<html><head></head><body><div dir="auto">'Smart' TVs ? They'll just expect you to buy a new one. And that will still have a shed load of other vulnerabilities ..<br><br></div>
<div dir="auto">Can someone get onto Virgin (other shit ISP's are available) ? Good luck with getting them to roll out a firmware update. Mind you, my ASUS AP has not been patched yet.<br><br></div>
<div dir="auto">See y'all Thursday.<br><br></div>
<div dir="auto">John</div>
<div class="gmail_quote" >On 17 Oct 2017, at 11:06, Jason Irwin via Nottingham <<a href="mailto:nottingham@mailman.lug.org.uk" target="_blank">nottingham@mailman.lug.org.uk</a>> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="blue">On 16/10/17 14:44, Martin via Nottingham wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"> On 16/10/17 11:00, Jason Irwin via Nottingham wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ad7fa8; padding-left: 1ex;"> Or so it seems:<br> <a href="https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping">https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping</a>/<br> <a href="https://www.alexhudson.com/2017/10/15/wpa2-broken-krack-now">https://www.alexhudson.com/2017/10/15/wpa2-broken-krack-now</a>/<br> <a href="https://www.krackattacks.com">https://www.krackattacks.com</a>/<br></blockquote> Wi-fi security flaw 'puts devices at risk of hacks'<br> <a href="http://www.bbc.co.uk/news/technology-41635516">http://www.bbc.co.uk/news/technology-41635516</a><br> <br> Looks like a game of handshake replay to weaken or zero the WiFi session<br> key.<br></blockquote><br>Updates to wpasupplicant are flowing, Lede is issuing 17.1.4 with the<br>fix, OpenWRT has backported it to 15.05. So F/OSS seems to have its act<br>together. MicroTik has a fix out and Ubiquiti has things in-hand too it<br>seems.<br><br>When will Google, MS, Apple etc issue patches? They've had 4 months to<br>get ready, more than enough time.<br><br>Further down the criticality scale; Smart TVs etc will need patches too,<br>I hope the major OEMs (Samsung, Panasonic etc) are on the ball.<br><br>And what about all the IoT devices? Will the no-name OEMs release fixes?<br>(I think we all know the answers). Hmm...a wireless IoT lightbulb with<br>it's own DHCP server and network bridging - what could possibly go<br>wrong? <a href="https://mjg59.dreamwidth.org/40397.html">https://mjg59.dreamwidth.org/40397.html</a><br></pre></blockquote></div></body></html>