|
It's loving dumb you have to pay to read ieee standards.
|
# ? Oct 16, 2017 07:54 |
|
|
# ? May 14, 2024 11:39 |
abigserve posted:It's loving dumb you have to pay to read ieee standards.
|
|
# ? Oct 16, 2017 08:14 |
|
abigserve posted:It's loving dumb you have to pay to read ieee standards.
|
# ? Oct 16, 2017 08:21 |
|
Even worse with ISO standards, which has actual national standards bodies making up the bulk of the organization. You would think that countries would have a vested interest in ensuring that their citizens could do business and follow international standards without forking over cash just to learn what those standards are.
|
# ? Oct 16, 2017 09:16 |
|
so, having worked with people who were anal about buying ISO/IEEE standards, is there recourse if you don't shell out the 10x-per-seat for them?
|
# ? Oct 16, 2017 09:48 |
|
RFC2324 posted:WPA2 was known to be insecure prior to this? at our office wifi only gives you access to internet and the printer
|
# ? Oct 16, 2017 10:11 |
|
https://twitter.com/gossithedog/status/919856214867173376 https://twitter.com/gossithedog/status/919858447138611200 shaggar was right
|
# ? Oct 16, 2017 10:35 |
|
yeah wpa_supplicant has already been patched:quote:Attacks: Forcing Nonce Reuse in WPA2.
|
# ? Oct 16, 2017 10:48 |
|
abigserve posted:It's loving dumb you have to pay to read ieee standards. if only there was some sort of scientific hub or something where you could read papers and standards without paying
|
# ? Oct 16, 2017 11:01 |
|
ultramiraculous posted:so, having worked with people who were anal about buying ISO/IEEE standards, is there recourse if you don't shell out the 10x-per-seat for them? if people are anal about buying them, they won’t be happy otherwise when I implemented sql a couple years back I found a working committee's drafts on their website for free and just used those, because basic sql poo poo (SELECT select-list FROM collection WHERE conditions) wasn’t going to be part of their changes
|
# ? Oct 16, 2017 12:22 |
|
TPM is broken too...again. What a weekend
|
# ? Oct 16, 2017 14:03 |
|
yeah the infineon flaw was in the pipeline for a while: https://crocs.fi.muni.cz/public/papers/rsa_ccs17 eta until someone puts 2 and 2 together with the tampered crypto chips in a big distributor nsa were bragging about internally
|
# ? Oct 16, 2017 14:32 |
|
Bulgogi Hoagie posted:https://twitter.com/gossithedog/status/919856214867173376 how is it a flaw in wpa2 if it doesn't affect all clients?
|
# ? Oct 16, 2017 15:32 |
|
do those clients do something exceeding the WPA2 specification?
|
# ? Oct 16, 2017 15:34 |
|
cool oneplus has been phoning home with all sorts of poo poo
|
# ? Oct 16, 2017 15:36 |
|
Subjunctive posted:do those clients do something exceeding the WPA2 specification? from a quick glance at the paper it goes like this: Theres some stupid poo poo in wpa2, specifically it allows key-reuse Windows and IOS, being security oriented, do not implement the key-reuse portions of wpa2 Linux, being security incapable, implements it fully because of autism Key-reuse allows people to re-use keys which is loving retarded and leaves you vulnerable to replay attacks. In this way anyone w/ the full spec implementation (Linux) is vulnerable, and those who avoided it are ok. so this is great because its absolutely a flaw in the design of wpa2 (and a glaring one at that), but security conscious os designers noticed and mitigated the flaws from the start.
|
# ? Oct 16, 2017 15:42 |
Phone posted:cool only idiots find this news
|
|
# ? Oct 16, 2017 15:44 |
|
hahaha https://twitter.com/thehill/status/919913359616675841
|
# ? Oct 16, 2017 15:44 |
|
either the madam reads this thread or it is truly visionary
|
# ? Oct 16, 2017 15:45 |
|
|
# ? Oct 16, 2017 15:46 |
|
cinci zoo sniper posted:only idiots find this news *extremely adam jensen voice*
|
# ? Oct 16, 2017 15:47 |
|
god drat she is the worst
|
# ? Oct 16, 2017 15:47 |
|
Shaggar posted:god drat she is the worst if she simply went away the dems might stand a chance in 2020 but lol at that happening
|
# ? Oct 16, 2017 15:50 |
|
so the krack attack does not apply to windows clients, but does both parties need to be vulnerable for this attack to work? or is having a cheapo router that's vulnerable enough?
|
# ? Oct 16, 2017 15:51 |
|
Just-In-Timeberlake posted:if she simply went away the dems might stand a chance in 2020 but lol at that happening yeah that's not in the democrat party DNA. If the more people tell them they're wrong about something or someone, the harder they double down on it
|
# ? Oct 16, 2017 15:52 |
|
Never forget DEC
|
# ? Oct 16, 2017 15:53 |
|
Shaggar posted:yeah that's not in the democrat party DNA. If the more people tell them they're wrong about something or someone, the harder they double down on it she is the definition of brand poison
|
# ? Oct 16, 2017 15:57 |
|
ymgve posted:so the krack attack does not apply to windows clients, but does both parties need to be vulnerable for this attack to work? or is having a cheapo router that's vulnerable enough? at this point it seems like the AP doesn't play a role at all outside of it using wpa2. this is all client side so if you're on windows your fine and if you're on Linux you're in trouble unless you're on ios. What i'd like to see more than anything is the decision making that went into ignoring the spec, specifically wrt ios/osx cause osx implements some of it and ios doesn't but why would they have different wifi implementations?
|
# ? Oct 16, 2017 15:59 |
|
ymgve posted:so the krack attack does not apply to windows clients, but does both parties need to be vulnerable for this attack to work? or is having a cheapo router that's vulnerable enough? it's actually multiple different vulns and i'm not sure anyone in this thread actually thought about this hard enough yet to tell you one way or the other
|
# ? Oct 16, 2017 15:59 |
|
not that they won't try, lol
|
# ? Oct 16, 2017 16:00 |
|
Just-In-Timeberlake posted:she is the definition of brand poison they're gonna run her again in 2020 lmao
|
# ? Oct 16, 2017 16:00 |
|
whats nice tho is people who were defending her against everyone who hated her pre-election are now starting to see the same things pre-election haters did.
|
# ? Oct 16, 2017 16:02 |
|
Shaggar posted:whats nice tho is people who were defending her against everyone who hated her pre-election are now starting to see the same things pre-election haters did. i mean, i voted for her and if the 2020 election is her v. trump i'll vote for her again but gently caress how blind can the dems be to not see she is absolutely poisoned as a candidate. there is no undoing the damage her brand took in the last election cycle.
|
# ? Oct 16, 2017 16:07 |
|
ate all the Oreos posted:it's actually multiple different vulns and i'm not sure anyone in this thread actually thought about this hard enough yet to tell you one way or the other its basically the same flaw in multiple parts of the spec so technically maybe different vulnerabilities, but the same root design flaws. whats really weird is osx implements one of the vulnerabilities, but not others and ios is different.
|
# ? Oct 16, 2017 16:08 |
|
https://twitter.com/mrgretzky/status/919883806475194368
|
# ? Oct 16, 2017 16:11 |
|
Just-In-Timeberlake posted:i mean, i voted for her and if the 2020 election is her v. trump i'll vote for her again but gently caress how blind can the dems be to not see she is absolutely poisoned as a candidate. there is no undoing the damage her brand took in the last election cycle. excuse me but you are attacking the democrat brand which means you are a republican so i don't have to listen to you.
|
# ? Oct 16, 2017 16:12 |
|
Shaggar posted:looks like the opposite, they ignore parts of the spec shaggar was right
|
# ? Oct 16, 2017 16:14 |
|
how about that "iOS and Windows are still vulnerable to the group key handshake" bit
|
# ? Oct 16, 2017 16:15 |
|
Pardot posted:this krack thing is going to suck, isn't it? ughhhh Not really. It doesn't recover the network key and it requires the rogue client to be active during the 4-way handshake, and even in the worse case of removing the encryption of the wireless packets, you now have presumably encrypted traffic, such as https/ssh/vpn. Anything that is plain-text doesn't really matter anyway.
|
# ? Oct 16, 2017 16:20 |
|
|
# ? May 14, 2024 11:39 |
|
ate all the Oreos posted:it's actually multiple different vulns and i'm not sure anyone in this thread actually thought about this hard enough yet to tell you one way or the other It affects APs that act as wifi clients (range extenders, etc), also there's a server side flaw in 802.11r. Of everything in my house, only one cheapo 802.11ac extender is presumed "won't be patched within a month" trashwear, and you need an active attacker inside wifi range (a compromised client counts), so it's a big deal due to IOT devices for people who have a lot, but still pretty whatever. James Baud fucked around with this message at 16:36 on Oct 16, 2017 |
# ? Oct 16, 2017 16:30 |