sci.electronics.repair@googlegroups.com

Google Groups

harry newton <harry@is.invalid>: Oct 16 05:05PM He who is Mr. Man-wai Chang said on Mon, 16 Oct 2017 23:57:50 +0800:   > Did you notice that these hacks always happen BEFORE someone fixed it? > Are they all security traps, planted into router firmware by design? :)   This nonce KRACK vulnerability is in *everything*, including smart phones (iOS & Android) and computers (Mac/Windows/Linux) and routers (Netgear/Cisco/TPLink) ....   It even affects web sites (e.g., Match.com)...   It's more than just routers, so it's *big* - but bear in mind a. Fixes will be out soon b. Nothing is known in the wild yet c. You have to be nearby to be vulnerable   Still, since it affects *everything* using WPA2 (business and personal), it's a big deal nonetheless.   All you can do is wait for the patch when it comes out for each of your devices that implement the affected encryption protocol.

"Bill Bradshaw" <bradshaw@gci.net>: Oct 16 09:23AM -0800 It appears if you do not use or have WiFi and WPS enabled you should be secure from this. Since I have both disabled I assume I am safe because I use neither. --- <Bill>   Brought to you from Anchorage, Alaska   "harry newton" <harry@is.invalid> wrote in message news:os29mf$19go$1@gioia.aioe.org...

harry newton <harry@is.invalid>: Oct 16 06:00PM He who is Bill Bradshaw said on Mon, 16 Oct 2017 09:23:19 -0800:   > It appears if you do not use or have WiFi and WPS enabled you should be > secure from this. Since I have both disabled I assume I am safe because I > use neither.   More so than routers, mostly all known wifi "clients" are affected (e.g., all consumer smartphones and computers) that use either WPA or WPA2 (enterprise or personal), and even against networks that just use AES.   Some encrypted web sites are also affected, such as Match.com (as shown in the aforementioned video).   So you're right that it's not a big deal that there is no encryption in all these cases because the the man in the middle has to be nearby.

"s|b" <me@privacy.invalid>: Oct 16 08:55PM +0200 On Mon, 16 Oct 2017 12:46:08 +0000 (UTC), harry newton wrote:   > Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet? > <https://www.krackattacks.com>   Still waiting for an update for my TP-Link Archer C7 router. If I understand all this correctly, then I'll also need an update for my Nexus 5X?   -- s|b

"J.O. Aho" <user@example.net>: Oct 16 09:08PM +0200 On 10/16/17 20:00, harry newton wrote: > (enterprise or personal), and even against networks that just use AES.   > Some encrypted web sites are also affected, such as Match.com (as shown in > the aforementioned video).   They do use a tool commonly used in man-in-the-middle attacks, to strip away the tls and send the content to the client machine unencrypted. As they did explain in the video, many don't check in their mobile devices that they have tls communication or not and those they will be able to carry out the attack to see the the login credentials in this example.   This has nothing to do with KRACK itself.     > So you're right that it's not a big deal that there is no encryption in all > these cases because the the man in the middle has to be nearby.   There are devices that can give an attacker quite long range to execute their attacks on, so you ain't safe just for you don't see anyone nearby.   --   //Aho

"J.O. Aho" <user@example.net>: Oct 16 09:48PM +0200 On 10/16/17 20:55, s|b wrote:   > Still waiting for an update for my TP-Link Archer C7 router. If I > understand all this correctly, then I'll also need an update for my > Nexus 5X?   It's more important to update the client than the server.

William Unruh <unruh@invalid.ca>: Oct 16 07:58PM > Still waiting for an update for my TP-Link Archer C7 router. If I > understand all this correctly, then I'll also need an update for my > Nexus 5X?   I think, but do not know for sure, that the primary thing that needs to protected is the client not the Access point. Ie, your Android (do they use wpa_supplicant, since Android is based on Linux?) IOs , or your laptop. As far as I have seen, there is no fix out yet for wpa_supplicant.   It seems that the reason Windows is more resistant is because they did not no impliment the full spec for WPA2.

Roger Blake <rogblake@iname.invalid>: Oct 16 09:31PM > It's more important to update the client than the server.   Is this something that MS can push an update out for to fix, or does the wifi chip vendor need to fix device firmware or device driver?   -- ----------------------------------------------------------------------------- Roger Blake (Posts from Google Groups killfiled due to excess spam.)   NSA sedition and treason -- http://www.DeathToNSAthugs.com Don't talk to cops! -- http://www.DontTalkToCops.com Badges don't grant extra rights -- http://www.CopBlock.org -----------------------------------------------------------------------------

harry newton <harry@is.invalid>: Oct 16 09:53PM He who is J.O. Aho said on Mon, 16 Oct 2017 21:08:48 +0200:   > that they have tls communication or not and those they will be able to > carry out the attack to see the the login credentials in this example.   > This has nothing to do with KRACK itself.   Thanks for explaining *how* they manage to unencrypt *some* encrypted web sites but not others, as I wasn't sure how they did that.   I was wrong in assuming it was the KRACK attack, which seems to be that they simply hijack the third of the four handshakes, usually from the client side, and force it to be resent where in some cases, it's resent as all zeroes where in other cases it's just resent as a known nonce.   Is that a decent summary or can you summarize the attack mode better?

harry newton <harry@is.invalid>: Oct 16 10:03PM He who is William Unruh said on Mon, 16 Oct 2017 19:58:55 -0000 (UTC):   > It seems that the reason Windows is more resistant is because they did > not no impliment the full spec for WPA2.   Thanks for explaining that as this nonce stuff has certain unexpected nuances.   However, we have to be a bit careful with any early conclusions such as mine yesterday (before the paper came out) that routers were originally involved more so than clients, which turns out, as noted, to be not the case - the mobile device and desktop clients are the weak link here.   However, all conclusions from the paper at the moment are preliminary because the paper was sent for review on the 19th May where the authors found out more information afterward that's not in the paper, but it *does* seem that some OS'es (e.g., MacOS & Android 6+ & Ubuntu, for example) are apparently far more acutely affected than are the Windows based WPA1 and WPA1 implementations (or the iOS implementation).

"Jonathan N. Little" <lws4art@gmail.com>: Oct 16 06:13PM -0400 harry newton wrote: > the aforementioned video).   > So you're right that it's not a big deal that there is no encryption in all > these cases because the the man in the middle has to be nearby.   Ubuntu just pushed out a patch today.   sudo apt-get update && sudo apt-get -y upgrade   and you are good to go.   -- Take care,   Jonathan ------------------- LITTLE WORKS STUDIO http://www.LittleWorksStudio.com

harry newton <harry@is.invalid>: Oct 16 10:36PM He who is Jonathan N. Little said on Mon, 16 Oct 2017 18:13:09 -0400:   > Ubuntu just pushed out a patch today.   > sudo apt-get update && sudo apt-get -y upgrade   > and you are good to go.   We have to be careful about "a patch" since there are actually multiple vulnerabilities, although perhaps one patch fixes all.   Ubiquiti released this today for example...where my rooftop radios can pick up the signals from over a million people, so, that many people can attack me. :)   "You are mostly covered if you are running v8.4.0 (AC series) or v6.0.7 (M series). We will fully resolve the issue with v8.4.2/v6.1.2 (betas aimed for the end of this week). Furthermore, our proprietary airMAX protocol makes simple attacks more difficult to carry out. Will be fully fixed with v8.4.2/v6.1.2: CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake CVE-2017-13078: reinstallation of the group key in the Four-way handshake CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake CVE-2017-13080: reinstallation of the group key in the Group Key handshake CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake Unaffected: CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame"

Paul <nospam@needed.invalid>: Oct 16 06:36PM -0400 Roger Blake wrote: >> It's more important to update the client than the server.   > Is this something that MS can push an update out for to fix, or does the > wifi chip vendor need to fix device firmware or device driver?   Fixed on Patch Tuesday. Good luck collecting detailed proof though.   https://social.technet.microsoft.com/Forums/en-US/e2fe0489-93ae-4177-8dea-53e7a204ef54/eta-of-patch-for-quotkrackquot-was-this-patched-previously-or-should-we-expect-a-patch-soon?forum=win10itprosecurity   There's a Wifi architecture diagram here. This is so you can see the degrees of freedom allowed.   https://docs.microsoft.com/en-us/windows-hardware/drivers/network/native-802-11-software-architecture   I'd wait for some "expert" opinion. I'd accept the opinion of the Microsoft staffer who wrote the patch :-) Anyone else, not so much.   Paul

". . .winston" <winston_mvp@gmail.com>: Oct 16 07:10PM -0400 Paul wrote: > opinion of the Microsoft staffer who wrote the patch :-) > Anyone else, not so much.   > Paul   Microsoft CVE Notice <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080> <qp>When did Microsoft release the security updates to address this vulnerability? Microsoft released security updates on October 10, 2017 as part of Update Tuesday to resolve this vulnerability in all affected editions of Windows. Customers who have Windows Update enabled and who applied the latest security updates are protected automatically. The Security Update Guide was updated on October 16, 2017 to provide full disclosure on this vulnerability in accordance with a multi-vendor coordinated disclosure. </qp>   Also, if using a NetGear router see.... <https://kb.netgear.com/000049498/Security-Advisory-for-WPA-2-Vulnerabilities-PSV-2017-2826-PSV-2017-2836-PSV-2017-2837> </qp> NETGEAR is aware of WPA-2 security vulnerabilities that affect NETGEAR products that connect to WiFi networks as clients. These vulnerabilities are potentially exploitable under the following conditions: •Your devices are only vulnerable if an attacker is in physical proximity to and within wireless range of your network. •****Routers and gateways are only affected when in bridge mode**** (which is not enabled by default and not used by most customers). A WPA-2 handshake is initiated by a router in bridge mode only when connecting or reconnecting to a router </qp>     -- ...winston msft mvp windows experience 2007-2016, insider mvp 2016-2018

harry newton <harry@is.invalid>: Oct 17 12:17AM He who is harry newton said on Mon, 16 Oct 2017 22:03:42 +-0000 (UTC):   > Thanks for explaining that as this nonce stuff has certain unexpected > nuances.   Here's every patch for KRACK Wi-Fi vulnerability available right now <http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/>   Apple: The iPhone and iPad maker confirmed to sister-site CNET that fixes for iOS, macOS, watchOS and tvOS are in beta, and will be rolling it out in a software update in a few weeks.   MORE SECURITY NEWS   WPA2 security flaw puts almost every Wi-Fi device at risk of hijack, eavesdropping Homeland Security orders federal agencies to start encrypting sites, emails +IAs-OnePlus dials back data collection after users protest These fake tax documents spread jRAT malware Arris: a spokesperson said the company is "committed to the security of our devices and safeguarding the millions of subscribers who use them," and is "evaluating" its portfolio. The company did not say when it will release any patches.   Aruba: Aruba has been quick off the mark with a security advisory and patches available for download for ArubaOS, Aruba Instant, Clarity Engine and other software impacted by the bug.   AVM: This company may not be taking the issue seriously enough, as due to its "limited attack vector," despite being aware of the issue, will not be issuing security fixes "unless necessary."   Cisco: The company is currently investigating exactly which products are impacted by KRACK, but says that "multiple Cisco wireless products are affected by these vulnerabilities."   "Cisco is aware of the industry-wide vulnerabilities affecting Wi-Fi Protected Access protocol standards," a Cisco spokesperson told ZDNet. "When issues such as this arise, we put the security of our customers first and ensure they have the information they need to best protect their networks. Cisco PSIRT has issued a security advisory to provide relevant detail about the issue, noting which Cisco products may be affected and subsequently may require customer attention.   "Fixes are already available for select Cisco products, and we will continue publishing additional software fixes for affected products as they become available," the spokesperson said.   In other words, some patches are available, but others are pending the investigation.   Espressif Systems: The Chinese vendor has begun patching its chipsets, namely ESP-IDF and ESP8266 versions, with Arduino ESP32 next on the cards for a fix.   Fortinet: At the time of writing there was no official advisory, but based on Fortinet's support forum, it appears that FortiAP 5.6.1 is no longer vulnerable to most of the CVEs linked to the attack, but the latest branch, 5.4.3, may still be impacted. Firmware updates are expected.   FreeBSD Project: There is no official response at the time of writing.   Google: Google told sister-site CNET that the company is "aware of the issue, and we will be patching any affected devices in the coming weeks."   HostAP: The Linux driver provider has issued several patches in response to the disclosure.   Intel: Intel has released a security advisory listing updated Wi-Fi drives and patches for affected chipsets, as well as Intel Active Management Technology, which is used by system manufacturers.   Linux: As noted on Charged, a patch is a patch is already available and Debian builds can patch now, while OpenBSD was fixed back in July.   Netgear: Netgear has released fixes for some router hardware. The full list can be found here.   Microsoft: While Windows machines are generally considered safe, the Redmond giant isn't taking any chances and has released a security fix available through automatic updates.   MikroTik: The vendor has already released patches that fix the vulnerabilities.   OpenBSD: Patches are now available. (The bastards allowed a diff to be performed by the bad guys!)   Ubiquiti Networks: A new firmware release, version 3.9.3.7537, protects users against the attack.   Wi-Fi Alliance: The group is offering a tool to detect KRACK for members and requires testing for the bug for new members.   Wi-Fi Standard: A fix is available for vendors but not directly for end users.   At the time of writing, neither Toshiba and Samsung responded to our requests for comment. If that changes, we will update the story.

Roger Blake <rogblake@iname.invalid>: Oct 17 01:03AM > This nonce KRACK vulnerability is in *everything*, including smart phones > (iOS & Android) and computers (Mac/Windows/Linux) and routers > (Netgear/Cisco/TPLink) ....   Yet there are still people who think the "Internet of Things" is a good idea.   Huge numbers of cheap wifi-connected devices, many poorly-designed, most of them likely never receiving security updates. What could possibly go wrong? -- ----------------------------------------------------------------------------- Roger Blake (Posts from Google Groups killfiled due to excess spam.)   NSA sedition and treason -- http://www.DeathToNSAthugs.com Don't talk to cops! -- http://www.DontTalkToCops.com Badges don't grant extra rights -- http://www.CopBlock.org -----------------------------------------------------------------------------

harry newton <harry@is.invalid>: Oct 17 02:26AM He who is Roger Blake said on Tue, 17 Oct 2017 01:03:46 -0000 (UTC):   > Huge numbers of cheap wifi-connected devices, many poorly-designed, most of > them likely never receiving security updates. What could possibly go wrong?   Well, much more information is out today than yesterday, where it appears that this situation was handled well since May of this year.   The one open-source fiasco was the anomaly of OpenBSD, which the authors vowed to never let happen again.   Otherwise, the proprietary solutions were all fixed (or being fixed) in the way that'd you'd expect.   The problem is in all WiFi WPA1 and WPA2 implementations, but mostly in Linux and Android "clients" and less so in iOS and Windows clients.   Likewise less so in "routers" not set up as "bridges" (where, unfortunately, almost all the many routers in my home are almost all set up as bridges or as stations - all of which are vulnerable).   I guess, when the smoke clears, the problem will be the unsupported devices, of which Android may be a significant set as may be some of the older routers and access points.

"J.O. Aho" <user@example.net>: Oct 17 07:08AM +0200 On 10/16/17 23:53, harry newton wrote:   >> This has nothing to do with KRACK itself.   > Thanks for explaining *how* they manage to unencrypt *some* encrypted web > sites but not others, as I wasn't sure how they did that.   You can think of it like   [client]----->[MITM HTTP-service]--->[MITM client]--->[HTTPS Site]   or if you want to keep encryption   [client]----->[MITM HTTPS-service]--->[MITM client]--->[HTTPS Site]   In the first case the client connect to the Man-in-the-middle (MITM) over http, MITM then resends the data over HTTPS to the site the client tried to connect to.   In the second example the MITM do allow the client to connect with HTTPS, the certificate which the MITM has will not be the same as on the site, so if the client don't verify the certificate, then the attack works.   If you want to read more in detail and better explained how MITM works, please take a look at: https://www.owasp.org/index.php/Man-in-the-middle_attack     > client side, and force it to be resent where in some cases, it's resent as > all zeroes where in other cases it's just resent as a known nonce.   > Is that a decent summary or can you summarize the attack mode better?   I wouldn't say it's hijacked, as you can resend the third request without knowing the first request. The request is sent to the client and on the client side, if you have followed the specification and cleared out the key already, then a zero-key used. I think they did explain this well on the video.   --   //Aho

"J.O. Aho" <user@example.net>: Oct 17 07:12AM +0200 On 10/16/17 23:31, Roger Blake wrote: >> It's more important to update the client than the server.   > Is this something that MS can push an update out for to fix, or does the > wifi chip vendor need to fix device firmware or device driver?   No, not the chip vendor, the manufacturer of the device, for example to get a fix for your phone, the phone manufacturer has to push out a fix, then your phone operator may have a custom firmware for your phone, then you may be vulnerable a lot longer. When it comes to your wifi, the Access point is usually not a client, so it's not as vulnerable to the issue. It's important to get updates to your devices that connects to wifi.

oldschool@tubes.com: Oct 17 12:01AM -0500 On Fri, 13 Oct 2017 13:56:49 -0700 (PDT), "pfjw@aol.com" <pfjw@aol.com> wrote:     >They are also limited in capacity by design. For full inverter capacity, you need to connect directly to the battery.   >Peter Wieck >Melrose Park, PA   Cigarette lighter sockets which have been used to light cigs, always make poor connections. They are full of carbon, ashes, and other crap. Back when I smoked, I had to regularly replace the lighters. They never lasted long. Several times I had to replace both the lighter and the socket.   The one in my car was never used as a lighter, so it makes a fairly good connection. My truck has 3 sockets. One contains a lighter, the other two are only for plugging stuff in. That was a good setup. Most (or all) new cars dont evne have cig lighters anymore. I guess they figure that everyone on earth has quit smoking.... But they dont consider that those sockets have other uses. New cars have USB connectors, but they have limited uses. I'd rather have a 12V Cig lighter socket. Those USB plugs that go into cig lighter sockets only cost a buck.

oldschool@tubes.com: Oct 16 11:33PM -0500 >when it powers up or when welding commences. It ramps up the welding >current once the arc is established. >Eric   I sort of thought the same thing. But when I connected it directly to a battery, using auto jumper cables, as soon as I touched the POS cable to the battery, I got heavy sparking, so I pulled the cable off the battery. That's when I noticed the inverter's switch was in the OFF position. With the battery still disconnected, I flipped the switch on the ON position, and the LEDs on the front of it, lit up for a few seconds. Thus, some capacitor became charged up, and it's stored charge, caused the LED to light.   At that point, I thought that this inverter is just too big for plugging it into a cig lighter. (My old inverter which is no longer working, was rated at 300W peak, and continuous power is 125W. That never blew any fuses).   So, I visited a friend the next day, and was telling him about this, when he grabbed his inverter and plugged it into my car's cig lighter socket. It worked perfectly. His inverter is rated at 700W continuous , or 1400W peak. So, if his 700W cont. works fine, my 400W cont. should not cause any problems.   The seller of that thing told me to just throw it in the trash, if it blows fuses. Of course I wont throw it in trash, and now I am more curious why it blows fuses and why it throws large sparks when it's turned OFF.   The bad thing is that they dont put schematics online for them. At least I cant find one. It's a Cobra CPI 480 model.

"pfjw@aol.com" <pfjw@aol.com>: Oct 16 10:51AM -0700 On Monday, October 16, 2017 at 8:34:50 AM UTC-4, Foxs Mercantile wrote:   > Congratulations, you bought a Chinese battery.   What comes from eBay typically does not carry an imprimatur. That, alone, would be enough to make the price suspicious.   Peter Wieck Melrose Park, PA

Peabody <waybackNO584SPAM44@yahoo.com>: Oct 16 06:04PM -0500 Jeff Liebermann says...   > battery packs are the same age, it's likely the working > battery pack will soon fail. Buy a replacement BP40 for > both radios.   I did that. One of the big suppliers of generic BP40s also runs auctions from time to time, with a starting bid of $.01 plus $5.39 shipping for a pair. One of those was ending as I was about to buy, so I bid a penny and won the auction. So $5.40 for two BP40s. They claim to be 700 mAh, but of course there's no way to know about that for sure. But I think not a bad gamble overall.   > Be sure to check the charge current to make sure that > you're not overcharging or quick charging the Eneloop > batteries.   I've always used Eneloops in my speedlights, and am a big fan. But the charging setup here is very strange. The charging cradle appears to put out a minimum of 7V to each radio, sometimes 12.5V, and it loods like the BP40 has some smarts built into it that actually controls the charging. So if I used Eneloops, I would have to take them out of the radios to charge them. So for the moment I'm going to stick with the BP40s and use the charging cradle.   The charging contacts on the BP40 are not directly connected to the outside battery terminals of the 4-pack. So there's some circuitry in there. When the new ones arrive, I may take the old bad one apart and see what's in there besides the cells.

Peabody <waybackNO584SPAM44@yahoo.com>: Oct 16 06:06PM -0500 rickman says...   > Eventually I'll end up with a smart phone. Resistance > is futile...   I thought I was the only one.

Frank <analogdial@mail.com>: Oct 16 07:55PM On Sat, 14 Oct 2017 17:25:58 -0700, Dave Platt wrote:   > the requirements for this service.   > These aren't new regs; this section dates back to 1963 and was last > amended in 1973.   So what? American domestic SW stations have been broadcasting to a domestic audience since at least around 1970 when I was entertained by HL Hunt sponsored right wing propaganda on radio station WINB.   It reached a peak around the Y2K period when overtly racist neo-nazi babblers could be found among the end time preachers, conspiratorialists, and other kooks of domestic SW radio.   Domestic SW broadcasting has been a real world fact, if not a legal fact, for decades.   I'm not aware of the FCC enforcing any speech codes or domestic SW broadcasting requirements in modern times. Maybe it's not enforceable? I dunno.       > by the regulations, it's not surprising they got slapped... and I have > no particular sympathy for them. I expect a similar thing would happen > to any other "international" broadcaster that tried a similar stunt.   Kookcasters don't have the budget for their own radio station. They buy time on brokered SW stations. A broadcaster like the Jeremiah 33:3 Ministries guy has been kicked off at least a couple of stations for not paying his bills. A real loss for those who need to learn every kooky detail on the Masonic/Alien/David Rockefeller Conspiracy which controls EVERYTHING.   I haven't heard ADV in a while. Sometimes broadcasters go vagabond, sometimes they're just gone.

You received this digest because you're subscribed to updates for this group. You can change your settings on the group membership page. To unsubscribe from this group and stop receiving emails from it send an email to sci.electronics.repair+unsubscribe@googlegroups.com.