Fail of Your Day


#402

Apparently WPA2 is broken. This is going to be an internet of shit disaster.


#403

That’s the topic of the show tonight.

It’s shocking how simple the exploit is. It’s bad.


#404

Use VPN, but that only protects you on the application layer. Other things like DHCP are vulnerable. Lock in your DNS server manually to avoid it being automatically changed to an evil one. Also, listen to GeekNights tonight.


#405

I’m thinking about making a separate VLAN for Internet-o-Shit things that won’t be patched.


#406

I solve this by not having any Internet-o-things. My wifi is only used by iPhone, iPad, 3DS. I frequently monitor the connected devices list to make sure neighbors haven’t figured out the passwords.


#407

Thankfully the only wifi enabled devices are computers, tablets, and a new printer. I will keep tabs on the printer firmware to make sure I get the lastest patch, but my record of no IoT remains to be true.


#408

I noticed how simple the attack is. Literally forcing the protocol to reuse a key. It’s real bad and to my knowledge no patches exist just yet.


#409

I just can’t believe no one noticed this. Replaying part of a key exchange is baby’s first attack.


#410

Especially when you consider that more sophisticated tools that break into the same thing but actually guess passwords are already built into kali

I’ve done this because it’s a pure listening attack. In principal undetectable unless you use the password you get to log in.


#411

There are patches. Windows pushed one on the 10th and it looks like newer iOS devices are generally safe. A bunch of other companies also have patches out, like Cisco, Netgear and Intel.


#412

Well that’s a relief that 3 of the big guys have it.

Ubiquiti has a new firmware version expected midweek this week to address it which will basically fix the issue in my house as that’s the only broadcast point I have.

Still though. It’s a firmware update meaning I need to press buttons to make it happen.


#413

Most people will not push those buttons. Then what?

Does this spell the end of my still otherwise perfectly functional Netgear WNDR3700? What if it doesn’t get a firmware update? What is the best secure router these days?


#414

At the moment there’s literally nothing that exists. We have to wait and see what the long term fix is.


#415

Maybe I have to get a router with an open source OS so that I can get patches forever.


#416

I’ve had good luck with pfsense for wired things, but I’ve never tried to do a wireless AP with it.


#417

I mean like openwrt or dd-wrt.


#418

Those have no guarantee of updates unless you’re going to code them yourself. My D-Link router stopped getting DD-WRT updates not long after I got it.


#419

I thought that there was just one DD-WRT source code that is in active development, and you just have to compile an image for your personal router if nobody else does.


#420

Oh fuck, I have no idea. I just put my model number into their website and it wasn’t getting updates.


#421