Close

Results 1 to 10 of 10
  1. #1
    DF Moderator piggzy's Avatar
    Join Date
    Jul 2014
    Location
    UK
    Posts
    3,163
    Thanks
    2,683
    Thanked:        1,391
    Karma Level
    253

    Default Major vulnerability found in WPA2 protected networks.



    The vulnerability in WPA2 means hackers can access "credit card numbers, passwords, chat messages, emails, photos" or anything else transmitted over Wi-Fi, according to Dr Mathy Vanhoef.




    Dr Vanhoef, a researcher at KU Leuven, published the details of what he branded the KRACK (key reinstallation attack) on Monday.
    Experts claim it poses a huge risk to businesses - and warn the issue may never be completely fixed for old phones and routers

    4 Thanks given to piggzy

    burner1 (20th October 2017), corskey (18th October 2017), JonEp (16th October 2017), Over Carl (16th October 2017) 


  2. #2
    DF Jedi koola2's Avatar
    Join Date
    Jul 2007
    Location
    London
    Posts
    1,671
    Thanks
    39
    Thanked:        164
    Karma Level
    241

    Default Re: Major vulnerability found in WPA2 protected networks.

    Quote Originally Posted by piggzy View Post
    The vulnerability in WPA2 means hackers can access "credit card numbers, passwords, chat messages, emails, photos" or anything else transmitted over Wi-Fi,
    Sorry but isn't this only information not sent via HTTPS etc. over Wi-Fi

    Thanks to koola2

    Over Carl (18th October 2017) 


  3. #3
    DF Moderator EvilBoB's Avatar
    Join Date
    Jan 2001
    Location
    Bedfordshire
    Posts
    6,351
    Thanks
    580
    Thanked:        619
    Karma Level
    565

    Default Re: Major vulnerability found in WPA2 protected networks.

    Quote Originally Posted by koola2 View Post
    Sorry but isn't this only information not sent via HTTPS etc. over Wi-Fi
    I'd say yes although getting onto the network means they could then attack HTTPS connections etc. Still a bit of a broad statement. Worry mongering methinks...
    DF Moderator
    XBox One | Panasonic 4k | MS Surface Pro 3 | 3DSXL | WiiU | RPi3
    XBL : TheSumOfAllEvil

    Thanks to EvilBoB

    Over Carl (18th October 2017) 


  4. #4
    DF Moderator piggzy's Avatar
    Join Date
    Jul 2014
    Location
    UK
    Posts
    3,163
    Thanks
    2,683
    Thanked:        1,391
    Karma Level
    253

    Default Re: Major vulnerability found in WPA2 protected networks.

    Yes it is only non HTTPS but as the video shows the sly little redirects will often go unoticed by users that would normally use the HTTPS site.

    How often do you look to check if the padlock is there ??? I know I often forget to check.

    Thanks to piggzy

    Over Carl (18th October 2017) 


  5. #5
    DF Jedi c0axial's Avatar
    Join Date
    Feb 2002
    Location
    M44
    Posts
    1,443
    Thanks
    131
    Thanked:        145
    Karma Level
    329

    Default Re: Major vulnerability found in WPA2 protected networks.

    [Only registered and activated users can see links. ]

    Thanks to c0axial

    Over Carl (18th October 2017) 


  6. #6
    DF Super Moderator Over Carl's Avatar
    Join Date
    Apr 2006
    Location
    London
    Posts
    13,076
    Thanks
    3,815
    Thanked:        1,653
    Karma Level
    1269

    Default Re: Major vulnerability found in WPA2 protected networks.

    Quote Originally Posted by koola2 View Post
    Sorry but isn't this only information not sent via HTTPS etc. over Wi-Fi
    Quote Originally Posted by EvilBoB View Post
    I'd say yes although getting onto the network means they could then attack HTTPS connections etc. Still a bit of a broad statement. Worry mongering methinks...
    Quote Originally Posted by piggzy View Post
    Yes it is only non HTTPS but as the video shows the sly little redirects will often go unoticed by users that would normally use the HTTPS site.

    How often do you look to check if the padlock is there ??? I know I often forget to check.
    Websites aren't the only use of LAN/WLAN's. Access a LAN, then you can try and attack weak devices and extract admin credentials which may be reused on other devices for example. Lets just say your credit card company for example has security for their website, but anyone could just sit outside the office and sniff data......

    Quote Originally Posted by c0axial View Post
    [Only registered and activated users can see links. ]
    Now that any script kiddie can download this, the risk of attack becomes much less than just hypothetically possible.

  7. #7
    DF Jedi c0axial's Avatar
    Join Date
    Feb 2002
    Location
    M44
    Posts
    1,443
    Thanks
    131
    Thanked:        145
    Karma Level
    329

    Default Re: Major vulnerability found in WPA2 protected networks.

    Thanks to c0axial

    Over Carl (18th October 2017) 


  8. #8
    DF Super Moderator Over Carl's Avatar
    Join Date
    Apr 2006
    Location
    London
    Posts
    13,076
    Thanks
    3,815
    Thanked:        1,653
    Karma Level
    1269

    Default Re: Major vulnerability found in WPA2 protected networks.

    I'm guessing you mean say I was hardwired, this attack won't work.

    However lets say consider a typical office with LAN+WLAN all on the same broadcast domain and VLAN. Even if all devices intended to be connected are hardwired, someone can still connect to the LAN via WLAN, then start exploiting weak devices and hopefully find the admin credentials on a weak device are the same on many other devices.

  9. #9
    DF Jedi akimba's Avatar
    Join Date
    Jun 2006
    Location
    UK
    Posts
    2,798
    Thanks
    1,002
    Thanked:        761
    Karma Level
    294

    Default Re: Major vulnerability found in WPA2 protected networks.

    Yeah hardwired PC's wont help if they get on your network and hack your firewall etc ;-)

  10. #10
    DF Moderator piggzy's Avatar
    Join Date
    Jul 2014
    Location
    UK
    Posts
    3,163
    Thanks
    2,683
    Thanked:        1,391
    Karma Level
    253

    Default Re: Major vulnerability found in WPA2 protected networks.

    Hardwired (as mine is) just means they cant use you to initiate the attack, but you say above once your network is compromised you are fair game too.

    If every device is hardwired you would be safe but that is never gonna happen. Never heard of a lan cable for a mobile ;-)

    These scripts and tools (which are being bundled in the latest Kali build afaik) make it too easy for pretty much anyone with very little knowledge to use.

    Roll on WiLi or whatever its latest name is ;-)

Similar Threads

  1. Replies: 3
    Last Post: 3rd June 2015, 11:31 PM
  2. Replies: 0
    Last Post: 11th July 2013, 11:20 PM
  3. Replies: 36
    Last Post: 1st March 2012, 09:08 AM
  4. Major Sendmail vulnerability - happy patching..
    By Aido in forum System Security
    Replies: 1
    Last Post: 4th March 2003, 12:24 AM

Social Networking Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •