WPA2 Security Flaw

No you fucking retard

so? it's a big fucking deal, since it's still questionable if it'll get fixed in the majority of android phones.
I'd rather people make too much noise about this than too little

Im not usually a fan of calling people a "fucking retard", but I believe in this particular instance it was warranted.

which part of "wpa2 handshake wifi exploit" makes you think this would have anything to do with a high-level protocol such as tor?

Not noticeably, Tor always considers the network to be hostile.

serious question: wouldnt it be possible to root your phone and then replace wpa_supplicant (I assume thats what android uses) with a patched binary?

Fuck, I just posted in the other thread before it got archived.
I'm looking to replace my AP, and I think this is a good opportunity to do so, but right now I have an ADSL WiFi router, can I just connect the AP into it, turn the WiFi off and be "safe"?

You people are retarded.
This doesn't mean some chink on the other side of the world can hack into your wi-fi network.
The person has to be literally, physically within your wi-fi range.
Just like cracking WEP keys.

And I strongly doubt my tech illiterate neighbors know or care about this shit when they have their own wi-fi.

>connecting everything to the Internet is a good idea guys

>you people are retarded why are you locking your doors the criminals would need to come to your house to rob you and I doubt my neighbors that have their own houses care

should I delete my oppai lolis?

Too late, everyone. I took all of your mother's porn.

stupid question.

do we need to update/replace the router? or is this fixed with a patch for each device? I'm kinda confused about this ordeal.

New firmware for literally everything that uses WPA2.

fug :DD

I'm looking for a new router anyway, is there a list of routers that got/will be patched?

>Look into my settings
>I'm using WEP
Wew. That was close.

That's not at all what he said, you fucking idiot. Learn to read, then respond. He's not saying it's an issue, he's saying some guy halfway around the world isn't going to do anything with it.

The problem can't be solved with updating routers.

It would probably be easier to just flash a custom ROM if your phone is supported

yeb, stay safe :DDDDDD

Partly yes, no? I'm given to understand that some distros already are patched, now we wait for routers and android security patch. Windows will probably get a fix soon as well.

Only windows 10 will get the new patches, and only if your CPU is of a certain age.

Doesn't change the fact that they are rolling out updates to routers as well. Even the website says to update the router. So what's good?

HOW CAN WIN AND MACFAGS EVEN COMPETE HAHA

By not living in Somalia like you

Weak response, m8.

How's the cuckshed Adolf?

>I am totally not a butthurt mac user
Please cry louder.

Why the fuck are most articles saying Linux is somehow more affected by this than iOS and Windows? Because of Android?

sorry guys I meant to post this on Sup Forums

krackattacks.com/#details-android
wpa_supplicant is already patched though.

Ubuntu LTS:
>wpasupplicant/xenial-updates,xenial-security 2.4-0ubuntu6.2 amd64 [upgradable from: 2.4-0ubuntu6]
Oh look, it's literally nothing. And anyone using a phone with stock ROM, or some shitty IoT device like a smartTV, deserves what they get.

>These scripts will be released once we had the time to clean up their usage instructions.
Any 3rd party proof of concept code yet?

>cuckshed

hello script kiddie

>implying you don't want to play around with this

Welcome to Trump's America.

Wtf do I do if I don't want to update to Oreo?

Was patched a week ago for windows

Fix coming for me in 3 days :^]

if you're running lineage or similar, you hope it gets put in your rom before that
otherwise you're fucked

>trying this hard to spread lies
Yes it's been patched but only a few hours ago.

Who gives a fuck? All routers have NSA, KGB or Chinese backdoor built in.

>What if there are no security updates for my router?

>Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.

>And anyone using a phone with stock ROM, or some shitty IoT device like a smartTV, deserves what they get.
how does a costum rom change fucking anything?

i use university wifi. i am sure there are some elite hackers on campus who would abuse it.

What if the clients and access points have MAC whitelists?

It gets updates, while abandoned phones and IoT devices don't.

>using wifi
This is what those people deserve.

Thanks Obama.

Feels good

Clone the MAC :^)

>implying this wasn't a NSA backdoor

> it's still questionable if it'll get fixed in the majority of android phones.

This. Considering that KitKat is the third largest version of Android as of last month, and that if you take Lollipop 5.0 down to Gingerbread you're accounting for 30% of the market, and you know none of these manufacturers are ever going to patch anything that old you see we might have a petty big problem. Even bigger problem if they refuse to patch Lollipop 5.1 as well 'cause then you're at a hair over 50% of the market for Android.

(sauce: statista.com/statistics/271774/share-of-android-platforms-on-mobile-devices-with-android-os/ )

>tfw lg g4

Time for a new phone because old Android phones don't get updates, fucking Jews and Gooks

At least versions prior to 6.0 are a bit safer than current versions, since they can't be exploited using the all zero encryption key method.

download.lineageos.org/h815

Why tho, this phone is powerful enough and well supported by custom ROMs like

this guy gets it
this is a mental retarded

so the real question here is: which of Sup Forums's !337 HaX0rZ has downloaded the exploit and tested it yet?

... on your own network, of course.

...

getting cuck by wireless
this is why i only use LAN like an old skol old man

>LAN

>they knew

oh wow that really activates my tinfoil

>The person has to be literally, physically within your wi-fi range.
>Just like cracking WEP keys.
so following your logic, I assume you run your wifi with WEP / unprotected?

Fug, do I need to update every wifi client I have in my home? Laptop, desktop, TV, errthang? What if I don't?

Either update your router, or each device. You should do both if possible.

Disabled wifi the day I installed both routers in my house. Whole place is wired in Cat 7 (big runs) or Cat 5 (short runs).

Cannot describe the level of comfy being surrounded by my comfy copper nest.

Worst analogy I have ever read

It was part of the patch that came 10th of october.

And it's not even the food version

I just put a condom around it to protect it from v1ru5 and ebil haxxors

Got the patch on my Linux Mint a couple of hours ago.

>Click the link thinking it's is just a shitty board like or and get some lols along the way

>Discover that terminal autism is a real thing and very much alive and thriving on that board and leave to prevent it from spreading to me
It was the worst 2 minutes of my life

good thing I am using wep

Oh shit, the lainon was right

I only enable my phone's wifi reception at home, am I safe

No

is it just me or microsoft is full of bullshit in claiming they fixed the issue? they spouted some shit about group keys but that's not the real problem here.

Who still uses Tor in 2017? Just running through an exit node will likely get you listed. Many agencies have many ways to find people.

The 4 way handshake was never a problem on windows, because microsoft violated the standard with their implementation. The only exploit that worked against windows is the group key thing, and that is what m$ claims to have fixed. Read the paper papers.mathyvanhoef.com/ccs2017.pdf

>Many agencies have many ways to find people.

>because microsoft violated the standard with their implementation
that was my other guess is they used some lazy programming and sidestepped the issue.
but then i thought maybe they just stole the relevant codes from competent programmers like many times in the past so it was a coin toss.

the Sup Forums way of router setup is to buy a current device with good specs and install a custom operating system such as openwrt, tomato

It's funny that one slacking pajeet parried an entire team of security experts. A stopped clock and all that.
To be fair, apple also violates the standard, and in the exact same way. They have yet to patch the group exploit tho.

thats possible

followed

See for yourself, people get arrested day after day after day, but its supur anonymuz - deepdotweb.com/

Only effects you if you don't check the https connection on the sites you transmit vital data