<div dir="ltr">For anyone worried about their Android, there is probably the option of using Lineage - they have confirmed via Twitter that all builds after 11 hours ago are patched for KRACK. </div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature">David Aldred</div></div>
<br><div class="gmail_quote">On 17 October 2017 at 15:43, Martin via Nottingham <span dir="ltr"><<a href="mailto:nottingham@mailman.lug.org.uk" target="_blank">nottingham@mailman.lug.org.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 17/10/17 14:05, Jason Irwin via Nottingham wrote:<br>
> On 17/10/17 13:05, John wrote:<br>
>> 'Smart' TVs ? They'll just expect you to buy a new one. And that will<br>
>> still have a shed load of other vulnerabilities ..<br>
> Probably...<br>
<br>
</span>Never trusted any of those things :-P - not got one :-)<br>
<br>
(Then again, not got anything TV-like in any case! Life is too short.)<br>
<br>
<br>
>> Can someone get onto Virgin (other **** ISP's are available) ? Good luck<br>
<span class="">>> with getting them to roll out a firmware update. Mind you, my ASUS AP<br>
>> has not been patched yet.<br>
</span>> Meh, I only use their !!!!!!! as the modem.<br>
<br>
Yep. Modem mode only here. Bit of a shame to waste the rest of the<br>
functionality, but then again, far better to enjoy FLOSS reliability<br>
using a little something somewhat more reliable!<br>
<br>
BTW: Cable is good for symmetric 10 Gigabit/s with DOCSIS 3.1:<br>
<br>
<a href="https://arstechnica.com/information-technology/2017/10/10gbps-cable-internet-uploads-and-downloads-coming-in-docsis-update/" rel="noreferrer" target="_blank">https://arstechnica.com/<wbr>information-technology/2017/<wbr>10/10gbps-cable-internet-<wbr>uploads-and-downloads-coming-<wbr>in-docsis-update/</a><br>
<br>
Shame about the monopoly price jump...<br>
<br>
Also shame BT will be keeping most of the UK on the decades old obsolete<br>
thousands of times slower ADSL 'stop-gap' over the old telegraphy system<br>
of old wires...<br>
<br>
And fibre is faster, more reliable, and has just got to be lower<br>
electrical costs and remove many an ugly roadside box... So?...<br>
<span class=""><br>
<br>
> In shock news, it seems MS and Apple had the patches out before any<br>
> GNU/Linux distro. No idea about Android, although the OEMs/carriers will<br>
> probably be the cause of the major delays.<br>
<br>
</span>There's a bit of a giggle with the detail:<br>
<br>
Release the KRACKen patches: The good, the bad, and the ugly on this<br>
WPA2 Wi-Fi drama<br>
<a href="http://www.theregister.co.uk/2017/10/17/kracken_patches/" rel="noreferrer" target="_blank">http://www.theregister.co.uk/<wbr>2017/10/17/kracken_patches/</a><br>
<br>
#####<br>
... using Android 6.0 or Linux with wpa_supplicant 2.4 or later, it's<br>
super easy to hijack the wireless connection. Due to a programming<br>
cockup, this software uses a zero key – ie, an encryption key that's all<br>
zeroes – when under attack by KRACK...<br>
<br>
... Windows and iOS are largely unaffected by KRACK in that it is rather<br>
difficult to exploit the protocol flaws due to Microsoft and Apple's<br>
[mal-] implementations of WPA2 – and, in any case, patches are either<br>
available or incoming. Linux, Android 6.0 and above, OpenBSD 6.1, and<br>
macOS 10.12 and 10.9 are most at risk from KRACK's eavesdropping<br>
techniques due to the way they handle encryption key reuse in WPA2...<br>
<br>
On the Unix-y front, OpenBSD has a fix ready, as do Linux distros<br>
including Debian.<br>
#####<br>
<br>
<br>
And for such things, this is where FLOSS really is better than the<br>
money-making by obfuscation silliness:<br>
<br>
#####<br>
Finally, don't forget that the IEEE makes the whole process of<br>
evaluating and scrutinizing its standards for things like the WPA2<br>
design blunder relatively difficult...<br>
#####<br>
<br>
<br>
<br>
IT history of silliness repeated...<br>
<br>
For goodly Rounded discussion Thursday ;-)<br>
<br>
Cheers,<br>
Martin<br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
--<br>
- ╔═══════════════════╦═════════<wbr>══════════════════════════════<wbr>═══╗<br>
- ║ Martin Lomas ║ OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7 ║<br>
- ║ martin@ ml1 co uk ║ Import from hkp://<a href="http://subkeys.pgp.net" rel="noreferrer" target="_blank">subkeys.pgp.net</a> or ║<br>
- ║ ----------------- ║ http:// ml1 .co .uk/martin_ml1_co_uk.gpg ║<br>
- ╚═══════════════════╩═════════<wbr>══════════════════════════════<wbr>═══╝<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
--<br>
Nottingham mailing list<br>
<a href="mailto:Nottingham@mailman.lug.org.uk">Nottingham@mailman.lug.org.uk</a><br>
<a href="https://mailman.lug.org.uk/mailman/listinfo/nottingham" rel="noreferrer" target="_blank">https://mailman.lug.org.uk/<wbr>mailman/listinfo/nottingham</a></div></div></blockquote></div><br></div>