XPost: alt.home.repair, microsoft.public.windowsxp.general   
   From: harry@is.invalid   
      
   He who is Colonel Edmund J. Burke said on Mon, 16 Oct 2017 06:54:13 -0700:   
      
   > Go eat some dog turds, you god damned fucking nigger!   
      
   Back on topic, the weaknesses are in the Wi-Fi standard itself, and not in   
   individual products or implementations.   
      
   Therefore, any correct implementation of WPA2 is likely affected. To   
   prevent the attack, users must update affected products as soon as security   
   updates become available.   
      
   If your device supports Wi-Fi, it is most likely affected.   
      
   Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are   
   all affected by some variant of the attacks.   
      
   The research behind the attack will be presented at the Computer and   
   Communications Security (CCS) conference, and at the Black Hat Europe   
   conference. Our detailed research paper can already be downloaded.   
      
   DEMONSTRATION   
   As a proof-of-concept we executed a key reinstallation attack against an   
   Android smartphone.   
      
   In this demonstration, the attacker is able to decrypt all data that the   
   victim transmits. For an attacker this is easy to accomplish, because our   
   key reinstallation attack is exceptionally devastating against Linux and   
   Android 6.0 or higher.   
      
   This is because Android and Linux can be tricked into (re)installing an   
   all-zero encryption key (see below for more info). When attacking other   
   devices, it is harder to decrypt all packets, although a large number of   
   packets can nevertheless be decrypted.   
      
   In any case, the following demonstration highlights the type of information   
   that an attacker can obtain when performing key reinstallation attacks   
   against protected Wi-Fi networks:   
      
   Any data or information that the victim transmits can be decrypted.   
      
   Additionally, depending on the device being used and the network setup, it   
   is also possible to decrypt data sent towards the victim (e.g. the content   
   of a website).   
      
   Although websites or apps may use HTTPS as an additional layer of   
   protection, we warn that this extra protection can (still) be bypassed in a   
   worrying number of situations. For example, HTTPS was previously bypassed   
   in non-browser software, in Apple's iOS and OS X, in Android apps, in   
   Android apps again, in banking apps, and even in VPN apps.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)