I'm sure everyone who does anything with networking or Wi-Fi has heard about the announced WPA2 KRACK vulnerability. I won't go into depth with my opinion on it. I'd just like to start a collection of useful information in one single place.
First, the security researcher's website on the attack details:
https://www.krackattacks.com/
Second, read this good analysis by Aruba Networks as well as their associated FAQ:
Blog: http://community.arubanetworks.com/t5/Technology-Blog/WPA2-Key-Reinstallation-Attacks/ba-p/310045
FAQ: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf
Third, here's the US-CERT page collecting information on vendor's affected:
http://www.kb.cert.org/vuls/id/228519
Finally, patching systems will be important over the coming hours/days/weeks/(what you take longer than a week or two to patch?!?). Client systems are the most affected, but infrastructure systems also have a few related issues requiring patching too. Here are some helpful manufacturer pages to keep an eye on for updates:
Wi-Fi client manufacturers:
- Apple: https://support.apple.com/en-us/HT201222
- Android: https://source.android.com/security/bulletin/
- Microsoft: https://portal.msrc.microsoft.com/en-us/security-guidance and
https://technet.microsoft.com/en-us/security/advisories
Wi-Fi infrastructure manufacturers:
- Aruba: http://www.arubanetworks.com/support-services/security-bulletins/
- Cisco: https://tools.cisco.com/security/center/publicationListing.x#~Vulnerabilities
- Ruckus / Brocade: https://www.ruckuswireless.com/security and
http://www.brocade.com/en/support/security-advisories.html - Aerohive: https://www3.aerohive.com/support/security-center/security-bulletins.html
- Ubiquiti: https://community.ubnt.com/t5/UniFi-Updates-Blog/FIRMWARE-3-9-3-7537-for-UAP-USW-has-been-released/ba-p/2099365
Cheers,
Andrew
from
http://www.revolutionwifi.net/revolutionwifi/2017/10/wpa2-krack-vulnerability-getting-information
No comments:
Post a Comment