[clug] WPA2 4-way handshake client vulnerability

Sam Parkinson sam at sam.today
Sun Oct 22 21:55:58 UTC 2017

On Thu, 2017-10-19 at 18:55 +1100, Bryan Kilgallin via linux wrote:
> Thanks, Steve:
> > Hadn’t checked before today, but iiNet has a firmware update dated
> > 'Oct 18’ & another ‘Oct 19’.
> > But the date on file downloaded is Aug 2015 and the the
> > release/version numbers are the same [HG658 V100 R001 C138 B020]
> I just updated firmware for my BudiiLite ADSL router.
> BudiiLite_nand_fs_image_128_1300.bin
> That's dated this morning.
> http://ftp.iinet.net.au/pub/iinet/firmware/BudiiLite/
> In iiNet's Budii Lite login page--Firefox reports this about the
> modem 
> password field. "This connection is not secure. Logins entered here 
> could be compromised."

I've got a simmilar router, and I belive this is because the connection
is over HTTP.  Firefox now shows that message for any login forms on a
non-HTTPS site.
It is actually a bit of a problem - there is no real good solution for
bringing HTTPS to devices that don't have public IP addresses.
> -- 
> members.iinet.net.au/~kilgallin/

Check out this narrative tech podcast: https://www.sam.today/podcast/


More information about the linux mailing list