Fail of Your Day


Apparently WPA2 is broken. This is going to be an internet of shit disaster.


That’s the topic of the show tonight.

It’s shocking how simple the exploit is. It’s bad.


Use VPN, but that only protects you on the application layer. Other things like DHCP are vulnerable. Lock in your DNS server manually to avoid it being automatically changed to an evil one. Also, listen to GeekNights tonight.


I’m thinking about making a separate VLAN for Internet-o-Shit things that won’t be patched.


I solve this by not having any Internet-o-things. My wifi is only used by iPhone, iPad, 3DS. I frequently monitor the connected devices list to make sure neighbors haven’t figured out the passwords.


Thankfully the only wifi enabled devices are computers, tablets, and a new printer. I will keep tabs on the printer firmware to make sure I get the lastest patch, but my record of no IoT remains to be true.


I noticed how simple the attack is. Literally forcing the protocol to reuse a key. It’s real bad and to my knowledge no patches exist just yet.


I just can’t believe no one noticed this. Replaying part of a key exchange is baby’s first attack.


Especially when you consider that more sophisticated tools that break into the same thing but actually guess passwords are already built into kali

I’ve done this because it’s a pure listening attack. In principal undetectable unless you use the password you get to log in.


There are patches. Windows pushed one on the 10th and it looks like newer iOS devices are generally safe. A bunch of other companies also have patches out, like Cisco, Netgear and Intel.


Well that’s a relief that 3 of the big guys have it.

Ubiquiti has a new firmware version expected midweek this week to address it which will basically fix the issue in my house as that’s the only broadcast point I have.

Still though. It’s a firmware update meaning I need to press buttons to make it happen.


Most people will not push those buttons. Then what?

Does this spell the end of my still otherwise perfectly functional Netgear WNDR3700? What if it doesn’t get a firmware update? What is the best secure router these days?


At the moment there’s literally nothing that exists. We have to wait and see what the long term fix is.


Maybe I have to get a router with an open source OS so that I can get patches forever.


I’ve had good luck with pfsense for wired things, but I’ve never tried to do a wireless AP with it.


I mean like openwrt or dd-wrt.


Those have no guarantee of updates unless you’re going to code them yourself. My D-Link router stopped getting DD-WRT updates not long after I got it.


I thought that there was just one DD-WRT source code that is in active development, and you just have to compile an image for your personal router if nobody else does.


Oh fuck, I have no idea. I just put my model number into their website and it wasn’t getting updates.