home | list info | list archive | date index | thread index

Re: [OCLUG-Tech] WPA2 vulnerability

On Wed, Oct 18, 2017 at 02:28:01PM -0400, J C Nash wrote:
> You are right that the audience needs to be identified.
> My view is that a lightning talk could present an overview of the exploit and
> the measures that have been taken to address it.

Then we'll have to presume only knowledge of Wi-Fi existing and not how it

> Possibly particular places that might remain vulnerable (here I'm thinking of
> my 10 year old Linksys WRT54GL -- lots of them about still I think).


> Finally, although an unpatched client can still connect to a patched AP, and
> vice versa, both the client and AP must be patched to defend against all
> attacks!

J C Nash wrote:
> Similarly for OCLUG wiki -- as a 1 pager with links. The link
> https://security.archlinux.org/CVE-2017-13077 seems particularly helpful.

It's a nice aggregation of other distros, etc., but if you want to avoid
branding issues, I'd just copy all the links you think should be of interest.

> I'm also thinking that OCLUG site is local, and may give some of our
> participants a chance to let their expertise be known to potential local
> clients/employers.

Then you might want somebody else to do this talk. I'm already employed. But
then again, the exposure is so low…

> And often not nearly good enough at translating the technical issues into
> short, cogent messages.

Upgrade all your Internet-accessing devices:

- Cell phones
- Personal computers
- IOT devices (if possible)

and your access point (bundled in the router/switch/modem in most cheap
consumer devices), if possibe. Check with your vendor for whether they've
published a fix to krackattack/CVE-whatever/etc.

- some
- sample
- links

Maybe give a hint on how to find such pages.

> Would you (or anyone else reading this) be up for a 5-10 minute talk?

Yes, but let others volunteer themselves first. If you want me to present, I'll
need a whiteboard or blackboard.