new wpa supplicant pushed just hours ago on mint 18.2..
On 2017-10-16 04:56 AM, Brian Kantor wrote:
This appears to be somewhat serious; it will probably require people to reflash the firmware in some or all of their wireless devices when fixes become available. How one reflashes IoT devices is problematic.
- Brian
From ARSTechnica:
"The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that's scheduled for 8 a.m. Monday, east coast time. An advisory the US CERT recently distributed to about 100 organizations described the research this way:
"US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017."
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-p...
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net