|
Pardot posted:lol in addition to the WPA2 stuff: https://twitter.com/dangoodin001/status/919798487776034817 github just kicked my yubikey 4's off my account due to this vuln yubikey 4 cannot receive firmware updates welp
|
#
?
Oct 16, 2017 16:39
|
|
|
|
| # ? May 14, 2024 18:58 |
|
|
ate all the Oreos posted:how about that "iOS and Windows are still vulnerable to the group key handshake" bit from the paper: "Finally, when the group key handshake is attacked, an adversary can replay group-addressed frames, i.e., broadcast and multicast frames."
|
|
#
?
Oct 16, 2017 16:46
|
|
|
eversion posted:github just kicked my yubikey 4's off my account due to this vuln good news tho https://www.yubico.com/keycheck/verify_otp
|
|
#
?
Oct 16, 2017 17:01
|
|
|
Honestly if in 2017 you rely on wifi encryption alone you're doing it really wrong. If you're worried about your devices getting into hostile networks I sure hope you've never paired to any open networks since thats the way we've setup mitms forever.
|
|
#
?
Oct 16, 2017 17:04
|
|
|
there have been quite a few of those posts already though, and i keep wondering whether they should be read "99.99% of users are loving idiots and should get off the internet", and whether you actually have been advicing your friends and family to not use wifi
|
|
#
?
Oct 16, 2017 17:12
|
|
|
lomarf, ubiquiti have a firmware out for their poo poo already, aerohive havent even acknowledged it as an issue that needs addressing
|
|
#
?
Oct 16, 2017 17:22
|
|
|
so just to make sure I understand, this is the apocalypse for every wpa_supplicant client that has ever existed and there is no patch at the AP that will mitigate it?
|
|
#
?
Oct 16, 2017 17:25
|
|
|
Thanks Ants posted:lomarf, ubiquiti have a firmware out for their poo poo already, aerohive havent even acknowledged it as an issue that needs addressing ruckus either lol
|
|
#
?
Oct 16, 2017 17:31
|
|
|
buy bin wifi, replace it every two years
|
|
#
?
Oct 16, 2017 17:33
|
|
|
apseudonym posted:Honestly if in 2017 you rely on wifi encryption alone you're doing it really wrong. so should I be finding a way to wipe all prior key exhange material from all my devices or should they have been doing that well enough through routine garbage collection?
|
|
#
?
Oct 16, 2017 17:35
|
|
|
Thanks Ants posted:aerohive this is what i'm waiting on c'mon aerohive get it together
|
|
#
?
Oct 16, 2017 17:41
|
|
|
M_Gargantua posted:so should I be finding a way to wipe all prior key exhange material from all my devices or should they have been doing that well enough through routine garbage collection? Keys wouldn't really be stored afaik Cybernetic Vermin posted:there have been quite a few of those posts already though, and i keep wondering whether they should be read "99.99% of users are loving idiots and should get off the internet", and whether you actually have been advicing your friends and family to not use wifi The exact opposite? If you're using tls and friends the network doesn't matter (and the network is always hostile). This doesn't noticably change the security posture for any device that has an open network in it's pairing list (e.g. Starbucks) aka just about all of them. Normal people shouldn't get off the Internet, though sometimes I wish parts of the security community would.
|
|
#
?
Oct 16, 2017 17:43
|
|
|
hey i wonder if airport extremes will get an update
|
|
#
?
Oct 16, 2017 17:59
|
|
|
lol I got mine for free from EFF last summer and it's affected. gonna give mine to my Dad to use as a FIDO token for GMail since he doesn't even know what github is but he likes having a feeling of doing something cool and secure so that The Saudis can't spy on him (the same way I got him to switch to using FaceTime Audio whenever possible)
|
|
#
?
Oct 16, 2017 18:16
|
|
|
apseudonym posted:Normal people shouldn't get off the Internet, though sometimes I wish parts of the security community would.
|
|
#
?
Oct 16, 2017 18:27
|
|
|
folks, folks... everyone should get off the internet, forever.
|
|
#
?
Oct 16, 2017 18:41
|
|
|
Btw, supposedly it's only the open gpg keygen functionality that's affected. U2f and otp modes are fine. But go ahead and get your free yubikey everyone, cause why not? seriously the per unit cost for these is probably like $2 and I hope they're just charging this all back to infineon.
|
|
#
?
Oct 16, 2017 18:42
|
|
|
mrmcd posted:Btw, supposedly it's only the open gpg keygen functionality that's affected. U2f and otp modes are fine. But go ahead and get your free yubikey everyone, cause why not? i have used the rsa key generator on my yubikey for ssh, but got lucky?
|
|
#
?
Oct 16, 2017 18:48
|
|
|
oh plus yubico could almost certainly buy insurance against this kind of event if they didn't want to hold the risk themselves
|
|
#
?
Oct 16, 2017 18:49
|
|
|
The replacement shipping option is kind of confusing. They have like 3 different free shipping options.
|
|
#
?
Oct 16, 2017 19:12
|
|
|
Oh cool I just ordered a free replacement of a yubikey I got for free at blackhat
|
|
#
?
Oct 16, 2017 19:20
|
|
|
this belongs here. 
|
|
#
?
Oct 16, 2017 20:19
|
|
|
https://twitter.com/esetglobal/status/919974497926766593 https://www.blog.google/products/chrome/cleaner-safer-web-chrome-cleanup/ uhhh? tavis?
|
|
#
?
Oct 16, 2017 23:32
|
|
|
Phone posted:this belongs here. it's me, the 13-year old who just learned layer filters
|
|
#
?
Oct 17, 2017 00:03
|
|
|
aerohive have spoken at last https://www3.aerohive.com/support/security-bulletins/Product-Security-Announcement-Aerohives-Response-to-KRACK-10162017.html
|
|
#
?
Oct 17, 2017 00:12
|
|
|
Daman posted:https://twitter.com/esetglobal/status/919974497926766593
|
|
#
?
Oct 17, 2017 00:19
|
|
|
lol ruckus's response is some top tier poo pooquote:What is the issue? quote:Is this issue severe? Still no patch or statement from their hardware division https://forums.ruckuswireless.com/ruckuswireless/topics/severe-flaw-in-wpa2-cracked
|
|
#
?
Oct 17, 2017 00:29
|
|
|
speaking of Tavis, https://twitter.com/taviso/status/920052238554251264
|
|
#
?
Oct 17, 2017 00:38
|
|
|
|
|
#
?
Oct 17, 2017 00:39
|
|
|
cinci zoo sniper posted:mainly b/c they are not shy to pay senior 50k (before any deductions), where the locals will try to ratfuck you in the poverty faster than american healthcare 50k is like, good, in latvia? Like what is your rent like?
|
|
#
?
Oct 17, 2017 01:35
|
|
|
maskenfreiheit posted:50k is like, good, in latvia? Like what is your rent like? median income in latvia is like $400 a month dude
|
|
#
?
Oct 17, 2017 01:41
|
|
|
Notorious b.s.d. posted:median income in latvia is like $400 a month dude latvian dollars or, like, real dollars
|
|
#
?
Oct 17, 2017 01:45
|
|
|
infernal machines posted:latvian dollars or, like, real dollars latvia dollars is euros
|
|
#
?
Oct 17, 2017 01:52
|
|
|
fishmech posted:latvia dollars is euros infernal machines posted:latvian dollars or, like, real dollars
|
|
#
?
Oct 17, 2017 01:54
|
|
|
Shaggar posted:excuse me but you are attacking the democrat brand which means you are a republican so i don't have to listen to you. No I am a Russian bot
|
|
#
?
Oct 17, 2017 02:32
|
|
|
Daman posted:https://twitter.com/esetglobal/status/919974497926766593 eset has a really good network to monitoring and auto-blocking connections to known malicious hosts I bet that's what they're bundling with chrome which is Good
|
|
#
?
Oct 17, 2017 02:35
|
|
|
https://twitter.com/tqbf/status/920009085608714240
|
|
#
?
Oct 17, 2017 02:38
|
|
|
BangersInMyKnickers posted:eset has a really good network to monitoring and auto-blocking connections to known malicious hosts I bet that's what they're bundling with chrome which is Good
|
|
#
?
Oct 17, 2017 02:38
|
|
|
dehumanize yourself and face to sandboxing
|
|
#
?
Oct 17, 2017 02:39
|
|
|
|
| # ? May 14, 2024 18:58 |
|
|
maskenfreiheit posted:50k is like, good, in latvia? Like what is your rent like? 50k is beyond fantastic, basically the limit for non-managers. my rent right now is 250/mo for a 2br in decent area
|
|
#
?
Oct 17, 2017 04:20
|
|
