Anyone here is heard about the KRACK Vulnerability?
WPA2 encryption protocol was compromised by KRACK vulnerability because hackers can now decrypt the data but you can protect your IoT devices by avoiding connecting to Wi-FI routers and start using VPN of your devices. Here is the full brief on.
[removed]It may help you.
Thanks.

it's been fixed already (at least for all 3 distros i use).
various threads on all linux forums exist.

Remember that WPA2 was never really intended to be all that secure. It was devised to be an improvement to WEP, but to be compatible with hardware designed for WEP. The data-scrambling capabilities of wireless hardware are actually comparatively weak.

Anytime you are connected to a "secure" web site, the underlying content of your packets are encrypted using TLS, which is strong. If you use VPN, the content is also securely encrypted.

Most web sites these days – including LQ – are using encryption for everything, primarily so that users can be certain that they are, in fact, communicating with the real site and not a man-in-the-middle proxy. If you see a "lock" icon by the URL, then you know that all of the data you're sending to that web site has been securely encrypted before being handed to the network. "No one else in the coffee shop" can understand any of it, even if they filched it using this or any other WPA2 crack.

It's not really a threat to my privacy. This is a real threat to my privacy:

KRACK is not the only security flaw you should be concerned about.

God bless the Russians for helping out our democracy.

But also – a great many of these exploits depend on the user in question being "an Administrator." (Which, in Linux parlance, is "a member of the ("I'm a big ...") wheel group.) And that restrictive policies are not in place.

In other words – "your typical Windows user."

I'm sorry but the "typical Windows user" does NOT have full administrator rights without either Logging on as Administrator with Adinistrator rights or by using so called "safe mode" which is restricted anyay.

The only problem with that is that, most Windows users I see, DO login under a "Administrator" account, as unlike most Linux/UNIX users, don't think about the rights, such a user account has. That's a fact.

+1 #7 I think my XP only has a single Admin user; Idk: I never 'login'!!!
I personally hate that most Linux makes me waste effort typing in:
root\Nroot (or sometimes user\nuser)
My preferred distro mll has no /etc/passwd !!!

Edit: sorry, OT since #6. My apology for this reply.

Edit#2, to add something OnTopic:
"wpa2 dead" Thread: https://www.linuxquestions.org/quest...ad-4175615754/

Good point! (about WinXP that is)

Why?

In order to ge FULL Administrator rights under Windows you must log in with the user name Administrator as well as have administrator rights. Anything else is only a subset.

Ah, David, It's the NT_AUTHORITY\System account that is the most powerful "Administrator" account under Windows and is a FULL member of the "Administrators" user group. Which "Administrator" accounts are also FULL members of. Also, you cannot use the NT_AUTHORITY\System as a normal 'login' account, as it is only used for system services/purposes.

https://social.msdn.microsoft.com/Fo...um=sqlsecurity

I suppose you would argue that God is not the most powerful theoretical being, but God's creator???

Skipping the theology of it all ... ... "Home Edition" versions of Windows have traditionally been most-compromised with regard to securability.

But ... "can you do sudo su?"

The EFF published an article about this yesterday. They are concerned, but think much of the coverage borders on hysterical, if it doesn't actually cross the border.

https://www.eff.org/deeplinks/2017/1...-you-need-know

From the introduction:

quick newbish question:
if my router is set up to allow only defined mac addresses to use wifi, is it still vulnerable?