[clug] WPA2 4-way handshake client vulnerability
Sam Parkinson
sam at sam.today
Sun Oct 22 21:55:58 UTC 2017
On Thu, 2017-10-19 at 18:55 +1100, Bryan Kilgallin via linux wrote:
> Thanks, Steve:
>
> > Hadn’t checked before today, but iiNet has a firmware update dated
> > 'Oct 18’ & another ‘Oct 19’.
> > But the date on file downloaded is Aug 2015 and the the
> > release/version numbers are the same [HG658 V100 R001 C138 B020]
>
> I just updated firmware for my BudiiLite ADSL router.
> BudiiLite_nand_fs_image_128_1300.bin
> That's dated this morning.
> http://ftp.iinet.net.au/pub/iinet/firmware/BudiiLite/
>
> In iiNet's Budii Lite login page--Firefox reports this about the
> modem
> password field. "This connection is not secure. Logins entered here
> could be compromised."
I've got a simmilar router, and I belive this is because the connection
is over HTTP. Firefox now shows that message for any login forms on a
non-HTTPS site.
It is actually a bit of a problem - there is no real good solution for
bringing HTTPS to devices that don't have public IP addresses.
> --
> members.iinet.net.au/~kilgallin/
>
--
Thanks,
Sam
Check out this narrative tech podcast: https://www.sam.today/podcast/
https://www.sam.today/
More information about the linux
mailing list