Install the Patch

Welcome

© Joe Casad, Editor in Chief

© Joe Casad, Editor in Chief

Article from Issue 205/2017
Author(s):

Once it was announced to the public, the news of the KRACK attack spread quickly over the Internet – a flaw in the handshake system for wireless devices that allows an attacker to compromise encryption. According to reports, the attack puts almost all devices that engage in WPA2-encrypted wireless networking at risk.

Dear Reader,

Once it was announced to the public, the news of the KRACK attack spread quickly over the Internet – a flaw in the handshake system for wireless devices that allows an attacker to compromise encryption. According to reports, the attack puts almost all devices that engage in WPA2-encrypted wireless networking at risk. Early warnings said Android was most vulnerable, but later updates reported that Windows, iOS, macOS, and OpenBSD were also at risk. Linux wasn't safe either, with several versions of the wpa_supplicant utility marked as vulnerable. Although the problem was publicly announced in October, vendors were warned privately in May, and many are already well along finding solutions.

The KRACK attack is particularly significant because everybody is using wireless networking. Many people younger than 21 just look bewildered if you show them a Cat 5 networking cable. Such things don't exist in their world, because wireless is everywhere – at the library, at the malt shop, in the home. One of the reasons for the recent explosion in wireless networking is that everybody trusts it now, and they trust it because they have this general sense that the glaring security issues that made everyone nervous about wireless in the first place have somehow been resolved. If you asked many security experts in the past couple years, they would say wireless networking is fine as long as you:

  • use WPA2 wireless encryption
  • use a strong password

But actually, it turns out those experts were overconfident.

By the time you read this, I hope word of the KRACK attack has already reached you and updates are available for all your wireless devices, including your phone, your tablet, your computer, and your wireless router.

If you haven't heard about KRACK, check with your OS or hardware vendor as soon as you can. The word is that this attack has not appeared in the wild so far, but now that the description is out there, someone is going to implement it, so you'd better hurry.

I hesitate to make this the main subject of the essay, because I often muse about this kind of thing, but I really do need to mention: Shouldn't we have expended a little more time and energy up front to explore this issue before the whole planet went wireless? I know, these kinds of problems are hard to spot, but seriously, this sudden discovery that a tool we depend on is not as secure as we thought it was yesterday seems to be happening a lot.

As for wireless networking, first we had WEP, which we said was secure at first, then we said, "uh … never mind, here's WPA, which we also said was secure, and then we said, "never mind, here's WPA2." Now it's …"uh, yeah, but we gotta fix WPA2."

"Well of course!" you impatiently inform me. "What's the problem? That's what always happens. Developers develop some software, then they tell you its safe and tested, then someone figures out it isn't safe, then the developers create a patch and tell you to install the patch and it will really be safe this time, then you go out and install the patch before some nefarious actor operating with anonymity uses the attack to steal your secrets, then the whole process starts over. What could be more obvious?"

And you're right, that is what always happens, but all I'm saying is, it's really weird if you look at it from a distance. If you believe in Everett's theory of multiple branching universes, you'd have to believe there's a version of us out there somewhere that has figured out a better way to develop software.

But until our universe catches up … INSTALL THE PATCH!

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • New Attack Targets Wireless Logins

    A first cousin of the recent Heartbleed attack affects EAP-based wireless and peer-to-peer authentication.

  • Go Wireless Intro

    When you’re going wireless,it pays to be careful. Get the right hardware,and make sure your network is as secure as you think it is.

  • KWiFiManager

    Connecting to wireless networks is

    more popular than ever. KDE’s KWiFi-

    Manager is a handy tool for monitoring

    and managing wireless connections.

  • Security Lessons

    How to find, map, crack, and impersonate wireless networks.

  • Wireless LAN Security

    WLANs give you Internet access without a bird's nest of wiring. But if you don't take security seriously, you might find yourself with uninvited guests.

comments powered by Disqus

Direct Download

Read full article as PDF:

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia