# Is this something that we should be worried about?



## Maelstorm (Aug 9, 2018)

The article here: https://www.theregister.co.uk/2018/08/09/wifi_eapol_oracle_attack/ indicates that there is a security related bug in wpa_supplicant.  I am just wondering if this is something us FreeBSD users need to worry about.  There's no mention of it on the errata or security issue pages.


----------



## Crivens (Aug 9, 2018)

It's in the standard, if I got that right. So yes, I think we are in this too. The comment from the source was that wpa2-psk was now considered dead. But then I only had time for a speed read of the paper.


----------



## Crivens (Aug 9, 2018)

Update: we are talking about two different things here. No idea if that wpa_supplicant bug will bite us, too. But I would not be surprised.


----------



## Phishfry (Aug 9, 2018)

"This attack was discovered accidentally while looking for new ways to attack the new WPA3 security standard,"
https://www.theregister.co.uk/2018/08/06/wpa2_wifi_pmkid_hashcat/

Geez, Its not even deployed yet and people are trying to break it.
All locks have vulnerabilities.

This whole 'White Hat" hacker shit is bullshit. You either make things or you break things.
Good versus evil.


----------



## Crivens (Aug 9, 2018)

Yes, discovered while breaking wpa3. I for one would have preferred this had been discovered before wpa2 had been rolled out. So kudos for those guys hammering on wpa3 for love and fame, before it was widely deployed. Otherwise this might have reaped some top $€£ on some dark place.


----------



## nactusberrilli (Aug 9, 2018)

> If someone comes to my house and jiggles my doorhandle I will shoot them right thought the door. I don't care what your doing.


  ... I really hope you don't mean 1/2 of that stuff. Internet access is somewhat restrictive in prison.



> You either make things or you break things


 Sometimes you have to break things before you make things. reverse-engineering. Things aren't always so diametrically opposed. At times things tend to "overlap" quite a bit.

My understanding is that the Temporal Key Integrity Protocol has been deprecated since 2012. I believe AES based CCMP has been the default encryption method for a while now.


----------



## michael_hackson (Aug 9, 2018)

Phishfry said:


> About two weeks ago I was at the ATM at 12:30am at night.
> I see this guy running full blast at me from across the parking lot.
> I leave my card in the machine retreat back to my vehicle and grab my gun.
> With cover of my car door I scream this guy down "I WILL KILL YOU FIRST" and he runs off.
> ...




You have quite the 'interesting' neighbourhood? In my mind I thought, what if you coul turn the situation around storming him up front as soon as you see him running for you? Like unleash your inner as you take a faster pace at him than he has got to you. 

Though I can say you handled it well enough. My suggestion was more out of an anime or something.


----------



## michael_hackson (Aug 10, 2018)

Lol. I live in the basement of an elderly lady with an apple garden. That is my neighbourhood.


----------

