Am I missing something, or is the Android/wpa_supplicant "all zero key" KRACK bug mostly FUD? Surely wrong key = traffic can't flow.
Show this thread
-
True, but it lets you MITM public resources. Which is itself a big deal.
But there are a bazillion other ways of MITMing public resources. Which is why we have HTTPS. Threat is no different from using public WiFi.
-
-
If you're playing the "user won't notice lack of HTTPS lock" card you might as way play the "user won't notice lack of WPA lock" one.
-
(anyone can clone your SSID without encryption and do this too if the user picks it)
End of conversation
New conversation -
-
-
Sure, but this reduces the threshold from "can convince them to use your AP" or similar to just "am near them".
-
If they've *ever* connected to a public/known WiFi you can already impersonate that and deauth them if you're near.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.