On Wed, Oct 18, 2017 at 02:28:01PM -0400, J C Nash wrote: > You are right that the audience needs to be identified. > > My view is that a lightning talk could present an overview of the exploit and > the measures that have been taken to address it. Then we'll have to presume only knowledge of Wi-Fi existing and not how it works. > Possibly particular places that might remain vulnerable (here I'm thinking of > my 10 year old Linksys WRT54GL -- lots of them about still I think). Weep. https://www.krackattacks.com/: > Finally, although an unpatched client can still connect to a patched AP, and > vice versa, both the client and AP must be patched to defend against all > attacks! J C Nash wrote: > Similarly for OCLUG wiki -- as a 1 pager with links. The link > https://security.archlinux.org/CVE-2017-13077 seems particularly helpful. It's a nice aggregation of other distros, etc., but if you want to avoid branding issues, I'd just copy all the links you think should be of interest. > I'm also thinking that OCLUG site is local, and may give some of our > participants a chance to let their expertise be known to potential local > clients/employers. Then you might want somebody else to do this talk. I'm already employed. But then again, the exposure is so low… > And often not nearly good enough at translating the technical issues into > short, cogent messages. Upgrade all your Internet-accessing devices: - Cell phones - Personal computers - IOT devices (if possible) and your access point (bundled in the router/switch/modem in most cheap consumer devices), if possibe. Check with your vendor for whether they've published a fix to krackattack/CVE-whatever/etc. - some - sample - links Maybe give a hint on how to find such pages. > Would you (or anyone else reading this) be up for a 5-10 minute talk? Yes, but let others volunteer themselves first. If you want me to present, I'll need a whiteboard or blackboard.