Random thoughts.... [Tech Edition]

Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping


KRACK attack allows other nasties, including connection hijacking and malicious injection.

An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that's scheduled for 8am Monday, East Coast time. A website disclosing the vulnerability said it affects the core WPA2 protocol itself and is effective against devices running the Android, Linux, Apple, Windows, and OpenBSD operating systems, as well as MediaTek Linksys, and other types of devices. The site warned attackers can exploit it to decrypt a wealth of sensitive data that's normally encrypted by the nearly ubiquitous Wi-Fi encryption protocol.

"This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites."

The researchers provided the following video showing the attack in progress against an device running Google's Android mobile operating system:



The site went on to warn that visiting only HTTPS-protected Web pages wasn't automatically a remedy for the risk.

"Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations," the researchers explained. "For example, HTTPS was previously bypassed in non-browser software, in Apple's iOS and OS X, in Android apps, in Android apps again, in banking apps, and even in VPN apps."

The researchers went on to say that the weakness allows attackers to target both vulnerable access points as well as vulnerable computers, smartphones and other types of clients with differing levels of difficulty. Both Windows and iOS aren't believed to be vulnerable to the most effective attacks. Linux and Android appear to be more susceptible, because attackers can force network decryption on clients in seconds with little effort. Linux patches are available but it's not immediately clear when they will become available for various distributions and for Android users. Patches are also available for some but not all Wi-Fi access points.

Monday's disclosure follows an advisory the US CERT recently distributed to about 100 organizations described the research this way:

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.

According to a researcher who has been briefed on the vulnerability, it works by exploiting a four-way handshake that's used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it's resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption.

A Github page belonging to one of the researchers and a separate placeholder website for the vulnerability used the following tags:

WPA2
KRACK
key reinstallation
security protocols
network security, attacks
nonce reuse
handshake
packet number
initialization vector



Researchers briefed on the vulnerabilities said they are indexed as: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088. One researcher told Ars that Aruba and Ubiquiti, which sell wireless access points to large corporations and government organizations, already have updates available to patch or mitigate the vulnerabilities.

The vulnerabilities are scheduled to be formally presented in a talk titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 scheduled for November 1 at the ACM Conference on Computer and Communications Security in Dallas. It's believed that Monday's disclosure will be made through the site krackattacks.com. The researchers presenting the talk are Mathy Vanhoef and Frank Piessens of KU Leuven. The researchers presented this related research in August at the Black Hat Security Conference in Las Vegas.

The vast majority of existing access points aren't likely to be patched quickly, and some may not be patched at all. If initial reports are accurate that encryption bypass exploits are easy and reliable in the WPA2 protocol, it's likely attackers will be able to eavesdrop on nearby Wi-Fi traffic as it passes between computers and access points. It might also mean it's possible to forge Dynamic Host Configuration Protocol settings, opening the door to hacks involving users' domain name service.

It wasn't possible to confirm the details reported in the CERT advisory or to assess the severity at the time this post was going live. If eavesdropping or hijacking scenarios turn out to be easy to pull off, people should avoid using Wi-Fi whenever possible until a patch or mitigation is in place. When Wi-Fi is the only connection option, people should use HTTPS, STARTTLS, Secure Shell, and other reliable protocols to encrypt Web and e-mail traffic as it passes between computers and access points. As a fall-back users should consider using a virtual private network as an added safety measure, but users are reminded to choose their VPN providers carefully, since many services can't be trusted to make users more secure. This post will be updated as more information becomes available.
 
I just received a phishing mail which was unusual in two respects:

  • I was addressed with my full name and the text was in correct german
  • The phishing link redirected to a website which has been secured with a legit Comodo SSL certificate
That means people who don't watch like a hawk or just look for the green HTTPS lock symbol instead of check the complete URL and whatnot will probably fall for those phishing sites... :mad:
 
The scammers are getting more sophisticated all the time.
 
I'm building a phone booth, but I need it to have some LED strip lighting, a vent fan or two, and be activated when someone closes the door. It needs to be swappable-battery-powered.

I'm thinking I could use about 2 meters of LED strip lights, and maybe two 120 or 140mm computer case fans (powered down to about 30% speed) and then use a 12v magnetic switch on the door so that it turns on when the door opens.

For me, the trick is wrapping my head around the power source.

1) It has to be swappable even to someone who doesn't own a screwdriver (not that they would need one to perform the task, but the person doing it is the type of person who likely doesn't even own a screwdriver).

2) The booth will be occupied likely no more than 1 hr a day. Again, I'm having trouble figuring out how much power I would need to supply for this (I have a real hard time with anything electrical beyond "amps x volts = watts", and mah screws me up. OK, so if a case fan uses about 2 watts, and if it's 12v...does that mean each fan would draw .1666 amps? So in theory, a 10,000mah battery should power the fan at 100% for...62.5 hours (10,000/160)? ...right? So an hour a day for 1 fan is 2 months, 2 fans is 1 month. Bump it up to a 20,000mah battery and it's 2 months again for two fans. OK, so then the lighting uses 2.2 watts per foot. So if I use 6 feet, that's 13.2 watts, or 1.1 amps at 12v. So that means the lights would be powered by the 10,000mah battery for...wow, only 9 hours? So if I put 2 fans and the 6 feet of lighting into a 40,000mah battery, should that last...about 30 hours?

3) My first thought was maybe a big USB power bank, but I'm not sure they would be enough to power the lights and two fans. But then I thought about power tool batteries. I thought it would be pretty cool if instead of a OSB power bank, if it could be powered by a big 12v (Makita, Milwaukee, Dewalt, etc) power tool battery, but I have no idea what they can handle in terms of constant draw...and if they are only 4ah, it *seems* like it would be worse than a battery bank/charger...right?

4) But all that said, these things are going to be run dead, then pulled out and fully charged. Then run dead, then fully-charged. I *think* this means it should really be a "deep cycle" battery, but are there user-friendly deep cycle batteries that don't weigh tens of pounds? I suppose we could *maybe* also build in a charger and a "charge port" and they would need to plug them in to an extension cord maybe overnight to charge it, but that's kind of a big pain.
 
Last edited:
Why can't it just be plugged in?
 
They won't be near an outlet, without stringing an extension cord along the floor (trip hazard). Power can't come from overhead, because they will move periodically, and bringing power overhead isn't easily done. Adding additional power locations isn't an option.
 
A USB battery pack can work. It would need to have more than just the 5V that you get from the USB though. Maybe a jump pack?

The fans can be run at 3V without a problem, but might as well use the 5V that are there. In theory, the LEDs can run about the 5V level too, but many of the cheaper strips use 12V in and use a pack to lower the voltage.

You might also want to get a pack that has a power level indicator so the person can check the power level at a glance.
 
A USB battery pack can work. It would need to have more than just the 5V that you get from the USB though.

Oh, shit...I forgot about that. Well, I do see some 5v led strips, which I imagine could work also.

You might also want to get a pack that has a power level indicator so the person can check the power level at a glance.

I did think of that. I think what's going to happen more often than not, is that nobody will check it until the lights don't come on any more. :lol:
 
Last edited:
Of course not, nobody pays attention to it when it works. Maybe a second pack is needed so there can be a quick swap when that happens.
 
Of course not, nobody pays attention to it when it works. Maybe a second pack is needed so there can be a quick swap when that happens.

Yeah, that's the idea. There will be one charged up while the other is being used, and swapped out as-needed.
 
I'm starting to think about having all of my outdoor lights on my house solar powered in some form. I've now had the faux solar street lights mounted along my home's fascia that lines the driveway and above garage doors. Some aren't in good solar gain so, I'm surprised half of them make it through the night. I've actually noticed a reduction with my energy bill in keeping my porch light off (which is a 16W LED) and leaving the solar lights do their thing. I also want to add more lighting to keep some animals away as well. I've just got to devise how I want to do this. In the long term, possibly add some big panels on the roof for backup during outages (rare but, it does occur). Shit's expensive though. I think right now, I'll continue to get the cheap Amazon solar outdoor lights and see where that gets me.
 
Edit: Dealt with. I ordered it from Newegg and I'm having it shipped over. It's still cheaper than buying 3 individual fans without even considering adapter cables.

Anyone in the US know where this pack can be bought, easily?

71meqqJS5kL._SL1500_.jpg


DEEPCOOL RF120 3in1

Annoyingly Amazon switched these over to 'unavailable' the day before I intended to buy them and I can't find them for sale anywhere else in the UK. They have the individual fans and I was prepared to pay the premium but doing so means I don't get the fan PWM splitter or the RGB splitter, neither of which I can find to buy separately. OK so a PWM splitter won't be that hard to find the RGB cables have proprietary connectors and I'd rather not just chop them right off if I don't have to.

I'd be interested in what the prices are and fast shipping to the UK via a FG reseller. :p Alternatively advice on getting around this would be appreciated. I'll be plugging them in to an ASUS Maximus X Hero which has plenty of RGB headers but I'd rather not use them all at once. They'll be going on the front of a Corsair 570X to replace the non Aura controllable front fans and to match up with a Captain 240EX RGB. I'd consider buying all Coolermaster gear but the RGB Mercury 240 AIO cooler is strangely absent from all of the usual suppliers' sites.

Specifically this is the cable I'll be missing. I can find lots of adapters with connector A splitting to 3xA but none of these proprietary B ones.

RGBAdapter.JPG
 
Last edited:
Ugh...even though I have internet access, Outlook doesn't see the connection, and is only "offline", even after a reboot? D'oh!
 
Played the impatience game tonight. I had no idea that the 8th gen. Intel CPUs were in such short supply, my order with Ebuyer was pushed back from the 1st to the 10th and then to the 30th (and that's assuming they get enough stock to get far enough down the list to fulfill my order) so I went on Amazon and happened to see them in stock with Prime delivery, albeit at an inflated price. If that's how it's going to work then I'll have to play along and pay over the odds.

It arrives tomorrow. Don't judge me, I'm weak in the patience area. :D
 
Linux can be annoying...

So I have this "number cruncher" machine that is occasionally being used to convert BluRays to .mkv. It uses Ubuntu 17.04 and has been set up to run VNC server as a service so that I can log in from my windows machine.

That has been working fine.

Until Ubuntu 17.10 was released and changed its desktop rendering engine (I know there is a more technical term, but I don't really care).

So now the VNC service won't start anymore because VNC can't "see" the new desktop. After some google and hacking 17.10 can be convinced to run the old XOrg desktop again. But still, VNC service will no longer start. Some more google and attempted hacking... no success. The only solution that works: having Ubuntu auto-login and then start VNC via "startup programs" instead of calling it as a service.

And when I thought I was done dealing with the 17.10 bullshit, I discovered that my network drives are no longer working because apparently some default options have been changed between .04 and .10 and suddenly the network drives can only be accessed as root. After some more google and even more editing files I'm not 100% sure I'm supposed to edit, the network drives are again accessible from my standard user account.

I never ever ever ever answer "A new version is available, do you want to upgrade?" with "Yes" ever again.
 
Yeah, there was a recent security update (KB4041676) in windows that broke a very crucial piece of software that I use in the field. Removing it and disabling windows update (because 10 doesn?t let you hide or disable specific updates anymore) has cured that.
 
Yeah windows update sometimes tends to break random stuff... and it gets really funny when you have to block an update that's required for other updates, meaning you can't get those either.

But my bitching for today is not over yet. One of the four disks in my NAS is dying (again, but this time it's a different drive). It's been building up read errors and bad sectors for two months, and now its SMART status changed from "OK" to "WARNING". Since the drive has almost two years of warranty left, I contacted the shop and asked for a replacement. They are happy to send me a new drive, but there is a catch. This exact model is no longer being sold. Therefore I would have to get a slightly different version. And now I'm worried that the new drive might be a tiny bit too small.

Technically both models come with 4 TB of disk space. However, I once tried to use a spare Western Digital Green 4 TB to replace the first broken Western Digital Purple (also 4 TB), and the NAS complained that the replacement drive was a tiny tiny bit too small to act as a replacement. And funny enough, even Western Digital does not list any exact drive sizes for their models. So if anybody knows this by chance:

Does the new WD40PURZ have the exact same size as (or is larger than) the old WD40PURX? I mean down to a single byte, not just "yeah yeah they are both 4 TB drives".

And next time I need to be reminded to span my RAID across only 99% of the available space instead of 100%. That way the array could tolerate slightly different disk sizes and I would not have to worry about this shit...
 
Linux can be annoying...

So I have this "number cruncher" machine that is occasionally being used to convert BluRays to .mkv. It uses Ubuntu 17.04 and has been set up to run VNC server as a service so that I can log in from my windows machine.

That has been working fine.

Until Ubuntu 17.10 was released and changed its desktop rendering engine (I know there is a more technical term, but I don't really care).

So now the VNC service won't start anymore because VNC can't "see" the new desktop. After some google and hacking 17.10 can be convinced to run the old XOrg desktop again. But still, VNC service will no longer start. Some more google and attempted hacking... no success. The only solution that works: having Ubuntu auto-login and then start VNC via "startup programs" instead of calling it as a service.

And when I thought I was done dealing with the 17.10 bullshit, I discovered that my network drives are no longer working because apparently some default options have been changed between .04 and .10 and suddenly the network drives can only be accessed as root. After some more google and even more editing files I'm not 100% sure I'm supposed to edit, the network drives are again accessible from my standard user account.

I never ever ever ever answer "A new version is available, do you want to upgrade?" with "Yes" ever again.

That's really interesting to hear. I am running 17.04 on a very low power tablet (was Lubuntu, changed to Gnome for some rudimentary touch screen support). I noticed the option to run on Wayland or whatever the new engine is, and tried it because it claimed to be a more modern, efficient method. This makes the machine virtually unusable, the mouse cursor hesitates every time it crosses over some kind of object, like window border, desktop icon, or taskbar, and the whole system runs incredibly slow. Really not keen on finding out if that is still an issue in 17.10...
 
Yeah windows update sometimes tends to break random stuff... and it gets really funny when you have to block an update that's required for other updates, meaning you can't get those either.

But my bitching for today is not over yet. One of the four disks in my NAS is dying (again, but this time it's a different drive). It's been building up read errors and bad sectors for two months, and now its SMART status changed from "OK" to "WARNING". Since the drive has almost two years of warranty left, I contacted the shop and asked for a replacement. They are happy to send me a new drive, but there is a catch. This exact model is no longer being sold. Therefore I would have to get a slightly different version. And now I'm worried that the new drive might be a tiny bit too small.

Technically both models come with 4 TB of disk space. However, I once tried to use a spare Western Digital Green 4 TB to replace the first broken Western Digital Purple (also 4 TB), and the NAS complained that the replacement drive was a tiny tiny bit too small to act as a replacement. And funny enough, even Western Digital does not list any exact drive sizes for their models. So if anybody knows this by chance:

Does the new WD40PURZ have the exact same size as (or is larger than) the old WD40PURX? I mean down to a single byte, not just "yeah yeah they are both 4 TB drives".

And next time I need to be reminded to span my RAID across only 99% of the available space instead of 100%. That way the array could tolerate slightly different disk sizes and I would not have to worry about this shit...

According to description on Amazon the "Z" is the old version but why are you looking at surveillance drive rather than a NAS one?
 
Then Amazon has it the wrong way round. PURX drives have been introduced in spring 2014, while PURZ drives were only released in summer 2017.
The reason I'm looking at surveillance disks is because they are cheaper than proper NAS drives and should be capable of 24/7 usage just as well. Before that I used standard WD Green drives and didn't really have any issues running these desktop drives 24/7 in my NAS.
 
Top