Mailinglist Archive: opensuse (783 mails)

< Previous Next >
Re: [opensuse] Fwd: Basically every WiFi device just hacked?
On Mon, Oct 16, 2017 at 05:07:17PM -0400, Greg Freemyer wrote:
Without HTML this time:

On Mon, Oct 16, 2017 at 12:18 PM, Marcus Meissner <meissner@xxxxxxx> wrote:
As Richard writes, we will be releasing updates.

FWIW, if you behave the same with your laptop and cellphone in your own
wireless networks
with WPA compared to Wireless internet cafes / hotels / trains that have
unprotected wifi,
then you don't need to panic anyway.

SSL and VPN is usually to our rescue here.

Ciao, Marcus


I think this crack is more serious than most.

If I use an open WiFi or WEP and someone performs enough packet
capture they can indeed figure out how to decrypt and monitor my
communications. SSL and VPN indeed keep them from figuring anything

But this is a full-fledged man-in-the-middle crack. That includes
packet manipulation and injection. Maybe not immediately, but in
short order bad actors will surely figure out how to short circuit SSL
and SSH type protections.

I imagine in a few days, we'll start to see client OS patched.
Routers seem to always take longer.

If you are using open WLANs (without WPA or WEP), this packet injection
is alreay possible as you write above.

The KRACK attack weakens WPA a bit towards this kind of openess.

Ciao, Marcus

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >