Am I missing something, or is the Android/wpa_supplicant "all zero key" KRACK bug mostly FUD? Surely wrong key = traffic can't flow.
Show this thread
-
Sure, maybe if you have an app spamming UDP or something, but in practice you're going to get a bunch of TCP retransmits and then death, no?
Show this thread
I'm sure you can target some protocols to leak secrets, but this sounds *way* more invasive&impractical than the implied "it's cleartext".
-
-
send a DHCP server response to set the DNS to one controlled by attacker?
-
Doesn't help you MITM an intranet, which is the biggest threat of these WiFI attacks. Public internet use should already be untrusted.
- Show replies
New conversation -
-
-
It's invasive. The non all-zero attack even requires known plaintext AND special MITM setup to force a retransmission of msg3 from AP.
-
See here some quotes. IMO the bugs are really cool! But public response and impact completely exaggerated...pic.twitter.com/fpS5Ol2CH7
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.