p*m
2 楼
你的wifi 分分钟被黑 我的路由电脑都补丁了你的呢?
US government announces that your Wi-Fi is vulnerable to hacks
By Paul Hill · 7 hours ago 30
Everybody’s internet is public today. WPA2, the go-to Wi-Fi security option
, has been cracked by Belgian researchers. The US Computer Emergency
Readiness Team (CERT) has issued a warning in response and is due to release
more details about the vulnerability later today. The warning issued is
stark, saying that almost all implementations are affected. Now there are
calls for a superseding WPA3 standard.
On the researchers' website, the attacking is decribed in the following way:
Concretely, attackers can use this novel attack technique to read
information that was previously assumed to be safely encrypted. This can be
abused to steal sensitive information such as credit card numbers, passwords
, chat messages, emails, photos, and so on. The attack works against all
modern protected Wi-Fi networks. Depending on the network configuration, it
is also possible to inject and manipulate data. For example, an attacker
might be able to inject ransomware or other malware into websites.
The researchers tested multiple devices to see whether the vulnerability
impacted them. Initial research shows that Android, Linux, Apple, Windows,
OpenBSD, MediaTek, Linksys, are among those that are affected by some
variant of the attack. The researchers urge users to update devices as soon
as possible, but in reality, many devices will never see such a patch.
Here's a demonstration of the exploit being used against an affected device:
The statement from US CERT reads:
“The impact of exploiting these vulnerabilities includes decryption, packet
replay, TCP connection hijacking, HTTP content injection and others … most
or all correct implementations of the standard will be affected.”
In response to the news, one person proposed two solutions to the problem;
the first option is for the Wi-Fi Alliance to be given a list of everything
that’s broken in WPA2 and let them fix it, issuing new specs for the
standard for software manufacturers to implement. The second option was the
creation of an un-official WPA3 without the help of the Wi-Fi Alliance.
The proposal for option two reads:
“Free Software community has a wide range of networking software that
enables manipulation of Wi-Fi traffic. While some of it can be used for
nefarious purposes, we could as well use it to sketch up a prototype of WPA3
and push for it to get adopted. If you’re interested, I encourage you to
contact the discussion boards for projects related to Wi-FI manipulation and
see if they’re interested in this. Some of the projects that are related
include: ScaPy, WPA supplicant, OpenWRT. There’s definitely more of them so
if you know them, let me know!”
Going forward, you will likely only be able to use WPA2 on your home devices
for quite a while. In the meantime you can mitigate attacks by connecting
to internet resources over secure protocols such as HTTPS and SSL. In order
to use SSL for things such as email, ensure that you’re using port 465 with
SMTP, as for HTTPS, it’s recommended that you install EFF’s HTTPS
Everywhere, this will force many more connections to use HTTPS than your
browser normally would and allows you to disable insecure traffic in your
browser entirely.
US government announces that your Wi-Fi is vulnerable to hacks
By Paul Hill · 7 hours ago 30
Everybody’s internet is public today. WPA2, the go-to Wi-Fi security option
, has been cracked by Belgian researchers. The US Computer Emergency
Readiness Team (CERT) has issued a warning in response and is due to release
more details about the vulnerability later today. The warning issued is
stark, saying that almost all implementations are affected. Now there are
calls for a superseding WPA3 standard.
On the researchers' website, the attacking is decribed in the following way:
Concretely, attackers can use this novel attack technique to read
information that was previously assumed to be safely encrypted. This can be
abused to steal sensitive information such as credit card numbers, passwords
, chat messages, emails, photos, and so on. The attack works against all
modern protected Wi-Fi networks. Depending on the network configuration, it
is also possible to inject and manipulate data. For example, an attacker
might be able to inject ransomware or other malware into websites.
The researchers tested multiple devices to see whether the vulnerability
impacted them. Initial research shows that Android, Linux, Apple, Windows,
OpenBSD, MediaTek, Linksys, are among those that are affected by some
variant of the attack. The researchers urge users to update devices as soon
as possible, but in reality, many devices will never see such a patch.
Here's a demonstration of the exploit being used against an affected device:
The statement from US CERT reads:
“The impact of exploiting these vulnerabilities includes decryption, packet
replay, TCP connection hijacking, HTTP content injection and others … most
or all correct implementations of the standard will be affected.”
In response to the news, one person proposed two solutions to the problem;
the first option is for the Wi-Fi Alliance to be given a list of everything
that’s broken in WPA2 and let them fix it, issuing new specs for the
standard for software manufacturers to implement. The second option was the
creation of an un-official WPA3 without the help of the Wi-Fi Alliance.
The proposal for option two reads:
“Free Software community has a wide range of networking software that
enables manipulation of Wi-Fi traffic. While some of it can be used for
nefarious purposes, we could as well use it to sketch up a prototype of WPA3
and push for it to get adopted. If you’re interested, I encourage you to
contact the discussion boards for projects related to Wi-FI manipulation and
see if they’re interested in this. Some of the projects that are related
include: ScaPy, WPA supplicant, OpenWRT. There’s definitely more of them so
if you know them, let me know!”
Going forward, you will likely only be able to use WPA2 on your home devices
for quite a while. In the meantime you can mitigate attacks by connecting
to internet resources over secure protocols such as HTTPS and SSL. In order
to use SSL for things such as email, ensure that you’re using port 465 with
SMTP, as for HTTPS, it’s recommended that you install EFF’s HTTPS
Everywhere, this will force many more connections to use HTTPS than your
browser normally would and allows you to disable insecure traffic in your
browser entirely.
相关阅读
用洗碗机洗碗都用什么牌子的detergent阿?请推荐一款电磁炉(爸妈用来蒸馍的) (转载)大家帮我看看,这玫瑰叶子的背面,和草叶子上面的一个个橘红的小点点是什么DIY 高手,加拿大OK我们家的玫瑰开了两种颜色的花国内买房,只要一方能随时去办理,如何做房产证?门口一棵树被暴风雨刮倒了外沖內煞都可解County Property Assessor房价比以前还多了,咋办?空调开了一晚上,结果早晨起来噪音变大了纽约买房子找buyer agent好么?Can two mortgage applications be processed at the same time?钢琴十级是个啥水平? (转载)20 year fixed rate 4.25 怎么样?front load washer 的steam有用吗?Can I fire my agent? Urgent, Please help!锁定利率是不是要需要把 escrow的 prelim 和自己的finatial信息同时交给lender, 才可以?买地建房?今天在BOA能够拿到的rate能同时申请两个loan,close的时候选一个