GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
WPA2 was never intended to be anything more than a "nuisance preventer." It is relatively easy to eavesdrop on another conversation in a coffee house – but if, for example, the connection is to an https web-site, or uses ssh or a VPN, the packets that you could intercept by WPA2 eavesdropping would be otherwise-encrypted anyway.
WPA2 was built to work within the very limited capabilities of wireless interfaces – what began with a simple, unchanging "WEP Key" slightly-matured into a protocol which would periodically re-negotiate the session key. But the hardware isn't really capable of much more.
Packets ought not be sent across the ether "in the clear," because "it's nobody's business but yours," so you should use WPA2, warts and all. But you should never rely on any (civilian ...) wireless-device security feature for primary security.
Last edited by sundialsvcs; 10-18-2017 at 08:52 AM.
A security hole which is presented later than possible because they need to make a website first is a bad sign. And that happened in the past.
Ah, I see, thanks for explaining. I was under the impression that it was presented later due to the idea of Responsible disclosure, nothing to do with the website per se.
EFF's web site should be regular reading for everyone.
The most important thing ... and by-the-way this is generically true ... is that your computer should never "simply trust" any computer "because it is on the 'local' network." This is a throwback to the "wired" days, when it was hard to connect a computer to the physical network. Today, every other computer in the coffee shop is "on your local network," and you should port-scan your own machine ... from another machine ... to see exactly what services it mightbe exposing to everyone.
I vividly remember hitting the Windows "network list" screen while setting up a new network at a client's place of business – this was very early in the days of always-on ISPs – and being astonished to find many unprotected Windows shares listed. (Some apparently were related to a lawyer's office. I presume that neither the lawyer nor the lawyer's clients had any idea.)
There were also plenty of printers. I admit that I was sorely tempted to send a "Kilroy Was Here" to one of them at random.
It's actually a very good idea to use VPN within(!) your company, such that everything that passes through your local airwaves and wires is both encrypted and station-identified. You really shouldn't assume that the file-server you're talking to really is the one you think. But, if you are talking to it through VPN, and only through VPN, you can be, because a VPN server positively identifies both itself and every client that it allows to connect, provided that(!) you use unique digital certificates, as you always should.
Last edited by sundialsvcs; 10-26-2017 at 08:17 AM.
EFF's web site should be regular reading for everyone.
Yes. The site is worth checking on a regular basis. Though with Brand Named Bugs, it can be hard to track down the CVE number(s) even at the EFF site.
The EFF post above links to an explanation of the process that created the bugs in the first place. Rick Falkvinge puts it in plain language in that it was caused by closed standards. He inadvertantly also makes a case for open access publishing at the same time, but the gist is that because the standard was behind what amounts to a paywall, few could examine or evaluate it.
Rick Falkvinge puts it in plain language in that it was caused by closed standards. He inadvertantly also makes a case for open access publishing at the same time, but the gist is that because the standard was behind what amounts to a paywall, few could examine or evaluate it.
A silent confirmation of the frequently-made statement that "open peer-review" of any and every cryptographic technology is essential. Had the WPA2 folks not subscribed to the false-doctrine of "security through obscurity," they would not face this exposure today. The problem would have been identified and fixed, and along the way the protocol would probably have been "gratuitously greatly strengthened."
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I don't think WEP2 is dead, as such, any more than having a lock on your front door is pointless or using a hotel safe means your valuables will be stolen.
There never will be complete security but the key is to use as much security as you can use practically -- so make sure HTTPS sites are used, use VPNs on public WiFi spots if you use them at all and that kind of thing. The main thing is to look out for signs that your security has been compromised, such as messages showing that a secure site has been accessed at a time you know you didn't access it (many now show the last access date, time and IP address) then act accordingly. And, of course, use passwords as strong as you feasibly can.
Don't get me wrong, this is worrying and I hope it gets patched inn Android ASAP, but it doesn't really change anything.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.