<div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif">Khalid, damn good find! I will pass this around.</div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">I would imagine that Android less than 6x will still be vulnerable, and likely the mfgs are hoping a significant populations is NOT on sub-6.x Android <br></div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">I wonder how much of the world's users of anything that has wifi and is wpa/wpa2-secured will really be aware of this?</div><div class="gmail_default" style="font-family:tahoma,sans-serif">We are talking about billions of devices at this point and more than 2 billion users I would think that are affected.</div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">Then again, one is only vulnerable if someone actually gets in on tries to get into your data stream and really, how many people will face such an intrusion, very few since wifi client-ap connectivity is a requirement and I for one will be looking out my window to see if there is a black unmarked van parked nearly for an extended period of time, haha.</div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">I am in the IT reseller industry and clients are going wild patching/looking for patches for their routers/aps/client devices.<br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature">Thanks,<br><br>Ron Singh<br>"in transit, via mobile comm device"</div></div>
<br><div class="gmail_quote">On Mon, Oct 16, 2017 at 9:22 PM, Khalid Baheyeldin <span dir="ltr"><<a href="mailto:kb@2bits.com" target="_blank">kb@2bits.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">This is the most comprehensive list I have seen so far on<br>
what the status of fixes for various platforms.<br>
<br>
<a href="https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/" rel="noreferrer" target="_blank">https://www.bleepingcomputer.<wbr>com/news/security/list-of-<wbr>firmware-and-driver-updates-<wbr>for-krack-wpa2-vulnerability/</a><br>
<br>
For Android, it quotes Google as saying Android 6.0 and higher is<br>
vulnerable and<br>
they are working on a fix.<br>
<br>
They don't mention Android 5.x though. Does that means it is not<br>
supported, or not vulnerable?<br>
<br>
On 10/16/17, Chamunks <<a href="mailto:chamunks@gmail.com">chamunks@gmail.com</a>> wrote:<br>
> I haven't read into it but apparently Android O is supposed to fix security<br>
> update failures.<br>
><br>
> On Mon, Oct 16, 2017 at 7:07 PM Khalid Baheyeldin <<a href="mailto:kb@2bits.com">kb@2bits.com</a>> wrote:<br>
><br>
>> An hour after I read the news about KRACK, I got the Ubuntu<br>
>> security mailing list notification that a fix for wpa_supplicant<br>
>> is available. I installed it on the laptops that use WiFi.<br>
>><br>
>> The concern here is for Android phones, as each vendor<br>
>> is responsible for their own version.<br>
>><br>
>> Google introduced Google Play Services with KitKat for<br>
>> updating certain things. But not sure if it can reach<br>
>> that deep and update stuff like WiFi and such.<br>
>><br>
>> --<br>
>> Khalid M. Baheyeldin<br>
>> <a href="http://2bits.com" rel="noreferrer" target="_blank">2bits.com</a>, Inc.<br>
>> <a href="http://2bits.com" rel="noreferrer" target="_blank">http://2bits.com</a><br>
>> Drupal optimization, development, customization and consulting.<br>
>> Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra<br>
>> Simplicity is the ultimate sophistication. -- Leonardo da Vinci<br>
>><br>
>> ______________________________<wbr>_________________<br>
>> kwlug-disc mailing list<br>
>> <a href="mailto:kwlug-disc@kwlug.org">kwlug-disc@kwlug.org</a><br>
>> <a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" rel="noreferrer" target="_blank">http://kwlug.org/mailman/<wbr>listinfo/kwlug-disc_kwlug.org</a><br>
>><br>
><br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
--<br>
Khalid M. Baheyeldin<br>
<a href="http://2bits.com" rel="noreferrer" target="_blank">2bits.com</a>, Inc.<br>
<a href="http://2bits.com" rel="noreferrer" target="_blank">http://2bits.com</a><br>
Drupal optimization, development, customization and consulting.<br>
Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra<br>
Simplicity is the ultimate sophistication. -- Leonardo da Vinci<br>
<br>
______________________________<wbr>_________________<br>
kwlug-disc mailing list<br>
<a href="mailto:kwlug-disc@kwlug.org">kwlug-disc@kwlug.org</a><br>
<a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" rel="noreferrer" target="_blank">http://kwlug.org/mailman/<wbr>listinfo/kwlug-disc_kwlug.org</a><br>
</font></span></blockquote></div><br></div>