[Lista ArNOG] [lacnog] Bye Bye WPA2 ! (una nota corta de su chair..)

Carlos M. Martinez carlosm3011 en gmail.com
Mie Oct 18 14:45:05 ART 2017


Este es un excelente ejemplo de por que debemos hacer defensa en capas.

Aquello de “que me importa el dnssec si igual uso https, o que me 
importa el ipsec si igual uso wpa2” claramente no se sostiene.

Necesitamos de la seguridad en todas las capas y en todos los elementos 
de la arquitectura de red.

s2

Carlos

On 18 Oct 2017, at 0:21, Ivan Chapero wrote:

> *Una aclaración importante. FYI:*
>
> *------------------------------------------------*
>
> *Clarification for the WPA2 Vulnerabilities:*
> 1. Please have a look at the article <https://www.krackattacks.com/> 
> published
> by Mathy Vanhoef and pay attention to the QA listed at the end:
> *Q: What if there are no security updates for my router?*
> *A:* Our main attack is against the 4-way handshake, and does not 
> exploit
> access points, but instead targets clients. So it might be that your 
> router
> does not require security updates. We strongly advise you to contact 
> your
> vendor for more details. In general though, you can try to mitigate 
> attacks
> against routers and access points by disabling client functionality 
> (which
> is for example used in repeater modes) and disabling 802.11r (fast
> roaming). For ordinary home users, your priority should be updating 
> clients
> such as laptops and smartphones.
>
> From the QA, we can get clear that the vulnerabilities only targets 
> the
> devices act as Wi-Fi clients, including laptops, smartphones, range
> extenders working in RE mode, routers/gateways working in RE/WDS/WISP 
> mode.
> Thus if you're using the following TP-Link products:
> # All powerline adapters
> # All mobile Wi-Fi products
> # Routers and gateways working on default Router mode or Access Point 
> mode
> # Range extenders working in AP mode
> You will not be affected by the WPA2 vulnerabilities. What you need to 
> do
> is updating your Wi-Fi clients.
>
> 2. Conditions of vulnerability occurrence:
> # Physical limit: The attack only happens when an attacker is in 
> physical
> proximity to and within wireless range of your network.
> # Time limit: The attack only happens when connecting or reconnecting 
> to
> Wi-Fi network.
>
> 2017-10-17 9:54 GMT-03:00 Maximiliano Ariel Villalba Galeano <
> max.a.villalba.galeano en gmail.com>:
>
>> https://www.kb.cert.org/vuls/byvendor?searchview&Query=
>> FIELD+Reference=228519&SearchOrder=4
>>
>> Listado de equipos afectados.
>>
>> 2017-10-17 3:03 GMT-04:00 Nicolas Cortes <ncort3s en gmail.com>:
>>
>>> FYI
>>>
>>> ---------- Forwarded message ---------
>>> From: Rogerio Mariano <rsouza.rjo en gmail.com>
>>> Date: Mon, Oct 16, 2017 at 23:13
>>> Subject: [lacnog] Bye Bye WPA2 ! (una nota corta de su chair..)
>>> To: Latin America and Caribbean Region Network Operators Group <
>>> lacnog en lacnic.net>
>>>
>>>
>>>
>>>
>>> https://www.krackattacks.com/
>>> _______________________________________________
>>> LACNOG mailing list
>>> LACNOG en lacnic.net
>>> https://mail.lacnic.net/mailman/listinfo/lacnog
>>> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
>>>
>>> _______________________________________________
>>> Lista mailing list
>>> Lista en arnog.com.ar
>>> http://mailmancabase.interdotnet.com.ar/mailman/listinfo/lista
>>>
>>>
>>
>> _______________________________________________
>> Lista mailing list
>> Lista en arnog.com.ar
>> http://mailmancabase.interdotnet.com.ar/mailman/listinfo/lista
>>
>>
>
>
> -- 
>
> *Ivan ChaperoÁrea Técnica y Soporte*
> Fijo: 03464-470280 (interno 535) | Móvil:  03464-155-20282  | Skype 
> ID:
> ivanchapero
> --
> GoDATA Banda Ancha - CABLETEL S.A. | Av. 9 de Julio 1163 - 2183 - 
> Arequito
> - Santa Fe - Argentina


> _______________________________________________
> Lista mailing list
> Lista en arnog.com.ar
> http://mailmancabase.interdotnet.com.ar/mailman/listinfo/lista
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <http://mailmancabase.interdotnet.com.ar/pipermail/lista/attachments/20171018/3cbb593b/attachment.html>


Más información sobre la lista de distribución Lista