Wi-Fi vulnerabilities affect all

Topic

New Reply

ON SECURITY By Susan Bradley FragAttacks is a newly discovered set of vulnerabilities that, when exploited, allows an adversary to steal data by inter
[See the full post at: Wi-Fi vulnerabilities affect all]

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

abbodi86

Reply | Quote

Replies

See this BBC report of the nightmare experienced by a young couple in England.

You had been going to change your SSID and password from the factory settings, hadn’t you?

Dell E5570 Latitude, Intel Core i5 6440@2.60 GHz, 8.00 GB - Win 10 Pro

1 user thanked author for this post.

Michael432

Reply | Quote

Firefox natively supports HTTPS-Only mode without the need for an extension.  I don’t remember in which version this was added, but in the current version of the Firefox desktop browser the setting can be found in Options->Privacy & Security.

2 users thanked author for this post.

LH, Michael432

Reply | Quote

IoT is something that I find disturbing, only because my Alexa device is always on and listening to our conversations around the dinner table. I know this because it will ask questions when we are talking to each other. She will say; “I didn’t understand that please repeat.” I have permanently disabled Alexa by unplugging and put it in a better place. I do not have any IoT devices that I know of in my home.

I also use DuckDuckGo and have for years, and I also have a lifetime account with PCMatic and their Super Shield and have not had one problem with them as my antivirus and all around protection vehicle. I would suggest that everybody use them. When will you do a review of their systems?

Reply | Quote

This quote in the article from the researcher who discovered the many Frag Attacks is only half the story:

“Fortunately, the design flaws are hard to abuse because doing so requires user interaction or is only possible when using uncommon network settings.”

Half the bugs he found were design flaws the other half were implementation issues. Software bugs, plain and simple. This is probably the worst of it because much of the buggy software will not be updated. And, he is just one guy so the devices that he can test is quite limited. The most important point is that every device he tested had at least one bug.

He released a tester so it is possible that someone will take the ball and run with it and test many more devices. We’ll see.

– – – – – –

To expand on the idea of using two routers, this is best done with the devices you care the most about connected to the inner router. And, of course, two routers will mean two different Guest networks allowing for even more network segmentation. For more on using two routers see

https://www.michaelhorowitz.com/second.router.for.wfh.php

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

1 user thanked author for this post.

ScotchJohn

Reply | Quote

There are Wi-Fi vulnerabilities that have been around for over 15 years now. Finally it was posted in the public eye and this has upset many who use for years now. The research did not release the most important key to these vulnerabilities which hopefully will stay like that. Our company does NOT ALLOW TO USE WIFI for any business or work stuff because of that. WIFI is only to be use for personal stuff like checking post, looking at pictures etc.

Reply | Quote

Business wifi is completely secure if using EAP-TLS with certificates.
Business access via public wifi is completely secure if access is via a VPN.

Your company needs a good security consultant.

cheers, Paul

Reply | Quote

If you are uncertain about how to detect lack of SSL encryption, download HTTPS everywhere, a plug in for Firefox, Edge, Opera, and Chrome that forces HTTPS on all websites.

HTTPS everywhere can’t force HTTPS where there in none.
Many sites still use HTTP and I get a Chrome warning asking if I want to exit or continue to the site.

Reply | Quote

In your column, you state:

“Samsung Galaxy S3 i9305 as particularly vulnerable to this attack. That phone was released eight years ago and is no longer supported. Lots of folks try to keep phones as long as possible, but eight years? Again, not realistic.”

Exactly why must anyone throw away a phone (or anything else) that still fulfills the owner’s needs?  Not everyone needs to shoot 8K cinema-quality video on their phone, or even cares if they can.

1 user thanked author for this post.

SueW

Reply | Quote

Alex5723 wrote:

HTTPS everywhere can’t force HTTPS where there in none. Many sites still use HTTP and I get a Chrome warning asking if I want to exit or continue to the site.

But you are warned and can make an informed decision whether you really want to go to that site.  Maybe you do, maybe you think better of doing so.  Either way, you have the information.

Reply | Quote

I was referring to : that forces HTTPS on all websites.

Reply | Quote

Alex5723 wrote:

If you are uncertain about how to detect lack of SSL encryption, download HTTPS everywhere, a plug in for Firefox, Edge, Opera, and Chrome that forces HTTPS on all websites.

HTTPS everywhere can’t force HTTPS where there in none.
Many sites still use HTTP and I get a Chrome warning asking if I want to exit or continue to the site.

Firefox HTTPS-Only also gives the user the choice of continuing with an HTTP connection or not when HTTPS is not available.

Reply | Quote

Our company issued laptops have Wifi disabled or removed since  MIT security consultant recommend that they are not secure in 2010. The MIT security consultant mentioned that Wifi has been a security issue for over 20 years now. The policy was reviewed recently by the security consultant and still stands true in 2021.

Reply | Quote

Paul T wrote:

Business wifi is completely secure if using EAP-TLS with certificates.
Business access via public wifi is completely secure if access is via a VPN.

Your company needs a good security consultant.

cheers, Paul

You must not have worked in a confidential work yet. Wifi is first thing that you are told by IT not to use. There is no security protocol that is 100% safe for Wifi. For hard wired over VPN, it is safer but still is not guarantee. IT allows this but is monitor heavily. I once came to this site on work computer since my home was having issues. In three minutes, IT contact me that asking why I was on this site. I told them was trying to find solution for home computer but they disconnect and block this website. I had to buy another computer to solve my home computer issue.

Reply | Quote

I used to design systems for corporates.
I can assure you, wifi is safe if you do it right.

cheers, Paul

Reply | Quote