[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT] Breaking WPA2 by forcing nonce reuse

On Tue, 17 Oct 2017 19:20:08 +0100
Brian <ad44@cityscape.co.uk> wrote:

> On Tue 17 Oct 2017 at 10:57:15 -0400, Celejar wrote:
> > On Tue, 17 Oct 2017 08:43:00 +0530
> > "tv.debian@googlemail.com" <tv.debian@googlemail.com> wrote:
> > 
> > > So using https or better for communications on the local network is a 
> > > good idea, but is it the norm? Many router firmwares or built-in 
> > > webservers from cameras to printers default to http, sometime don't even 
> > > offer https as an option.
> > 
> > Yes, after I sent my mail I realized that my wirelessly networked
> > printer is going to be a problem. Some printers apparently support
> > access via SSL/TLS (IPPS), but it looks like mine (Brother
> > HL-2280DW) does not. And what are the odds that Brother will do a
> > firmware update to patch WPA for this some 6 years old model ;)
> I, and you, probably, are not dealing with printing confidential
> documents. Those entities which are should be more concerned.

I'm not? What happens when I need to print out some sort of financial


> > > It's patched in most distributions, and in router firmwares like LEDE 
> > > already, was patched in some BSD even before publication, but how long 
> > > before we see a patches for all affected devices?
> > 
> > Never - for many / most Android devices, my printer (probably), etc.
> A timely fix arrives in Debian. Users who update are once again safe.
> What more could you ask for? What can you say apart from "thanks"?

? Yes, my Debian installations are now safe, and I'm duly thankful to
the Debian maintainers, the wpa_supplicant developers, the LEDE
developers, etc., but why should I not be worried and upset about the
situation with my phone, printer, etc.?


Reply to: