[kwlug-disc] KRACK on WPA2

Ron Singh ronsingh149 at gmail.com
Tue Oct 17 18:54:40 EDT 2017 

Khalid, damn good find! I will pass this around.

I would imagine that Android less than 6x will still be vulnerable, and
likely the mfgs are hoping a significant populations is NOT on sub-6.x
Android

I wonder how much of the world's users of anything that has wifi and is
wpa/wpa2-secured will really be aware of this?
We are talking about billions of devices at this point and more than 2
billion users I would think that are affected.

Then again, one is only vulnerable if someone actually gets in on tries to
get into your data stream and really, how many people will face such an
intrusion, very few since wifi client-ap connectivity is a requirement and
I for one will be looking out my window to see if there is a black unmarked
van parked nearly for an extended period of time, haha.

I am in the IT reseller industry and clients are going wild
patching/looking for patches for their routers/aps/client devices.

Thanks,

Ron Singh
"in transit, via mobile comm device"

On Mon, Oct 16, 2017 at 9:22 PM, Khalid Baheyeldin <kb at 2bits.com> wrote:

> This is the most comprehensive list I have seen so far on
> what the status of fixes for various platforms.
>
> https://www.bleepingcomputer.com/news/security/list-of-
> firmware-and-driver-updates-for-krack-wpa2-vulnerability/
>
> For Android, it quotes Google as saying Android 6.0 and higher is
> vulnerable and
> they are working on a fix.
>
> They don't mention Android 5.x though. Does that means it is not
> supported, or not vulnerable?
>
> On 10/16/17, Chamunks <chamunks at gmail.com> wrote:
> > I haven't read into it but apparently Android O is supposed to fix
> security
> > update failures.
> >
> > On Mon, Oct 16, 2017 at 7:07 PM Khalid Baheyeldin <kb at 2bits.com> wrote:
> >
> >> An hour after I read the news about KRACK, I got the Ubuntu
> >> security mailing list notification that a fix for wpa_supplicant
> >> is available. I installed it on the laptops that use WiFi.
> >>
> >> The concern here is for Android phones, as each vendor
> >> is responsible for their own version.
> >>
> >> Google introduced Google Play Services with KitKat for
> >> updating certain things. But not sure if it can reach
> >> that deep and update stuff like WiFi and such.
> >>
> >> --
> >> Khalid M. Baheyeldin
> >> 2bits.com, Inc.
> >> http://2bits.com
> >> Drupal optimization, development, customization and consulting.
> >> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
> >> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
> >>
> >> _______________________________________________
> >> kwlug-disc mailing list
> >> kwlug-disc at kwlug.org
> >> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> >>
> >
>
>
> --
> Khalid M. Baheyeldin
> 2bits.com, Inc.
> http://2bits.com
> Drupal optimization, development, customization and consulting.
> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20171017/4e81eb21/attachment.htm>

More information about the kwlug-disc mailing list