Author Topic: WPA2 vulnerability exposed  (Read 14972 times)

0 Members and 1 Guest are viewing this topic.

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23017
  • Country: gb
Re: WPA2 vulnerability exposed
« Reply #25 on: October 16, 2017, 08:48:13 pm »
My MacBook doesn't have ethernet and I'm not buying a fucking dongle.
 

Offline MrW0lf

  • Frequent Contributor
  • **
  • Posts: 922
  • Country: ee
    • lab!fyi
Re: WPA2 vulnerability exposed
« Reply #26 on: October 16, 2017, 08:55:13 pm »
So reached for apple and now all exposed? There was similar story couple k years ago :P Did not end well.
 

Offline cdev

  • Super Contributor
  • ***
  • !
  • Posts: 7350
  • Country: 00
Re: WPA2 vulnerability exposed
« Reply #27 on: October 16, 2017, 09:05:22 pm »
Somehow, I have a feeling the proffered "fix" for everything will be "upgrading" to <SurveillanceOS>.

You can bank on it.

Resistance is futile.
We are Corporation omniscient!

What is wrong with this picture? Nobody wants it, and its being forced on the planet. By "juridicial persons" :

Huge amoral entities nobody really wants or needs either.



« Last Edit: October 16, 2017, 10:34:03 pm by cdev »
"What the large print giveth, the small print taketh away."
 

Offline Kjelt

  • Super Contributor
  • ***
  • Posts: 6459
  • Country: nl
Re: WPA2 vulnerability exposed
« Reply #28 on: October 16, 2017, 09:41:45 pm »
The proper answer being to get rid of all software written with compilers prone to these security bugs. Especially C with its unchecked buffer risk.
Newer languages with their automatic garbage collectors that fail to destroy the garbage instantaneous after exiting a function, thus exposing valuable security info like keys etc in their garbage that can and already are exploited aren't that much better either  ;)
 

Online coppice

  • Super Contributor
  • ***
  • Posts: 8605
  • Country: gb
Re: WPA2 vulnerability exposed
« Reply #29 on: October 16, 2017, 09:59:56 pm »
The proper answer being to get rid of all software written with compilers prone to these security bugs. Especially C with its unchecked buffer risk.
Newer languages with their automatic garbage collectors that fail to destroy the garbage instantaneous after exiting a function, thus exposing valuable security info like keys etc in their garbage that can and already are exploited aren't that much better either  ;)
Anyone who thinks there is "an" answer to these security problems really isn't taking the issue seriously. There are so many things that need to be right, all at the same time.
 

Offline rdl

  • Super Contributor
  • ***
  • Posts: 3665
  • Country: us
Re: WPA2 vulnerability exposed
« Reply #30 on: October 17, 2017, 12:09:31 am »
...
OK, just found that the Oct 10th update provided the patch. Win7 not supported?

I have seen it reported that "Microsoft says" this has been fixed in the October Security Update, but could not find an official announcement. I didn't look all that hard though.

There is a mention of "key changes" to Windows Wireless Networking.

Quote
This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

Security updates to Microsoft Windows Search Component, Windows kernel-mode drivers, Microsoft Graphics Component, Internet Explorer, Windows kernel, Windows Wireless Networking, Microsoft JET Database Engine, and the Windows SMB Server.



https://support.microsoft.com/en-us/help/4041678/windows-7-update-kb4041678







 

Offline helius

  • Super Contributor
  • ***
  • Posts: 3632
  • Country: us
Re: WPA2 vulnerability exposed
« Reply #31 on: October 17, 2017, 12:21:19 am »
Newer languages with their automatic garbage collectors that fail to destroy the garbage instantaneous after exiting a function, thus exposing valuable security info like keys etc in their garbage that can and already are exploited aren't that much better either  ;)
Manual memory management doesn't "destroy" deallocated objects. They are simply added back to the freelist, which is why UAF and double-free bugs continue to exist. There are also some forms of GC that promptly release garbage (generally by using a reference counting + tracing scheme) so this is a really inapt comparison.

The KRACK vulnerability could exist in any language, as it is a protocol vulnerability, nothing to do with unsafe memory access. Systems for verifying protocol properties (something like SPIN, ACL2, or a modern equivalent) are needed.
« Last Edit: October 17, 2017, 12:24:37 am by helius »
 

Offline timb

  • Super Contributor
  • ***
  • Posts: 2536
  • Country: us
  • Pretentiously Posting Polysyllabic Prose
    • timb.us
WPA2 vulnerability exposed
« Reply #32 on: October 17, 2017, 02:06:10 am »
Thanks for the advice cdev. If you could only make a quick youtube video to make it less useless, i.e a video of yourself cutting drywalls, patching them back, drilling through floor and floor joists and the house outside walls, pulling ethernet wiring through the holes, installing Rj45 outlets and stuff. That would be greatly appreciated.  [emoji4]

When I was 20, the small town I lived in had just gotten affordable high speed Internet (20Mbit, in 2004) and, being the enterprising young man that I was, decided to do “whole home internet” installations for people one summer, to make extra money.

Basically, I oversaw the high speed cable internet installation, setup the modem, router and an AP, plus I ran CAT5 for hardwired Internet to rooms as needed.

Holy. Fucking. Shit. People don’t realize just how much work is involved in wiring a house properly. You have to crawl under spider infested houses, into 120 degree attics, through 2ft wide crawl spaces... Plus all the prep needed to find out where studs and existing wiring is, cutting drywall, using fish tape to pull cable through chases, not to mention old houses with original baseboard you couldn’t drill through and plaster walls you couldn’t cut into.

I made good money, but I wouldn’t do it again. I honestly don’t know how HVAC guys do it day in and day out.

Anyway, one house I did, the cable guy (a subcontractor, apparently) came out to run the coax from the pole and into the house. Apparently, this guy was afraid of spiders, so instead of running the coax under the house and drilling up through the floor, he *stapled* the coax to the front of this woman’s house. Into her vinyl siding, just below shrub level. Then he drilled a hole through the vinyl and into the wall, drilling straight through a stud. All so he wouldn’t have to crawl under the house. Needless to say he was fired and the cable company ended up having to replace the vinyl siding on the entire house, since it was 20 years old and no direct, matching replacement was available. They ended up paying me to run the cable line under the house.
« Last Edit: October 17, 2017, 02:11:24 am by timb »
Any sufficiently advanced technology is indistinguishable from magic; e.g., Cheez Whiz, Hot Dogs and RF.
 
The following users thanked this post: vinicius.jlantunes

Offline Old Don

  • Regular Contributor
  • *
  • Posts: 163
  • Country: us
Re: WPA2 vulnerability exposed
« Reply #33 on: October 17, 2017, 03:49:26 am »
The simplest workaround is wired Ethernet instead of wireless.

Tablets can use a thin USB cable to a hub with a USB network card attached to them.

Run Ethernet to every room and make it easy to plug into.

I had a law firm client and that's pretty much exactly what I told them. No WiFi, no surfing for porn, hardwired Ethernet only and to make sure their router didn't respond to pings. Told them that would keep all but the most interested hackers, other than the government, out.   :-//
Retired - Formerly: Navy ET, University of Buffalo Electronic Tech, Field Engineer and former laptop repair business owner
 

Offline Red Squirrel

  • Super Contributor
  • ***
  • Posts: 2748
  • Country: ca
Re: WPA2 vulnerability exposed
« Reply #34 on: October 17, 2017, 05:10:07 am »
Going to have to update my Unifi AP, and probably should do the controller software for good measure.

This is why I don't put everything on wireless if it does not have to be. I knew it was a matter of time till some big vulnerability is found.  Wireless is never going to be as secure as wired.  I have my wifi on a separate vlan so even if someone hacks it, they won't be able to do much.  I can even unplug it till I get around to updating it and the only thing that it will affect is my phone.
 

Offline Red Squirrel

  • Super Contributor
  • ***
  • Posts: 2748
  • Country: ca
Re: WPA2 vulnerability exposed
« Reply #35 on: October 17, 2017, 05:21:10 am »
Newer languages with their automatic garbage collectors that fail to destroy the garbage instantaneous after exiting a function, thus exposing valuable security info like keys etc in their garbage that can and already are exploited aren't that much better either  ;)
Manual memory management doesn't "destroy" deallocated objects. They are simply added back to the freelist, which is why UAF and double-free bugs continue to exist. There are also some forms of GC that promptly release garbage (generally by using a reference counting + tracing scheme) so this is a really inapt comparison.

The KRACK vulnerability could exist in any language, as it is a protocol vulnerability, nothing to do with unsafe memory access. Systems for verifying protocol properties (something like SPIN, ACL2, or a modern equivalent) are needed.


Hmm it's never even occurred to me that stuff can remain in memory and potentially be exploited that way, what is the best way to deal with that, is it as simple as just overwriting the variable with new data, or does that not necessarily guarantee it will be written to the same memory location?  In the case of a more advanced type like a string I imagine it's also more involved. (let's just assume C++ here)  I guess if your data structure is custom made and uses pointers then you have more control over that. 

 

Offline rdl

  • Super Contributor
  • ***
  • Posts: 3665
  • Country: us
Re: WPA2 vulnerability exposed
« Reply #36 on: October 17, 2017, 05:39:48 am »
Sort of a storage drive then, where deleted files are actually still there until overwritten.
 

Offline helius

  • Super Contributor
  • ***
  • Posts: 3632
  • Country: us
Re: WPA2 vulnerability exposed
« Reply #37 on: October 17, 2017, 06:17:13 am »
There are three types of memory where stale values can leak secrets: registers, stacks, and heaps. I think the mitigations for each one are going to be different. The values in registers don't necessarily stay there, because interrupts will copy them all to RAM and they can hang around for a long time that way. Some solutions are architectural: for instance, stack machines don't leak secrets through registers (aren't any) or the stack (because it is always fresh storage by design).
 

Offline IanMacdonald

  • Frequent Contributor
  • **
  • Posts: 943
  • Country: gb
    • IWR Consultancy
Re: WPA2 vulnerability exposed
« Reply #38 on: October 17, 2017, 08:09:18 am »
The proper answer being to get rid of all software written with compilers prone to these security bugs. Especially C with its unchecked buffer risk.
Newer languages with their automatic garbage collectors that fail to destroy the garbage instantaneous after exiting a function, thus exposing valuable security info like keys etc in their garbage that can and already are exploited aren't that much better either  ;)
Anyone who thinks there is "an" answer to these security problems really isn't taking the issue seriously. There are so many things that need to be right, all at the same time.

Nobody says there is one answer; just that a high proportion of vulns all result from the same few weaknesses. Mostly these weaknesses are of the type where a trivial mistake by a coder creates a vuln, where the risk arises many times in the code, and where there is no direct way check for such mistakes since the code will appear to function correctly regardless of them.

Some lessons should be taken from the aviation industry over this: You don't design a plane such that no-one can check that the control linkages are correctly connected. Instead you try to design it so that any mistake like that will be obvious to the pilot.
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23017
  • Country: gb
Re: WPA2 vulnerability exposed
« Reply #39 on: October 17, 2017, 08:12:14 am »
Just from a technical point of view, this vulnerability is because the protocol state machine wasn’t documented properly or formally tested. This is because of a bad spec not a bad implementation.
 
The following users thanked this post: IanMacdonald

Offline stj

  • Super Contributor
  • ***
  • Posts: 2153
  • Country: gb
Re: WPA2 vulnerability exposed
« Reply #40 on: October 17, 2017, 10:38:42 am »
I don't browse directly on my mobile wifi devices.  I currently use TeamViewer on public networks

well you shouldnt.
read the license agreement on it - i did.
i then promply deleted it and refused to use it to connect to other people.
use a VNC variant if you need that type of thing.

incase you cant be bothered to read the ass-rape aggreement, i'll give you a taste.
"teamview" researves the right to monitor or log any usage of the network.

there you go.
be aware that teamview is NOT point-2-point, it runs through the company servers as a proxy.
that is also mentioned in the license to abuse.
 

Offline Red Squirrel

  • Super Contributor
  • ***
  • Posts: 2748
  • Country: ca
Re: WPA2 vulnerability exposed
« Reply #41 on: October 17, 2017, 10:17:29 pm »
Yeah I would not trust anything like Teamviewer as it's relying on a middle server to work. But also if you use VNC, don't just port forward it, you should use VPN.  Even then, you should also use some kind of port triggering so the VPN port is only open to your IP and not just leave it wide open.  Remember Heartbleed? :P
 

Offline stj

  • Super Contributor
  • ***
  • Posts: 2153
  • Country: gb
Re: WPA2 vulnerability exposed
« Reply #42 on: October 17, 2017, 10:28:09 pm »
and - it's raining a storm today - a vulnerability storm!!

https://thehackernews.com/2017/10/rsa-encryption-keys.html
 :popcorn:
 

Offline Kjelt

  • Super Contributor
  • ***
  • Posts: 6459
  • Country: nl
Re: WPA2 vulnerability exposed
« Reply #43 on: October 18, 2017, 09:51:15 am »
Blackhat conference is coming so the new papers get published  :)
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23017
  • Country: gb
Re: WPA2 vulnerability exposed
« Reply #44 on: October 18, 2017, 10:08:21 am »
So yesterday...  got the desktop PC out, wired it with Ethernet, then installed freebsd. now today ... snipping the network cable and lining the walls with foil and battening down the windows!  :-DD
 

Offline borjam

  • Supporter
  • ****
  • Posts: 908
  • Country: es
  • EA2EKH
Re: WPA2 vulnerability exposed
« Reply #45 on: October 18, 2017, 10:21:17 am »
So yesterday...  got the desktop PC out, wired it with Ethernet, then installed freebsd.
Great (trusting FreeBSD since 1995!) but it was also affected by the WPA vulnerability, just like everyone else!  |O |O
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23017
  • Country: gb
Re: WPA2 vulnerability exposed
« Reply #46 on: October 18, 2017, 10:44:49 am »
It was indeed. But my desktop has no WiFi card in it :)
 

Offline stj

  • Super Contributor
  • ***
  • Posts: 2153
  • Country: gb
Re: WPA2 vulnerability exposed
« Reply #47 on: October 18, 2017, 12:40:17 pm »
i remove wifi/BT cards from all the laptops i handle.
and the camera's & mic's

it's a habit i caught from doing it for a company once.
if you cant 100% trust the bios, chipset(with intel armcore in it!!) or o.s., then you just make it blind and unable to communicate!  :box:
 

Offline cdev

  • Super Contributor
  • ***
  • !
  • Posts: 7350
  • Country: 00
Re: WPA2 vulnerability exposed
« Reply #48 on: October 18, 2017, 02:18:24 pm »
and - it's raining a storm today - a vulnerability storm!!

https://thehackernews.com/2017/10/rsa-encryption-keys.html
 :popcorn:


Note that some people have known about it for (at least) FIVE YEARS.
"What the large print giveth, the small print taketh away."
 

Online Marco

  • Super Contributor
  • ***
  • Posts: 6693
  • Country: nl
Re: WPA2 vulnerability exposed
« Reply #49 on: October 18, 2017, 02:47:44 pm »
Newer languages with their automatic garbage collectors that fail to destroy the garbage instantaneous after exiting a function, thus exposing valuable security info like keys etc in their garbage that can and already are exploited aren't that much better either  ;)

What exactly do you think the problem with this is? Even if there is a bug in the compiler/runtime to allow the program to access the heap it doesn't matter, the process just leaks data to itself. If another process can access its heap you're screwed regardless. Conceivably a language which used it's stronger guarantees to isolate programs within a single process space would expose data when a bug allows a program to access the heap I guess.

C++ delete doesn't zero out data by the way and with some memory fragmentation of the heap the data could live quite long ... if something needs to be zero'd ASAP you'll have to do it yourself regardless of the language.
« Last Edit: October 18, 2017, 03:07:45 pm by Marco »
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf