Monday, October 16, 2017

WPA2 KRACK Vulnerability, Getting Information

I'm sure everyone who does anything with networking or Wi-Fi has heard about the announced WPA2 KRACK vulnerability. I won't go into depth with my opinion on it. I'd just like to start a collection of useful information in one single place.

First, the security researcher's website on the attack details:
https://www.krackattacks.com/

Second, read this good analysis by Aruba Networks as well as their associated FAQ:
Blog: http://community.arubanetworks.com/t5/Technology-Blog/WPA2-Key-Reinstallation-Attacks/ba-p/310045
FAQ: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf

Third, here's the US-CERT page collecting information on vendor's affected:
http://www.kb.cert.org/vuls/id/228519

Finally, patching systems will be important over the coming hours/days/weeks/(what you take longer than a week or two to patch?!?). Client systems are the most affected, but infrastructure systems also have a few related issues requiring patching too. Here are some helpful manufacturer pages to keep an eye on for updates:

Wi-Fi client manufacturers:

Wi-Fi infrastructure manufacturers:

 

Cheers,
Andrew



from
http://www.revolutionwifi.net/revolutionwifi/2017/10/wpa2-krack-vulnerability-getting-information

No comments:

Post a Comment