IMPORTANT INFO – All about KRACK – new wifi vulnerability!


I’ve had a quite number of customers ask me about KRACK – the subject of quite a bit of recent news!
Well – here is the scoop.
KRACK – the name comes from Key Re-installation Attack. It exploits a weakness in the WPA protocol that protects Wifi traffic, which pretty much means everyone
and I mean EVERYONE using Wifi is affected.

For years we used WEP as the security protocol and more recently as weaknesses in that security method were discovered (you are able to discover the WEP key with any good laptop and a couple hours of computing) a new security method called WPA was implemented and at this point it has largely replaced WEP.

But WPA has a flaw – there is a 4 step process in negotiating access to your secure network.  This process is ‘robust’ and is designed to handle momentary losses of connection so that your computer can reattach easily to the network.

The problem is that the process that makes it ‘robust’ has a serious flaw and when you tell the network you are ‘re-attaching’ after losing connection the WPA protocol allows itself to be played – and a process can ask it again and again to attach – and each time it asks it gets a bit more information until the attacking process is gven enough information to completely reconstruct the key – and gain FULL access to your ‘secure’ network.

WOW – I say.  THAT is a flaw!

But – this ONLY affects computers (and phones, iphones, android phones) that use wireless to attach to your network.
Effectively another person can connect to your network without your permission.  And once they are attached they can operate their laptop in ‘promiscuous’ mode – meaning that the laptop can capture and record ALL packets of data sent or received by ANY computer on the network.
Normally you ‘filter’ out any packet not directed at your own computer because you don’t care or don’t want to have to analyze the other traffic.
So if you are reading emails – the attacker is effectively sitting over your shoulder.

So – how bad a problem this?  Its big.  And bad.  BUT ITS NOT THE END OF THE WORLD like some are saying (often with things to sell you).

First – it ONLY affects wireless traffic.  If you have a wired computer at home, your network traffic is not subject to inspection.
Only things attached to your wireless router can have their network traffic inspected.

Second – if you are connecting to your bank for example, those are always (or virtually always) connected via HTTPS (secure web) – and even if someone could look at thos packets as they went between you and the bank they would be gibberish.  THAT kind of traffic is still secure and unaffected by KRACK!
Here, he is NOT sitting over your shoulder – and what you are sending and receiving is all highly encrypted and secure.  Gaining access to secured encrypted traffic does not help the attacker at all!
Third – and VERY important! The attacker has to be WITHIN RANGE OF YOUR WIFI!  No one sitting in Russia can attach to your network.  They would have to be inside your house (or very close by outside your house) to have a strong enough signal to attach.  So unless someone is lurking in the bushes you have little to fear at your house.
Normal wifi is only readable in your house.  You can check how strong it is by going out to your driveway and see if you can still attach via your phone.
If you cant do it, then no attacker could do it either!
Checking your bushes would be a good idea.  In any case IMHO.

The MAIN cause for worry is when you are in public spaces like an airport.  Then someone attaching … but wait … if the attacker is in a PUBLIC space they can attach to the network anyway!  did YOU have to enter a password in an airport?

In Public spaces you should make sure you use HTTPS websites for anything ‘sensitive’.  And if you send an email containing passwords or credit card info in such a location you are open to loss of that information – having NOTHING to do with KRACK!
So – all in all – its a problem.  But really a pretty minor one IMHO.  And its really a problem in your ROUTER that is generating the Wifi Hotspot.  That device needs to have its WPA security updated to eliminate the flaw – and router vendors are I’m sure producing firmware updates as we speak.
You can check with the manufacturer of your router as to when they will have a patch to handle the flaw.

Any further questions – fire away.  I’ll be happy to help!

Halt and Catch Fire  – Series Finale.  Really!

Saw the series finale (2 hours) and it was good.  But it was also odd.  Joe would NOT have gone into teaching. if Bill Gates had ‘failed’ would he have become a teacher?
I dont think so….

ADOPTION CORNER – all with a 6 month warranty

Just in – a nice 2015 13n Retina, 2017 Mac Air, Super Nice 2017 Dell i7 5480, other nice Latitude Dells in the 5000 series also some nice cameras!

SUPER nice Dell a 5480 model which is only a couple of months old – 16gb 256gb SSD, i7 cpu and a Nvidia 930MX Graphics processor that is SERIOULY kick-butt!
VERY VERY nice unit!

also up for adoption a nice 2015 Mac Air, A Retina 13 2013-2014 Macbook pro, A 2010 27in Imac, and various others!
And I even have a 2011 (and a 2010 one as well) 17in Macbook pro – IMHO the best Macbook apple ever build (on which this is being written!)
A nice HP 13in X360 convertible!

A SUPER cute Lenovo Yoga Pro.  This is a 10in android tablet – that has a built in DLP Projector – and can project the desktop onto any surface 🙂

Can’t for the life of me think of a use for it myself – but Its SUPER cute!
And many more!

Cameras in the adoption corner!
I have 2 Canon 7D cameras – their semi-professional models.  And a Nikon D5200 (also semi professional)
Just got in a Sony A6300 mirrorless camera – and we have various others like Canon T2i, T3i, T4i and Nikon ones as well.
We also have some older film cameras for the vintage buff –

and a VERY NICE Museum piece – a Kodak 2-D from about 1909 in GREAT Condition complete with its original black box and the black cape you throw over your head to take the shot!  (The bellows have been replaced but other than that its all original) SUPER NICE shape according to a customer who is in the large format photography group

Enjoy folks hope you all enjoy my musings!  Any and all comments are very welcome!