13th May 2021
|
Administrator
|
|
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,159
|
|
Tech industry quietly patches FragAttacks Wi-Fi flaws that leak data, weaken security
From https://www.theregister.com/2021/05/12/krack_hack_wifi/
Quote:
A dozen Wi-Fi design and implementation flaws make it possible for miscreants to steal transmitted data and bypass firewalls to attack devices on home networks, according to security researcher Mathy Vanhoef.
On Tuesday, Vanhoef, a postdoctoral researcher in computer security at New York University Abu Dhabi, released a paper titled, "Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation" [PDF].
Scheduled to be presented later this year at the Usenix Security conference, the paper describes a set of wireless networking vulnerabilities, including three Wi-Fi design flaws and nine implementation flaws.
[snip]
In total, 75 devices – network card and operating system combinations (Windows, Linux, Android, macOS, and iOS) – were tested and all were affected by one or more of the attacks.
NetBSD and OpenBSD were not affected because they don't support the reception of A-MSDUs (aggregate MAC service data units).
|
See https://github.com/vanhoefm/fragattacks#readme for some Linux tools to check for these flaws.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|