[clug] WPA2 4-way handshake client vulnerability
sam at sam.today
Sun Oct 22 21:55:58 UTC 2017
On Thu, 2017-10-19 at 18:55 +1100, Bryan Kilgallin via linux wrote:
> Thanks, Steve:
> > Hadn’t checked before today, but iiNet has a firmware update dated
> > 'Oct 18’ & another ‘Oct 19’.
> > But the date on file downloaded is Aug 2015 and the the
> > release/version numbers are the same [HG658 V100 R001 C138 B020]
> I just updated firmware for my BudiiLite ADSL router.
> That's dated this morning.
> In iiNet's Budii Lite login page--Firefox reports this about the
> password field. "This connection is not secure. Logins entered here
> could be compromised."
I've got a simmilar router, and I belive this is because the connection
is over HTTP. Firefox now shows that message for any login forms on a
It is actually a bit of a problem - there is no real good solution for
bringing HTTPS to devices that don't have public IP addresses.
Check out this narrative tech podcast: https://www.sam.today/podcast/
More information about the linux