| William Unruh <unruh@invalid.ca>: Oct 17 05:25AM > get a fix for your phone, the phone manufacturer has to push out a fix, > then your phone operator may have a custom firmware for your phone, then > you may be vulnerable a lot longer. As I understand it on Android, it uses wpa_supplicant to make the WPA2 connection, and what is needed is to push an updated wpa_supplicant onto the phone (and presumably something similar for IOS). I do not think it has anything to do with the firmware. |
| David_B <David_B@nomail.afraid.org>: Oct 17 09:04AM +0100 On 17-Oct-17 1:17 AM, harry newton wrote: > users. > At the time of writing, neither Toshiba and Samsung responded to our > requests for comment. If that changes, we will update the story. Thanks, Harry. Have you read/watched here? http://www.techrepublic.com/article/krack-wpa2-protocol-wi-fi-attack-how-it-works-and-whos-at-risk/ -- David B. |
| harry newton <harry@is.invalid>: Oct 17 10:29AM He who is David_B said on Tue, 17 Oct 2017 09:04:31 +0100: > Have you read/watched here? > http://www.techrepublic.com/article/krack-wpa2-protocol-wi-fi-attack-how-it-works-and-whos-at-risk/ Nice find. <http://www.techrepublic.com/article/krack-wpa2-protocol-wi-fi-attack-how-it-works-and-whos-at-risk/> KRACK WPA2 protocol Wi-Fi attack: How it works and who's at risk Salient points: . There are 10 CVE identifiers . All WPA is likely affected especially Android 6.0+ & Linux/MacOS clients . <https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4> . Lynchpin is the 4-way handshake to join a WPA network . wpa_supplicant is the Wi-Fi library that handles the 4-way handshake . The SSID passphrase is verified & an encryption key is negotiated . The client waits for the access point to acknowledge the encryption key . The client will receive the encryption key multiple times in that case . The client is expected to reinstall that rebroadcast encryption key . The client is expected to reset the incremental packet transit nonce . The result is a blank (all zero) encryption key |
| "Mr. Man-wai Chang" <toylet.toylet@gmail.com>: Oct 17 08:11PM +0800 On 17/10/2017 1:05 AM, harry newton wrote: > will be out soon > b. Nothing is known in the wild yet > c. You have to be nearby to be vulnerable So are these "fixes" really fixing the problem, or are they merely moving the trap-doors to somewhere? That is, the trap-doors or maybe "portals" are always opened. :) -- @~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!! / v \ Simplicity is Beauty! /( _ )\ May the Force and farces be with you! ^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3 不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺! 請考慮綜援 (CSSA): http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa |
| "pfjw@aol.com" <pfjw@aol.com>: Oct 17 05:21AM -0700 On Tuesday, October 17, 2017 at 8:11:36 AM UTC-4, Mr. Man-wai Chang wrote: > So are these "fixes" really fixing the problem, or are they merely > moving the trap-doors to somewhere? That is, the trap-doors or maybe > "portals" are always opened. :) Logical fallacy - you cannot know what you do not know. Peter Wieck Melrose Park, PA |
| harry newton <harry@is.invalid>: Oct 17 12:30PM He who is Mr. Man-wai Chang said on Tue, 17 Oct 2017 20:11:31 +0800: > So are these "fixes" really fixing the problem, or are they merely > moving the trap-doors to somewhere? That is, the trap-doors or maybe > "portals" are always opened. :) The author of the KRACK attack pleonasm says that he would expect other protocols to be similarly afflicted. |
| "J.O. Aho" <user@example.net>: Oct 17 05:55PM +0200 On 10/17/17 07:25, William Unruh wrote: > connection, and what is needed is to push an updated wpa_supplicant > onto the phone (and presumably something similar for IOS). > I do not think it has anything to do with the firmware. The wps_supplicant ain't delivered as APK, so you will need a firmware update. On most GNU/Linux phones it's a package (rpm/deb), so that could be pushed out without a firmware update. |
| "pfjw@aol.com" <pfjw@aol.com>: Oct 17 05:45AM -0700 > the ON position, and the LEDs on the front of it, lit up for a few > seconds. Thus, some capacitor became charged up, and it's stored charge, > caused the LED to light. With all due respect - does the phrase "danger to yourself and others" have any meaning. As described: a) This thing blows a 25A fuse on contact. Even instant fuses will handle an overload for some period of time which is a function of load and duration. So in instant failure = Dead Short. b) Sure, an LED taking a micro-current might light from residual current stored somewhere along the current path. But that does not suggest that the system is functioning properly. c) Who knows what part of the system is being switched. It is *VERY* unlikely that the actual switch you are using is handling either the 25A input at 12V or the 400-700-watt output, but rather some relay that is capable of handling the current. It is very likely that what you have is toast. http://www.electroschematics.com/wp-content/uploads/2012/11/12vdc-120vac-inverter.jpg is a very basic schematic for a very low output device - but the principles are the same. You can see multiple opportunities for a short. Cutting to the chase - either you have a mechanical problem with some part shorting to the case. Or you have a component failure that will require replacement. With your well-proven skills, it is unlikely that you will be able to diagnose the failed part correctly, or if you find *A* bad part, you will not be able to discern whether it is the primary cause or a secondary cause. In any case, given the cost of a NEW inverter of sufficient capacity to manage your load(s) and not either drain your battery or melt it down - get a new inverter. And, design the proper connectors to use it safely. I have seen installations with hard-wired inverters installed with the proper switches. No overheating, no stray wires, no fires. You might consider that option. Get it done by a professional, however. Peter Wieck Melrose Park, PA |
| jurb6006@gmail.com: Oct 17 08:12AM -0700 >"using an iron transformer to produce 120V AC output. " What other kind is there ? /something like stacked Dickson converters ? Or have they found a way to go SMPS with it ? |
| You received this digest because you're subscribed to updates for this group. You can change your settings on the group membership page. To unsubscribe from this group and stop receiving emails from it send an email to sci.electronics.repair+unsubscribe@googlegroups.com. |
No Response to "Digest for sci.electronics.repair@googlegroups.com - 9 updates in 2 topics"
Post a Comment