WPA2 bugz - One Man's Quick & Dirty Response

Ronald F. Guilmette rfg at tristatelogic.com
Tue Oct 17 03:17:33 UTC 2017 

In message <fb8d2dcb-2748-18fa-a25d-d52f4ea4c378 at denninger.net>, 
Karl Denninger <karl at denninger.net> wrote:

>Please understand that if you can get an AP to hand you a zero'd key
>(with an intentionally "weak" client) THEN THAT PERSON JUST BECAME ABLE
>TO ATTACH TO YOUR NETWORK AS AN AUTHORIZED USER.
>
>Your network is thus exactly as "secure" as one that has an open RJ45
>jack sitting at the end of your driveway and connected to your switch.
>If someone who plugged into that could screw you blind well, that's
>exactly the situation you're now in.

Oh, geeezzzzzz.  Marvelous... NOT!

So, to recap, the options (for average JoeSchmos like me) seem to be:

   (1) Turn off WiFi entirely (and perhaps start stringing cables).

   (2) Treat -everything- that is connected to any typical SOHO WiFi
       router (which has WiFi enabled), regardless of whether the
       thing in question is hardwired or not, as being either/both
       (a) hostle and/or (b) directly attackable (as if attackers
       have a direct RJ45/twistedpair to it).

   (3) Leave everything as it is, for now, and just start praying
       that vendors and/or third parties will issue fixed firmware
       releases before the inevitable tech-savvy miscreants find
       their way to your specific neighborhood.

Is that about the size of it?

I'm not liking option 3 at all, but I'm not sure there is much else
that I can do in the short run.

(The only thing that, at the moment, is keeping me from being totally
depressed about this whole gigantic mess is the sure and certain
knowledge that several zillion people responsible for much more
sensive networks than mine undoubtedly have much greater reasons
for tearing their hair out this evening, and also in the days and
weeks ahead.)

A Question (which I already tried to ask):  What about the clients?
The impression I got is that WiFi -clients- will all need new firmware
also.  Yes?  No?  Is there any point to me calling and harassing
Amazon to send me a firmware update for my Fire TV box?  (I mean I
do understand that even if one were available, that would hardly
solve all of the problems on my network.  But I'd just like to know
what I should be agitating for in the weeks ahead.  If the Wifi
clients are entirely not a part of either the problem or the solution,
then I won't worry about them.)

More information about the freebsd-security mailing list