Recent Posts

Pages: 1 2 3 4 5 6 [7] 8 9 10
61
I skimmed a tiny bit of the Krack site's explanation. It's a man-in-the-middle attack and it relies on a predictable pattern of exchanging ciphers when setting up the connection.

My gut feeling is that such attacks will be unavoidable unless each end uses something similar to private/public key cryptography so that a middleman can't intercept states of the connection setup.

In other words each end of the connection will have to share some identity info in order to make the connection truly private.

Any such scheme as WPA that relies on dynamic setup of connections with unknown user hardware and firmware at each end will be vulnerable. They'll probably redesign the WPA protocol to avoid THIS attack but a new protocol will have its own weakness waiting to be exploited.

The only airtight fix to this I can think of is to make all users of wifi be known parties with their own crypto keys. There goes all possible anonymity. Even a Starbucks wifi will know who you are.  >:(
62
Thanks, Arnold.

If I read the articles correctly, you're not vulnerable if you're using HTTPS over WPA2, but if you use WPA2 encryption only, you are vulnerable.

Time to update a lot of routers!

I wonder if the router vendors will be able to offer downloadable firmware updates to fix this, or whether the only option will be new routers?

Also, I wonder if WPA2 is fixable via a fix, or whether it will have to be junked and we go on to "WPA3" ?  The Guardian article seems to say that WPA2 is fixable via a fix.
63
Discussions - Public / Just When You Thought Internet Security Couldn't Get Any Worse
« Last post by ArnoldW2 on October 17, 2017, 05:12:01 PM »

ALL wifi networks' are vulnerable to hacking, security expert discovers

The security protocol used to protect the vast majority of wifi connections has been broken, potentially exposing wireless internet traffic to malicious eavesdroppers and attacks, according to the researcher who discovered the weakness.

Mathy Vanhoef, a security expert at Belgian university KU Leuven, discovered the weakness in the wireless security protocol WPA2, and published details of the flaw.

https://www.theguardian.com/technology/2017/oct/16/wpa2-wifi-security-vulnerable-hacking-us-government-warns

https://www.krackattacks.com/
64
Oh, you're holding a gun pointed at my temple. Here, I'll give you a bullet and I'll tell you how to turn the safety off.

Hilarious. I hope I get a chance to use your bon-mot in a conversation sometime.
65
Discussions - Public / It's Orwell's telescreen but currently just the audio track
« Last post by The Gorn on October 14, 2017, 10:20:48 PM »
So Google and Amazon make these appliances for some kind of marginal lifestyle convenience, like being able to tell a computer to do something with spoken words a la Star Trek, which to my thinking are basically potential 24 hour a day spying devices. And people are dumb enough to buy these stupid devices?

I would be OK with a device that you had to hold a button down on to give voice commands to. We have Alexa on our Fire TV but you have to hold the microphone button down which places it in listen mode. Otherwise the 2 AAA batteries in the remote don't have the potential to keep streaming audio continuously to the device 24x7. So I deem that push to talk fetaure safe. 

The potential for government abuse with these things is through the stratosphere.

Oh, you're holding a gun pointed at my temple. Here, I'll give you a bullet and I'll tell you how to turn the safety off.
66
Yeah, I saw that. Supposedly it's a bug that will be fixed soon. I wonder if it wasn't on purpose, then was declared a "bug" when they got caught. If so, it wouldn't be the first time a tech company has used this strategy. Google = not trustworthy.

Agreed. Google is an extension of the NSA and others.
67
Loco Stories / Humor / Re: Carole King's Wasn't Born to Follow
« Last post by JoFrance on October 14, 2017, 02:55:46 PM »
Yeah, that sounds like fun.  When I look at that movie today, I think about how much freedom we had back then to do what we wanted.  I never drove a motorcycle, but I had a 65 Mustang convertible, and even though it was used and had its problems, it was heaven to drive anywhere with the top down and my 8 track player.  I wish I had kept that car.  It was dark blue with a white convertible top.  Woo-hoo!

68
Yeah, I saw that. Supposedly it's a bug that will be fixed soon. I wonder if it wasn't on purpose, then was declared a "bug" when they got caught. If so, it wouldn't be the first time a tech company has used this strategy. Google = not trustworthy.
69
Two recent projects:

My plumbing project - medium hard work and extremely satisfying.

My crashed PC drive and scrambling to recover something useful - making me into a Charles Manson at home. It's Goddamned driving me up the mother fucking WALL.

Even w/o social media, IT work is soul suckingly all consuming and you can easily splatter like a bug on a windshield and have NOTHING to show for very very hard work over a VERY long period of time. I'm surprised more IT people don't turn into mass killers.  >:(

Soul sucking and all consuming, I LOVE IT
70


I think we should have H1B Congressman. Maybe even the president. Think of all the savings. $40K versus $250K salary.

The govmt is riddled to the core with H1Bs. Every federal and state agencies except for DoD is filled to the brim with H1Bs. Its purposely hidden from the public because if the public knew there taxes dollars was being given away to foreigners on work visas they would have a cow.

I think its time to move up the chain - H1B congressman and senators, H1B agency heads, H1B governors, why not? They have done it to everyone else.  Offshoring and outsourcing is so great, give them a taste! Trust us, you will like it!
Pages: 1 2 3 4 5 6 [7] 8 9 10