420chan now has a web-based IRC client available, right here
Leave these fields empty (spam trap):
Name
You can leave this blank to post anonymously, or you can create a Tripcode by using the float Name#Password
Comment
[*]Italic Text[/*]
[**]Bold Text[/**]
[~]Taimapedia Article[/~]
[%]Spoiler Text[/%]
>Highlight/Quote Text
[pre]Preformatted & Monospace text[/pre]
1. Numbered lists become ordered lists
* Bulleted lists become unordered lists
File

Sandwich


Community Updates

420chan now supports HTTPS! If you find any issues, you may report them in this thread
All wifi implementations are all broken by PhineasPavinglock.css - Mon, 16 Oct 2017 16:40:11 EST ID:tn7nbRb1 No.121388 Ignore Report Quick Reply
File: 1508186411400.jpg -(191687B / 187.19KB, 768x1024) Thumbnail displayed, click image for full size. 191687
tl;dr: Every device using WPA2 is attackable and has to be updated. Good luck with that. Ethernet Jesus related.

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

>Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.

>The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that was scheduled for 8am Monday, East Coast time. A website disclosing the vulnerability said it affects the core WPA2 protocol itself and is effective against devices running Android, Linux, and OpenBSD, and to a lesser extent macOS and Windows, as well as MediaTek Linksys, and other types of devices. The site warned that attackers can exploit the flaw to decrypt a wealth of sensitive data that's normally encrypted by the nearly ubiquitous Wi-Fi encryption protocol.

>"This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on," researcher Mathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium wrote. "The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites."
>>
NicholasTrotforth.xif - Mon, 16 Oct 2017 18:53:13 EST ID:TbF23xKo No.121389 Ignore Report Quick Reply
Fucking Christ. How do i avoid getting completely burnt out on security vulnerabilities?

It's everything. It's all so porous. Everyone's info is public. As soon as you plug one leak, ten more appear.
>>
ErnestFunnerman.vm - Mon, 16 Oct 2017 19:42:38 EST ID:Mw0E3xZ0 No.121390 Ignore Report Quick Reply
>>121389
Don't encrypt everything. People will just assume it's a honeypot and stay the fuck away.
>>
FrederickDartway.vxd - Tue, 24 Oct 2017 10:57:36 EST ID:Cg/oDQhZ No.121419 Ignore Report Quick Reply
>>121390

shitty advice
>>
JarvisBepperkidge.ppd - Tue, 24 Oct 2017 11:57:24 EST ID:i6PfL279 No.121420 Ignore Report Quick Reply
>>121389
Accept it. The only real issue is when identity theft occurs. Most stolen credit card shit or personal data doesn't have massive effects on you. Credit card companies are pretty on point with stolen data/accounts. It is mostly the IRS who want to tax you, the thief, the employees, the employers etc. Identity theft with them is in the stone ages and is a nightmare to fix. That is the main place to worry.

I've known of 2 people who were both wage slaves making less than 20 dollars an hour who suddenly had car leases, houses, property, and tons of other shit taken out in their name and no taxes paid on it on the other side of the country and the IRS came knocking. Instead of wondering why 1 person is operating in 2 parts of the country 1200 miles apart, they just want to charge for everything.

Just don't worry about it until something happens. That is all you can do. Lawyer on retainer.
>>
PhoebeTurveywell.pot - Tue, 24 Oct 2017 12:32:52 EST ID:JSvfb+n7 No.121421 Ignore Report Quick Reply
1508862772473.gif -(1907394B / 1.82MB, 517x268) Thumbnail displayed, click image for full size.
> it affects the core WPA2 protocol itself and is effective against devices running Android, Linux, and OpenBSD, and to a lesser extent macOS and Windows
>Windows is more secure than Linux

I have been waiting for this day.
>>
PriscillaFomblewater.cat - Tue, 24 Oct 2017 14:50:01 EST ID:vpfE8QdL No.121422 Ignore Report Quick Reply
>>121421
weasel wording
it was patched in no time on lineage
remember the hearthbleed bug, apple store and microsoft was the last one to patch their shit, somehow it was linux fault anyway.
>>
AugustusHindlebanks.rm - Fri, 27 Oct 2017 01:44:31 EST ID:yD/S4qdI No.121423 Ignore Report Quick Reply
>>121389
Well, back when before the tor browser bundle was a reality I used to compile tor, keepp up on the openssl vulnerabilities and recompile with patched versions, or downgrade to a more stable version. Kinda fun. SSl TLS, all have had their vulnerabilities, and patched to upgraded stable versions. This is pretty unique. I think I understand this fairly well and it's kinda devastating seeming,
surely it will be patched but then it's going to be a burden on many moreso than ssl or tls. Why because it hasn't had any real issues and even though it is less used it has more 'possible' avenues of exploitation. Where ssl tls it's routine to patch these with updates on a regular basis.

In all open openssl is continuously patched. Get ready for WPA3.
>>
AugustusHindlebanks.rm - Fri, 27 Oct 2017 01:50:14 EST ID:yD/S4qdI No.121424 Ignore Report Quick Reply
>>121422
>it was patched in no time on lineage

I think this will take quite some time to sort out. Good ol dependable WPA2 I don't think most corporations, vendors, services are even remotely prepared to work this out in a timely manner, let alone know where to start.,
>>
MollyFundlesene.dd - Tue, 31 Oct 2017 09:10:42 EST ID:vpfE8QdL No.121426 Ignore Report Quick Reply
>>121424
No
it removes the 0-key bug in the handshake
>>
EdwardPimmleham.fnt - Fri, 03 Nov 2017 17:54:54 EST ID:WxUZycui No.121427 Ignore Report Quick Reply
>>121424
>>121426

Yeah it's basically just a boolean flag that needs to be changed.
>>
DorisFinkinstidge.gz - Sat, 04 Nov 2017 00:17:12 EST ID:Iw0PVNdG No.121428 Ignore Report Quick Reply
>>121427
Reality is openssl has updates consistantly. Vulnearabilites that could be exploited under 'certain circimstances.' But mostly mere possibilities. The beartbleed issue was really just another day in the park, with a large crowd that was very exploiatable. Asdministrators had to Revertt backk to a previous version, leave open, and or apply a patched version when accessable.

This wpa issue is very very, troublesome. Nodody in as many yearsexpected an exploit that good ol wpa2 that was thought to be basically secure, to be very insecure by this point.
>>
MatildaDovingsteg.aif - Tue, 07 Nov 2017 07:37:11 EST ID:5XK87fw3 No.121436 Ignore Report Quick Reply
>>121388
This is bad news. I knew that wpa2 would fail. But this is disaster. The bleedinng-heart. This simply worse.

Although it is being fixed, like, uhh say comcast as well centurlink, the issue is the same. If say DD-WRT can work. It does with certain routers. As well tomato.

Essentially we are fu++ed. Ok, I had a person who said try wep, worse. So this is my thinking, we are fucked. OK actually, I think appple is fixes into wpa3,
>>
MatildaDovingsteg.aif - Tue, 07 Nov 2017 07:48:04 EST ID:5XK87fw3 No.121437 Ignore Report Quick Reply
>>121388
my simple device, my router as well, comcast as well as centurylink;
this is not fail. Persons who developed this, whatever the case, they
knew what they were doing. In basic, every basic, this is not I-phone
this is not basic router, this is everything.
>>
NigelBushtetch.qif - Tue, 07 Nov 2017 12:21:15 EST ID:tn7nbRb1 No.121438 Ignore Report Quick Reply
>>121437
Where are you from?


Report Post
Reason
Note
Please be descriptive with report notes,
this helps staff resolve issues quicker.