[Lista ArNOG] Fwd: [lacnog] Bye Bye WPA2 ! (una nota corta de su chair..)

Ivan Chapero info en ivanchapero.com.ar
Mie Oct 18 00:21:53 ART 2017


*Una aclaración importante. FYI:*

*------------------------------------------------*

*Clarification for the WPA2 Vulnerabilities:*
1. Please have a look at the article <https://www.krackattacks.com/> published
by Mathy Vanhoef and pay attention to the QA listed at the end:
*Q: What if there are no security updates for my router?*
*A:* Our main attack is against the 4-way handshake, and does not exploit
access points, but instead targets clients. So it might be that your router
does not require security updates. We strongly advise you to contact your
vendor for more details. In general though, you can try to mitigate attacks
against routers and access points by disabling client functionality (which
is for example used in repeater modes) and disabling 802.11r (fast
roaming). For ordinary home users, your priority should be updating clients
such as laptops and smartphones.

>From the QA, we can get clear that the vulnerabilities only targets the
devices act as Wi-Fi clients, including laptops, smartphones, range
extenders working in RE mode, routers/gateways working in RE/WDS/WISP mode.
Thus if you're using the following TP-Link products:
# All powerline adapters
# All mobile Wi-Fi products
# Routers and gateways working on default Router mode or Access Point mode
# Range extenders working in AP mode
You will not be affected by the WPA2 vulnerabilities. What you need to do
is updating your Wi-Fi clients.

2. Conditions of vulnerability occurrence:
# Physical limit: The attack only happens when an attacker is in physical
proximity to and within wireless range of your network.
# Time limit: The attack only happens when connecting or reconnecting to
Wi-Fi network.

2017-10-17 9:54 GMT-03:00 Maximiliano Ariel Villalba Galeano <
max.a.villalba.galeano en gmail.com>:

> https://www.kb.cert.org/vuls/byvendor?searchview&Query=
> FIELD+Reference=228519&SearchOrder=4
>
> Listado de equipos afectados.
>
> 2017-10-17 3:03 GMT-04:00 Nicolas Cortes <ncort3s en gmail.com>:
>
>> FYI
>>
>> ---------- Forwarded message ---------
>> From: Rogerio Mariano <rsouza.rjo en gmail.com>
>> Date: Mon, Oct 16, 2017 at 23:13
>> Subject: [lacnog] Bye Bye WPA2 ! (una nota corta de su chair..)
>> To: Latin America and Caribbean Region Network Operators Group <
>> lacnog en lacnic.net>
>>
>>
>>
>>
>> https://www.krackattacks.com/
>> _______________________________________________
>> LACNOG mailing list
>> LACNOG en lacnic.net
>> https://mail.lacnic.net/mailman/listinfo/lacnog
>> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
>>
>> _______________________________________________
>> Lista mailing list
>> Lista en arnog.com.ar
>> http://mailmancabase.interdotnet.com.ar/mailman/listinfo/lista
>>
>>
>
> _______________________________________________
> Lista mailing list
> Lista en arnog.com.ar
> http://mailmancabase.interdotnet.com.ar/mailman/listinfo/lista
>
>


-- 

*Ivan ChaperoÁrea Técnica y Soporte*
Fijo: 03464-470280 (interno 535) | Móvil:  03464-155-20282  | Skype ID:
ivanchapero
--
GoDATA Banda Ancha - CABLETEL S.A. | Av. 9 de Julio 1163 - 2183 - Arequito
- Santa Fe - Argentina
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <http://mailmancabase.interdotnet.com.ar/pipermail/lista/attachments/20171018/6d3a63ce/attachment.html>


Más información sobre la lista de distribución Lista