Site Navigation

Date:      Mon, 16 Oct 2017 21:24:39 -0500
From:      Karl Denninger <karl@denninger.net>
To:        freebsd-security@freebsd.org
Subject:   Re: WPA2 bugz - One Man's Quick & Dirty Response
Message-ID:  <fb8d2dcb-2748-18fa-a25d-d52f4ea4c378@denninger.net>
In-Reply-To: <27180.1508206466@segfault.tristatelogic.com>
References:  <27180.1508206466@segfault.tristatelogic.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
On 10/16/2017 21:14, Ronald F. Guilmette wrote:
> In message <20171016230525.GA94181@funkthat.com>, 
> John-Mark Gurney <jmg@funkthat.com> wrote:
>
>>> In light of the recent WPA2 disclosures, it has occured to me that
>>> as of today it may be a Bad Idea for me to be exporting all of this
>>> stuff, read/write, to all of 192.168.1.0/24.
>> Doesn't matter, if your network is compromized, only strong encryption
>> and authentication will save you..
> Hummm... I *think* that maybe I'm starting to understand now.  But maybe
> not.  I'm at a bit of a disadvantage, because like 99.999% of the
> population I'm still not entirely 100% clear on what can and can't
> be done with these new WPA2 exploits.
Please understand that if you can get an AP to hand you a zero'd key
(with an intentionally "weak" client) THEN THAT PERSON JUST BECAME ABLE
TO ATTACH TO YOUR NETWORK AS AN AUTHORIZED USER.

Your network is thus exactly as "secure" as one that has an open RJ45
jack sitting at the end of your driveway and connected to your switch. 
If someone who plugged into that could screw you blind well, that's
exactly the situation you're now in.

Incidentally, has anyone yet figured out if this vector works on a
network configured for machine certificates instead of a PSK?  I'm not
certain from what I've looked at yet, and that is bothering me a LOT for
what should be obvious reasons.

-- 
Karl Denninger
karl@denninger.net <mailto:karl@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/

[-- Attachment #2 --]
0�	*�H��

��0�

10
	`�H
e0�	*�H��


��
�0��0���
�H���^��Ōc!5�
�H0
	*�H��


0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems CA1!0UCuda Systems LLC 2017 CA0
170817164217Z
270815164217Z0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA0�"0
	*�H��



�0�
�
�h�-5B>[���;��o���l�Ӵ��0~͎O9}�9�Y��e������*�������$��g��!uk�vʶ�LzN�`jL�>��MD'7
U4����5C�B�+�kY`bd����~b*�c3�N��y-�78j�u�]9H�e��uέ�sӬD��ؽ�m��gw�ER�?�&U�UR�j����'�}�9n�WD i�`XcbG��z�\g������G=��u�%���\�O�i1���3���ߝ4�
�K4�4p�YQr]�Ie�/r�0+��eEޝݖ0��C15�M��ݚ@J�SZ(zȏ�N�Ta�(2��5�D�D5���.l�<g[[Za��r�Q�Q%�Bu�ȴ
����~~`���I�oh�R�b����ʳ��ڟ���u�2���M�S��8E�dF��UC���l�CM�aѳ����!����}ș�+�2��k
��/�bų�E,��n�当ꖛ\�(8�WV�8	d]�b�	�������y�X��w	܊�:I�39

��

0�
0U]�^§������Q�\ӎ�0��U#��0�����T0�3���9�N0b������0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems CA1!0UCuda Systems LLC 2017 CA�	�@�U��i0U

�0

�
0U

�
�0
	*�H��


�
��:P U!>v�����J�ni��o�-����#�ן�]Wyu�j���ǑR̀��Q�
�nƇ�!GѦF��g\�yLx�g�w=�O�P��yceh�f[���}�ܷ�['4�ڝ�\[p6\o.
��B&�JF���"�ZC{;�*o�*�mc��Cc�LY߾�`
�t�*�S!����񫶭�(���`�]D�HP�5���A~/�N���Pp�����6�=�m��h�k�밣'd���oA$�86hm����5���Ӛ��S@�j���ެE���gl��
�)�0JG���`%�k�3�5��P��a��C?���σ
׳HE�t
}!�P���㏏%*���B�xb��Q�waKG����$6h�¦��M�v��e;��[o��-�Iی��&
���I,��T��c�ߎ#t �wPA�@��l0�P�+�KXB��պT	z���G�v;N��c��I3��&��JĬ���UP�N��a��?�/�%�W��6G۟N�0�00��
��k���#X��d��\�=0
	*�H��


0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA0
170817212120Z
220816212120Z0W10	UUS10UFlorida10U
Cuda Systems LLC10Ukarl@denninger.net0�"0
	*�H��



�0�
�
�T��[I�-ΆϏdn;�Å�@שy���.u�s�~_�Z�G%<��M��Y��d�\g��v�f��n�s�a��1'6����E�gyjs�"C� [�{��~��_���K���Pn+<�*�pv���#Q�����+��H���/���7[-v��qD��V^U>�f��%�GX�)��H.��|l`�M(C�r�>е͇6����#�o��dc"Y�ljҦ�ln8�@�5S�A�0���&ۖ"���OGj?��U��DWZ5	��dDB7k-)�9�����I�zs��-�JA���v
��J��6L���$�Ն����1Sm�Y.��Lqw*��SH;E��F'�D�Ħ��H��]��M��O��������g���Q���Q�|M�ٙ��ג2Z��9y��@���y�]}6ٽe��Y9��Y2�xˆ�$T�=�e�CǺ��ǵb�n֛�{��j��|��@�LL�t�1�[D�k5:$=�	`�	�M

��
�0�
�0<+


00.0,+
0
� http://ocsp.cudasystems.net:88880	U00	`�H
��B

�0U

��0U%0+
+
03	`�H
��B

&$OpenSSL Generated Client Certificate0U�%�՞V
=���؁�;�bzQ0��U#��0���]�^§������Q�\ӎϡ�����0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems CA1!0UCuda Systems LLC 2017 CA��H���^��Ōc!5�
�H0U0�karl@denninger.net0
	*�H��


�
�۠�A0�-j%-�-$%���g2#ޡ��1�^��>���{K+�u��GE���v1���ş7Af&b�&O�;.��;A5���*U��)N��D2bF��|\=�]<�sˋL!��wrw���٧>��Y���M���Ä���3\mW�R�� h�Sv���!�_�zv�����l�?� ��3_�� �xU%�\�^����#���O*���Gk̍�YI_�&�Fꊛ�����@&�1�n������”�}� ͬ:��{�hT�P3��B.�;���bU�8:Z��=^���Gw�8���!k-��@���x�E��@�i�,+'�Iᐚ:f��hz�tX7/�(h�Y`��� O�.������1}a`�%�RW��^�a�k������ǂp�C�Au�fgDix�UT��Щ/�7��}�%=j��nVZvcF����<�M=
�2^G�KH5魉
�_���O�4ެ�Byʈ�
��y��S��k�w=5�@h�.0�z�>�
W�1�0�

0��0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA��k���#X��d��\�=0
	`�H
e��E0	*�H��

	1	*�H��


0	*�H��

	1
171017022439Z0O	*�H��

	1B@<I.������o�Y�;wL�Z�[4h̫j�{l�e&��
y�̀΄v����3~�*-�-og�r�Բ0l	*�H��

	1_0]0	`�H
e
*0	`�H
e
0
*�H��
0*�H��
�0
*�H��

@0+0
*�H��

(0��	+

�71��0��0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA��k���#X��d��\�=0��*�H��

	1�����0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA��k���#X��d��\�=0
	*�H��



��.�xt�R6kn/Y�1!%�O-%�A�<�30�4Պ��.8�WG_Vl���~���=#7Ĉ��B���)�S[�+9w�<��F�[�(���:L�ӡ).WI�+c.Ă�$U̿1��ɢ��2��D1�ea	!�Yi��k|
h�.�gL�h�i��S@U|p1�g�6�m᱀�`t�R�T�#@���9�J��j�'D�AAG����J{��������,��fe�R��5^��0����U����C�޾��*�T���P4_�����:f����K�3nWK`y�L����m��jn؁~Lf��!j�~[����)?��]���s��3P�m/`+v���wK��~ک���
G�����v��=:v���o{Wh��
R��2�”�?L��s�$�H�
��?�Kn��@�~�k�]`��8���ͽ��#����Q���c�t� E������LL~đ�^�0�d�������:��W��}5L�2�OުG:�W|:'�K�J�e�t�0

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fb8d2dcb-2748-18fa-a25d-d52f4ea4c378>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact