Cable Forum - View Single Post - Superhub KRACK security hole in WPA2

pip08456 · 17-10-2017, 11:11

Ingi's right, even if someone was remotely interested in you and wished to carry out this sort of attack there's no easy way.

First they would have to be experienced enough with Linux for carrying out penetration attacks.

Second the would have to source the software/script to perform the attack.

Third they would have to be close enough to your WiFi to pick up a strong enough signal.

Finally, let's say they've met all those requirements. If you use HTTPS, TLS, SSL (I think) or a VPN, all they would end up with is a load of encrypted material which would take that long to decrypt it would be virtually useless by the time they succeeded and were drawing their pensions.

Reports like this are not really intended for residential internet users but are intended to alert IT professionals that the vulnerability exists so that they can push out the necessary patch throughout the company they work for which is the most likely place this exploit would be of use.

Microsoft pushed out a patch on the 10th in one of it's regular update cycles, I believe it has also been pushed out to Android devices and most (if not all) router producers before it was made public.

Unfortunately clickbait sites and MSM as always blow it out of all proportion.

17-10-2017, 11:11	#6
pip08456 Sad Doig Fan! Join Date: Aug 2007 Location: Barry South Wales Age: 68 Services: With VM for BB 250Mb service.(Deal) Posts: 11,657	Re: KRACK security hole in WPA2 - VM fixes incoming? Ingi's right, even if someone was remotely interested in you and wished to carry out this sort of attack there's no easy way. First they would have to be experienced enough with Linux for carrying out penetration attacks. Second the would have to source the software/script to perform the attack. Third they would have to be close enough to your WiFi to pick up a strong enough signal. Finally, let's say they've met all those requirements. If you use HTTPS, TLS, SSL (I think) or a VPN, all they would end up with is a load of encrypted material which would take that long to decrypt it would be virtually useless by the time they succeeded and were drawing their pensions. Reports like this are not really intended for residential internet users but are intended to alert IT professionals that the vulnerability exists so that they can push out the necessary patch throughout the company they work for which is the most likely place this exploit would be of use. Microsoft pushed out a patch on the 10th in one of it's regular update cycles, I believe it has also been pushed out to Android devices and most (if not all) router producers before it was made public. Unfortunately clickbait sites and MSM as always blow it out of all proportion.