Contact:

Re: Time to update everything WiFi

Mon Oct 16, 2017 11:51 am

Ryu Connor wrote:
Intel has released drivers that correct the problem.

https://security-center.intel.com/advis ... geid=en-fr

Thanks, work laptop updated.
 
Topinio
Graphmaster Gerbil
Posts: 1480
Joined: Mon Jan 12, 2015 9:28 am
Location: London

Re: Time to update everything WiFi

Mon Oct 16, 2017 1:10 pm

Ryu Connor wrote:
Intel has released drivers that correct the problem.

https://security-center.intel.com/advis ... geid=en-fr

Oh, great. It's driver-side not OS-side on Windows.

And, joy of joys, it's in that wonderful liability AMT again and obviously "For Intel® Active Management Technology, there is no planned Intel® Manageability Engine firmware update for versions 2.x-7.x because those versions are no longer supported."

Which means Latitude <= E..2. series are unpatchable, and we need to run f/w updates on the E..3. and later ones, once the new revisions hit in probably 6-8 weeks if the pattern from early summer is repeated. Happy happy joy joy.
Desktop: E3-1270 v5, X11SAT-F, 32GB, RX Vega 56, 250GB BX100, 2TB Ultrastar, Xonar DGX, XL2730Z + G2420HDB
HTPC: i5-2500K, DH67GD, 6GB, GT 1030 SC, 250GB BX100, 1.5TB Barracuda, Xonar DX
Laptop: MacBook6,1
 
Ryu Connor
Gold subscriber
Global Moderator
Posts: 4313
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA
Contact:

Re: Time to update everything WiFi

Mon Oct 16, 2017 1:15 pm

Yeah, Windows and iOS are not as vulnerable to this flaw as Linux, BSD, and Android were (are).

You're going to see more driver updates to help close the vulnerability in Windows and as you note that's a hitch.

Notice also that Intel didn't fix any of their Wi-Fi older than the 7000 series. :(
All of my written content here on TR does not represent or reflect the views of my employer or any reasonable human being. All content and actions are my own.
 
Dposcorp
Silver subscriber
Minister of Gerbil Affairs
Posts: 2703
Joined: Thu Dec 27, 2001 7:00 pm
Location: Detroit, Michigan

Re: Time to update everything WiFi

Mon Oct 16, 2017 4:10 pm

I am smarter then all of you.

My wifi network is open to all, no password, so will never get hacked.

Social engineering anti-attack FTW!!!!!!!!1
 
thecoldanddarkone
Gold subscriber
Minister of Gerbil Affairs
Posts: 2398
Joined: Wed Mar 26, 2003 4:35 pm

Re: Time to update everything WiFi

Mon Oct 16, 2017 4:16 pm

Ryu Connor wrote:
Yeah, Windows and iOS are not as vulnerable to this flaw as Linux, BSD, and Android were (are).

You're going to see more driver updates to help close the vulnerability in Windows and as you note that's a hitch.

Notice also that Intel didn't fix any of their Wi-Fi older than the 7000 series. :(


Yea I noticed this and realized it's probably time for me to buy new adapters...
I7 4930k, 32 GB Ballistix DDRL3@2133 , 1.2 TB Intel 750 AIC, 500 GB mx200, Sapphire R9 Fury, asus x79 ws, HP ZR24w, edifier s730
HP Pro x2 612- i5-4302Y, 8 gigs of memory, 256 ssd
 
MOSFET
Gold subscriber
Gerbil Team Leader
Posts: 263
Joined: Fri Aug 08, 2014 12:42 am

Re: Time to update everything WiFi

Mon Oct 16, 2017 5:04 pm

trackerben wrote:
Chrispy_ wrote:
I assume Microsoft and Apple with roll this into their OS updates very quickly.


iOS 11.03 updates downloading even before the news broke. They might have been counseled to hold off until things went irretrievably public.


I found iOS 11.0.3 ready and waiting Saturday night.
Be careful on inserting this (or any G34 chip) into the socket. Once you pull that restraining lever, it is either a good install or a piece of silicon jewelry.
 
ludi
Darth Gerbil
Posts: 7949
Joined: Fri Jun 21, 2002 10:47 pm
Location: Sunny Colorado front range

Re: Time to update everything WiFi

Mon Oct 16, 2017 10:52 pm

Ryu Connor wrote:
Intel has released drivers that correct the problem.

https://security-center.intel.com/advis ... geid=en-fr

Thanks. My Haswell-era ultrabook had an Intel 7260 and took the update with no issues.

My Sandy-Bridge era laptop has a Centrino-N of some sort not listed in that article. Going to try a $10 eBay 3160 swap, since that one is listed and appears physically identical to the existing 'N' module. Crossed fingers that the BIOS will allow it.
Abacus Model 2.5 | Quad-Row FX with 256 Cherry Red Slider Beads | Applewood Frame | Water Cooling by Brita Filtration
 
trackerben
Minister of Gerbil Affairs
Posts: 2134
Joined: Mon Jun 15, 2009 12:28 am
Location: 'Tween oceans...

Re: Time to update everything WiFi

Tue Oct 17, 2017 5:49 am

MOSFET wrote:
I found iOS 11.0.3 ready and waiting Saturday night.


Right now, it's the Apple of my eye. They were already geared up for a big update cycle, fortunately.

On the supply-side, I will be bowing and scraping for whatever trickles down for my Androids and network equipment.
 
Chuckaluphagus
Silver subscriber
Gerbil Elite
Posts: 798
Joined: Fri Aug 25, 2006 4:29 pm
Location: Boston area, MA

Re: Time to update everything WiFi

Tue Oct 17, 2017 8:20 am

Ubuntu 16.04 had a patch appear yesterday evening.

Now I just need to figure out mitigation for my phone (an LG G4). Might finally be time to look into VPN service.
 
JustAnEngineer
Gold subscriber
Gerbil God
Posts: 18148
Joined: Sat Jan 26, 2002 7:00 pm
Location: The Heart of Dixie

Re: Time to update everything WiFi

Tue Oct 17, 2017 7:21 pm

TP-Link had a patch to update my HS100 smart plugs' firmware from 1.1.1. to 1.2.2. through the Kasa app. The update was quick and painless.
i7-8700K, H100i v2, RoG Strix Z370-G Gaming, 16 GiB, RX Vega64, Define Mini-C, SSR-850PX, C32HG70, RK-9000BR, MX518
 
SuperSpy
Gold subscriber
Minister of Gerbil Affairs
Posts: 2307
Joined: Thu Sep 12, 2002 9:34 pm
Location: TR Forums

Re: Time to update everything WiFi

Wed Oct 18, 2017 7:40 am

Still waiting on LEDE 17.01.4 so I can update all like 90 of the old OpenWRT routers and APs I have around.
Desktop: i7-4790K @4.8 GHz | 32 GB | EVGA Gefore 1060 | Windows 10 x64
Laptop: MacBook Pro 2017 2.9GHz | 16 GB | Radeon Pro 560
 
TwistedKestrel
Gerbil Elite
Posts: 665
Joined: Mon Jan 06, 2003 4:29 pm

Re: Time to update everything WiFi

Wed Oct 18, 2017 8:56 am

Hoping for an AP/router feature that tests clients for the vulnerability and then restricts/blocks them accordingly (e.g. no local access, no router administration access, etc)
 
JustAnEngineer
Gold subscriber
Gerbil God
Posts: 18148
Joined: Sat Jan 26, 2002 7:00 pm
Location: The Heart of Dixie

Re: Time to update everything WiFi

Wed Oct 18, 2017 2:50 pm

My ultrabook's Centrino-N 6235 updated successfully using the latest version from Intel's web site. Asus' Live Update utility has been useless for some time.
i7-8700K, H100i v2, RoG Strix Z370-G Gaming, 16 GiB, RX Vega64, Define Mini-C, SSR-850PX, C32HG70, RK-9000BR, MX518
 
seankay
Gerbil First Class
Posts: 170
Joined: Wed Jul 20, 2016 5:43 am

Re: Time to update everything WiFi

Thu Oct 19, 2017 6:24 am

There still are many who haven't released a patch or update yet as found here and appraently a few people and companies saying that VPN can be a solution for them until the update arrives like this. So, is it actually the case? Is using a VPN a solution? and how is it if anyone can make me understand it please?
 
notfred
Maximum Gerbil
Topic Author
Posts: 4487
Joined: Tue Aug 10, 2004 10:10 am
Location: Ottawa, Canada

Re: Time to update everything WiFi

Thu Oct 19, 2017 9:15 am

When WiFi security works properly, nobody can see your traffic because it is all encrypted between your phone or laptop and the Access Point. This means that if you are sitting at a coffee shop using their WiFi then the people at the next table can't sniff your traffic.

The breakage means that someone sitting at the next table can change the encryption key that is being used between your phone or laptop and the Access Point and so they can see all your traffic.

Now if your traffic is all encrypted anyway by being sent through a VPN or you are browsing HTTPS websites, then they are no closer to seeing what you are up to. However if you do something that sends your username and password in the clear then they just captured it and all your base are belong to us.
 
Ryu Connor
Gold subscriber
Global Moderator
Posts: 4313
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA
Contact:

Re: Time to update everything WiFi

Thu Oct 19, 2017 10:10 am

JustAnEngineer wrote:
My ultrabook's Centrino-N 6235 updated successfully using the latest version from Intel's web site. Asus' Live Update utility has been useless for some time.


You're still unprotected. Intel did not release fixed drivers for the 6235 or any member of the 6000 series family. Only the following driver revisions have the fix.

20.0.2.3
19.51.7.2
19.10.9.2
18.33.9.3

You can check your driver versions in Device Manager. You'll most likely find 15.18.0.1 (4/30/2015) and that driver version is broken.
All of my written content here on TR does not represent or reflect the views of my employer or any reasonable human being. All content and actions are my own.
 
ludi
Darth Gerbil
Posts: 7949
Joined: Fri Jun 21, 2002 10:47 pm
Location: Sunny Colorado front range

Re: Time to update everything WiFi

Thu Oct 19, 2017 10:36 am

seankay wrote:
There still are many who haven't released a patch or update yet as found here and appraently a few people and companies saying that VPN can be a solution for them until the update arrives like this. So, is it actually the case? Is using a VPN a solution? and how is it if anyone can make me understand it please?

A VPN uses an encrypted path ("VPN tunnel") between your device and a remote server where the VPN is hosted. All traffic on the VPN is handled by the remote server, then sent to your device over that encrypted path. Many corporate entities will set up a VPN server so their employees can log in to the corporate network from a remote location. There are also online services where you can use a VPN host to gain an extra level of security, typically for a monthly subscription fee. At that point you are gaining an extra layer of security from your device to the VPN host, but also placing trust in the VPN host not to be monitored or compromised.
Abacus Model 2.5 | Quad-Row FX with 256 Cherry Red Slider Beads | Applewood Frame | Water Cooling by Brita Filtration
 
uni-mitation
Silver subscriber
Gerbil Team Leader
Posts: 262
Joined: Mon Feb 04, 2013 1:28 am

Re: Time to update everything WiFi

Fri Oct 20, 2017 8:38 pm

ludi wrote:
seankay wrote:
There still are many who haven't released a patch or update yet as found here and appraently a few people and companies saying that VPN can be a solution for them until the update arrives like this. So, is it actually the case? Is using a VPN a solution? and how is it if anyone can make me understand it please?

A VPN uses an encrypted path ("VPN tunnel") between your device and a remote server where the VPN is hosted. All traffic on the VPN is handled by the remote server, then sent to your device over that encrypted path. Many corporate entities will set up a VPN server so their employees can log in to the corporate network from a remote location. There are also online services where you can use a VPN host to gain an extra level of security, typically for a monthly subscription fee. At that point you are gaining an extra layer of security from your device to the VPN host, but also placing trust in the VPN host not to be monitored or compromised.


Doubleplusgood ^^^

Paid VPN services on the consumer side are marketed for ¨privacy¨ when in fact a VPN's true purpose is to serve as a condom to secure your devices to a trusted source, namely, the VPN. And as said above, you are at that point placing your security in the hands of that provider. Your connection from that VPN to the web is NOT secured, what is secured is the connection between your devices & the VPN host. But, using VPN from a reputable paid source in addition to other security practices like HTTPs, and what not is the best that we can hope for. Yet, when in comes to state actors with essentially unlimited resources, no one is safe like Snowden said; and I will gladly take Snowden's word over the dark underbelly of my government.

And using VPN for privacy is not the cure-all panacea. The inherent design of the interconnected network was one of trusted servers & clients, and it is literally impossible to hide your true identity given the amount of resources that state actors muster. All that someone stepped in this industry may sell you is privacy & security to a "reasonable degree", anything else and you may consider consider yourself a fool for believing such tale- not that I am foreclosing on the very remote possibility that powers that may be will go against their interests and actually give us a totally interconnected network standard that respects user's privacy & security but don't hold your breath.

uni-mitation
 
ludi
Darth Gerbil
Posts: 7949
Joined: Fri Jun 21, 2002 10:47 pm
Location: Sunny Colorado front range

Re: Time to update everything WiFi

Sat Oct 21, 2017 4:45 pm

ludi wrote:
My Sandy-Bridge era laptop has a Centrino-N of some sort not listed in that article. Going to try a $10 eBay 3160 swap, since that one is listed and appears physically identical to the existing 'N' module. Crossed fingers that the BIOS will allow it.

Success! The 3160 dropped in with no issues, and now I have Bluetooth on this laptop as well.

JustAnEngineer wrote:
My ultrabook's Centrino-N 6235 updated successfully using the latest version from Intel's web site. Asus' Live Update utility has been useless for some time.

Consider an Intel 3160 (AC+BT) or 3165 (dual-band AC+BT) from eBay. About $10-15, and if it works, you not only get the patched driver, you upgrade from N to AC support.
Abacus Model 2.5 | Quad-Row FX with 256 Cherry Red Slider Beads | Applewood Frame | Water Cooling by Brita Filtration
 
JustAnEngineer
Gold subscriber
Gerbil God
Posts: 18148
Joined: Sat Jan 26, 2002 7:00 pm
Location: The Heart of Dixie

Re: Time to update everything WiFi

Sat Oct 21, 2017 7:02 pm

ludi wrote:
JustAnEngineer wrote:
My Zenbook UX32VD's Centrino-N 6235...
Consider an Intel 3165 (dual-band AC+BT).
The Centrino-N 6235 is a 2x2 dual band ABGN+BT half mini PCIe M.2 card. The 7260 and 3160 look similar. Which would be the easiest drop-in replacement?
https://ark.intel.com/products/family/5 ... s-Products
i7-8700K, H100i v2, RoG Strix Z370-G Gaming, 16 GiB, RX Vega64, Define Mini-C, SSR-850PX, C32HG70, RK-9000BR, MX518
 
meerkt
Gerbil Elite
Posts: 951
Joined: Sun Aug 25, 2013 2:55 am

Re: Time to update everything WiFi

Sat Oct 21, 2017 8:44 pm

I thought the Windows update was where it was fixed, not WLAN drivers?

Who is online

Users browsing this forum: No registered users and 1 guest