WPA2 IS DEAD!

Krack is not what you think of.
You can manipulate data that your device sends.And it's nothing extreme, just text. Windows, linux and CuckOS patched it. Except android.
You dumbfuck.

i herd u kan use mac address filtering to mitigate this attack so just add all ur wireless devices to the allow list and blck everything else

i'm cs3 so i know what im talking about

I like the fact that Linux and Android just allowed an all-zero encryption key. You Might as well be on public wifi at that point.

android fix when

it's the clients not the AP

I like that android has no way to update and I have to format my phone all the time.

It was never patched in Windows. Microsoft implemented the bad part of the spec incorrectly, and as a result they weren't vulnerable.

You're right, he probably doesn't connect to the AP.

holy fuck how do you fuck up _that_ bad?

What about the billion phones that won't get any updates at all?

>Google: Android update.
>Carrier: No
>Google: But this is important!
>Carrier: Really? We better sell customers a new phone then!

great, my carrier shouldn't mind if I install a custom rom that gets support

THANK YOU BASED MICROSOFT

>tfw live in the country and the nearest neighbors/roads are well beyond WiFi range

>lying on the internet
computerworld.com/article/3233198/microsoft-windows/microsoft-shuts-down-krack-with-sneaky-windows-update.html

>Linux is more secure!
>More secure!
>Secure!
How did all you fucking autistic neckbeards miss this shit?

>he only uses wifi at home
You never leave the house for, I don't know, work?

He never said it was dead. Just that it was cracked.

WPA2 being cracked is irrelevant for most people, though. Everything everyone does has tons of security holes, but in the end, there's more of a possibility of nothing happening to them than something.

Enjoy your void warranty.

I use 4G if I'm away from home.

about all it's good for and they can't even do that

The title of the post was "WPA2 IS DEAD", you fucking retard

Well, I use WiFi at work and eduroam wherever they have that (which turns out to be quite a few places).

well the fix isn't in the AP it's in the clients
so no, you don't need a new router

You even read the thread's Title?

WPA2 isn't technically cracked, only a vulnerability in four-way handshake affecting clients.

we're getting treble soon
still too late though

>4g has authentication

user i...

Technically, you'd be more likely to be safe in a crowded area as the exploit tricks clients over to other channels controlled by a fake AP, which would most likely already be used by other APs in the vicinity.

This is why the ROM meme is so retarded.
Why can't they make a update system sort of like how they make updates through the play store for the rest of the system?
Downloading a 300+mb image every time to add a few lines patch is insane and breaks so much.
Package managers on gnu/Linux have fixed this many years ago and even arch is more stable than android at this point.

youtube.com/watch?v=mYtvjijATa4

Not sure about OP but the rest of us sure do. There's nothing that excites us more then reading a Windows press release.

The problem is mainly all the custom brands of Android, and not Android or the phone itself. You need to update the kernel without breaking whatever crap Samsung or Sony or

release integrity

t. Does not already blacklist unknown devices.

The vulnerability is in the clients, not the AP.

They ignore and repress it, just like they did Heartbleed.

mac filtering does nothing against an attacker.
it might befuddle a passerby but anybody can see which MAC addresses are associated with an AP and spoof that address

Psst, nothing personel kid

bishopfox.com/blog/2017/10/a-bug-has-no-name-multiple-heap-buffer-overflows-in-the-windows-dns-client/

>They ignore and repress it, just like they did Heartbleed.
And the 28 backspace grub login bug.

Already patched in Linux and Windows, Apple has the patch in beta for its OSes.

Meanwhile Android is "likely in a few months" and that's only going to be google phones, all the rest will probably never be patched.

Google dev practices are a fucking cancer.

> mitigate

Also, wow! That's how a MAC addresses works???

>Apple has the patch in beta for its OSes.
Nope, it was patched around week ago on both iOS and macOS

Even better. I read an article yesterday claiming it hadn't been pushed yet but tech journos are morons so not surprised they fucked that up.

Patches are already being rolled out.

t. thinks this somehow affects how bugs are handled in linux brainlet

MAC filtering will never be useful under any circumstance

if you want to limit your clients then have them both use private keys

Tomato is dead for my routers, I've flashed to the latest lineageos roms on my android devices. Am I safe?

>I've flashed to the latest lineageos roms on my android devices
nope

They are left vulnerable, so the sheeple have to buy new ones...

Is the issue not patched in the latest nightly?

Uh, no. That's not my point, retard.

Heartbleed bug = SSL library issue that could lead to attackers maybe seeing your traffic in clear text if they MITM'd you and sent you an invalid certificate that the user would be warned about and had to agree to anyway in all modern browsers.

Grub bug = local exploit, who fucking cares

DNS heap overflow = any attacker controlling your DNS server (as in, any public WiFi or setting up fake/spoofed APs) could inject remote code into ring 0 on Windows, without requiring ANY USER INTERACTION what so ever (an attacker would simply wait until a known Windows service would make a DNS lookup in the background). This bug has been around since Windows 8 / Server 2012 up to just recently, a lot longer than the heartbleed bug existed in the wild and was a lot more serious, as it could be used as an actual backdoor to your system.

far as I know no android distros are patched because google hasn't patched it yet

>Cat5 Master race!
>Feels good man.

Well then, go on and crack my network or even better, crack Pixel. Google will pay for it.

That's what you get for not using wifi cables instead, retards.

>Discuss.
Nothing new can be here, just shitposts.

Lineage OS patched it on the 16.
review.lineageos.org/#/q/project:LineageOS/android_external_wpa_supplicant_8

wpa_supplicant fixed it in 2.6.11

So basically it will only effect old phones and computer which never are updated.

So you don't lock your doors either I assume. The exact same logic applies and it's unthinkable that someone would be a hypocrite over something they don't even understand.

it hasn't been. You still need to be authenticated to... sniff the traffic and inject packets? Really? Are you kids seiously this retarded to think it wasnt possible before in wifi?
AUTHENTICATION PROCESS IS NOT CRACKED.
fucking kill yourselves

>And it's nothing extreme, just text.
Protip: all data is just text. you can manipulate any data sent.
You meant to say plaintext, which means unencrypted data

A simple way of thinking about it is that it's a man in the middle using key replays.

>You still need to be authenticated
read it as many times as you need.

You should read the paper my man. Or least the krack attack website.

Still no poc, so they can suck my dick.

you're such a fucking retard.

There's a youtube video where they physically demonstrate the attack on a test network. They intercept some HTTPS traffic in the demo and run sslstrip on it.

You should read the paper, my man. Or at least the krack attack website.

Thanks for nothing.

Did you pull your topic from Tom's Hardware? Anyone that knows what they're doing is already patched.

What sane Linux user moves sensitive data over a wireless connection at all? Besides, it's already patched.

I always do.

What? True autists use FreeBSD which is actually secure.

Why the hell does a warranty matter? Are they going to give you a new phone when your old one has a security flaw they refuse to fix?

You are NOTHING! Solid Core Cat6a S/STP is the true master race.

>WAAH MY DOORS ARE DEAD I NEED TO BUY NEW DOORS BECAUSE MY KEYS WERE STOLEN
>just change the lock
>WAAH NO MY DOORS ARE DEAD YOU DON'T KNOW NO NOTHING WAAH

Android is garbage and broken by design.
The sad part of it is that while being shit it is still by far the best mobile OS we currently have.

ok lads, explain this:
does it only affect the wifi host (ie. router) or all devices, including clients? If I don't use hotspot functionality in my old as fuck android phone am I safe?

Read the fucking article you mong

no you stupid nigger
answer my question

Only clients are affected.

then what's the point of updating firmware of wifi router?

Read you useless piece of shit.

...

It can act as a client too.

>WPA2 packet encryption in-flight has been cracked but no this doesn't do Jack Fucking Shit to help you get the WPA2 passphrase to connect to the given target network which is all that most script kiddies and most hackers in general are looking to do so effectively this massive vulnerability ends up being useful to a mere handful of people and some government/law enforcement agencies in some situations.

FTFY

ok, so now I have to permanently disable wifi and bluetooth in my fucking xperia z1 compact. THANKS SONY FOR YOUR SUPPORT

As if you've ever done anything in your life that any government or law enforcement agency - or anyone at all, really - would give two shits about.

I mean you're posting on Sup Forums, you've already been catalogued completely and filed away as irrelevant, son, pay attention to the world around you sometime.

I'm working for a bigass company, handling some of sensitive pieces of code.
And no, I'm not worried of muh govment, more about random hackers.

Even motherfucking Windows 10 Mobile has the krack attack security fix.

Even motherfucking Chromebooks have the krack attack security fix.

How the fuck is Google so bad with Android security?