<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div><blockquote type="cite" class=""><div class="">On Oct 16, 2017, at 15:41, Sidney Markowitz <<a href="mailto:sidney@sidney.com" class="">sidney@sidney.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">According to this article, a protocol level vulnerability has been found in<br class="">WPA2 that allows an attacker to eavesdrop on WPA2 protected WiFi traffic. As a<br class="">vulnerability in the protocol it potentially affects all compliant<br class="">implementations of WPA2.<br class=""><br class=""><a href="https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/" class="">https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/</a><br class=""><br class="">It links to an article by one of the researchers who found it at<br class="">https://github.com/vanhoefm/krackattacks/blob/gh-pages/index.html<br class="">_______________________________________________<br class="">The cryptography mailing list<br class="">cryptography@metzdowd.com<br class="">http://www.metzdowd.com/mailman/listinfo/cryptography</div></div></blockquote></div><div class=""><br class=""></div><div class="">It’s indeed a critical vulnerability. FYI, you can read more about it on the researcher’s webpage: <a href="https://www.krackattacks.com/" class="">https://www.krackattacks.com/</a></div><div class=""><br class=""></div><div class="">Quoting the relevant bits (emphasis mine):</div><br class=""><div class=""><blockquote class="" style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><div class="">We discovered serious weaknesses in WPA2, a protocol that secures <b class="">all modern protected Wi-Fi networks. […] </b>Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.</div><div class=""><br class=""></div><div class="">[…]</div><div class=""><br class=""></div><div class="">This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.<strong class="">The attack works against all modern protected Wi-Fi networks</strong>. Depending on the network configuration, it is also possible to inject and manipulate data.</div><div class=""><br class=""></div><div class="">[…]</div><div class=""><br class=""></div><div class="">The research behind the attack will be presented at the <a href="https://acmccs.github.io/session-F3/" class="">Computer and Communications Security (CCS)</a> conference, and at the <a href="https://www.blackhat.com/eu-17/briefings/schedule/#key-reinstallation-attacks-breaking-the-wpa2-protocol-8861" class="">Black Hat Europe</a> conference. Our <a href="https://www.krackattacks.com/#paper" class="">detailed research paper</a> can already be downloaded.</div><div class=""><br class=""></div><div class="">Discovered by Mathy Vanhoef of imec-DistriNet, KU Leuven</div></blockquote></div></body></html>