Author Topic: Severe flaw in WPA2  (Read 518 times)

Offline ssfc72

  • Posting Member
  • Hero Member
  • *
  • Posts: 726
  • Karma: +0/-0
    • View Profile
Mint 18.3 on an HP Pavilion X360, 11" k120ca notebook
Tried Mint 19, but too many bugs. Went back to Mint 18.3
Cellphone ZTE Axon 7 Mini, PCMobile pay as you go

Offline Jason Wallwork

  • Administrator
  • Hero Member
  • *****
  • Posts: 1405
  • Karma: +4/-0
    • View Profile
Re: Severe flaw in WPA2
« Reply #1 on: October 16, 2017, 07:01:38 am »
One of the comments mentions that if you're careful about only putting data only over HTTPS, your data is still safe since it's encrypted that way. Good reason to install and use HTTPS Everywhere (it's a plugin).

Think I'm going to just use the mobile network for my phone when I'm away from home now especially with that info about VPNs although at least one was found to be good.

Free wireless access points are probably all going to be scary now because the likelihood they will patch is small. And home routers, ugh, even less likely to be patched unless they're new or expensive. Sigh. Really considering using a Raspberry PI as a router. It's better than cheap routers, I'm sure, and at least you know it's going to continue to be patched.
Primary: Desktop Tower with Kubuntu 18.10 on i5-3470 3.2 GHz with 12 GB RAM, 64 GB SSD for OSes, 4 TB RAID-10 array for programs/data

Secondary/Test: Toshiba Satellite Ultrabook Z830-00K w/ Linux Du Jour, (i3-2367M 1.4 GHz, 4GB RAM, 128GB SDD)

Offline Jason Wallwork

  • Administrator
  • Hero Member
  • *****
  • Posts: 1405
  • Karma: +4/-0
    • View Profile
Re: Severe flaw in WPA2
« Reply #2 on: October 16, 2017, 10:35:04 am »
Been thinking about this more. The biggest concern is really going to be with mobile devices. If you're using wireless at home, an attacker will need to be in range to attack you. Probably an unlikely scenario for most people unless wardriving becomes a thing again.

But if you're using free wifi hotspots, you would be a lot more susceptible since they can hack clients (the biggest problem) such as your phone. Though every device is potentially vulnerable it appears Linux and Android devices are the most problematic. Since we can't control routers on the outside even if we patch our client devices, I'd recommend making sure that you're using https when you log into any websites. Note that the injection means a compromised network can re-direct websites to use HTTP only (those that have the login possibility) so doublecheck you're using a secure connection.
Primary: Desktop Tower with Kubuntu 18.10 on i5-3470 3.2 GHz with 12 GB RAM, 64 GB SSD for OSes, 4 TB RAID-10 array for programs/data

Secondary/Test: Toshiba Satellite Ultrabook Z830-00K w/ Linux Du Jour, (i3-2367M 1.4 GHz, 4GB RAM, 128GB SDD)

Offline ssfc72

  • Posting Member
  • Hero Member
  • *
  • Posts: 726
  • Karma: +0/-0
    • View Profile
Re: Severe flaw in WPA2
« Reply #3 on: October 16, 2017, 06:52:49 pm »
My Mint 18 distro just issued a WPA update, today. Oddly, it was only a level 2 update?
Mint 18.3 on an HP Pavilion X360, 11" k120ca notebook
Tried Mint 19, but too many bugs. Went back to Mint 18.3
Cellphone ZTE Axon 7 Mini, PCMobile pay as you go

Offline Jason Wallwork

  • Administrator
  • Hero Member
  • *****
  • Posts: 1405
  • Karma: +4/-0
    • View Profile
Re: Severe flaw in WPA2
« Reply #4 on: October 17, 2017, 08:26:15 am »
1 Minimal: No impact on the system or other applications.
2 Normal: Default level. Usually low impact on the system.

This would definitely have would have an impact on the system, at least potentially. Remember levels aren't priority levels. They're impact levels. It's also new, so they probably don't know if it will have unforeseen impacts yet.
Primary: Desktop Tower with Kubuntu 18.10 on i5-3470 3.2 GHz with 12 GB RAM, 64 GB SSD for OSes, 4 TB RAID-10 array for programs/data

Secondary/Test: Toshiba Satellite Ultrabook Z830-00K w/ Linux Du Jour, (i3-2367M 1.4 GHz, 4GB RAM, 128GB SDD)