This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Severe flaw in WPA2 - cracked

marko_teklic
New Contributor

‎10-15-2017 11:27 PM

when can we expect to see update for this https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-tra...
153 REPLIES 153

jakob_peterh_ns
Contributor II
In response to it_registration

‎10-18-2017 06:30 AM

Jesse,
All I'm saying is: If security is that important for your customers, that they are calling you even before the scope of this vulnerability is out in the open (it's still a lab case), then they should already be using Apps that use SSL communication directly between the client app and the backend.
Oh, and if you've read the krack site, it's mostly a clientside issue
0 Kudos

steven_veron
New Contributor III
In response to it_registration

‎10-18-2017 06:52 AM

I work at a university. Should I tell all our students to use VPN? While for sensitive information requiring VPN use should be done, it's not practical in all situations. 

I think another aspect of this is the PR side. When the CIO says they have people asking "does this affect us" it shouldn't require a long explanation of "yes, but only if you're not using VPN, not using secure apps, etc etc. 

jesse_johnston_
New Contributor III
In response to it_registration

‎10-18-2017 06:57 AM

Jakob,

You can play Ruckus' cards all you want. "It's still a lab case..." Really? If I could prove there was another WPA2 vulnerability to where you could steal the PSK, but it wasn't in the wild yet, would you expect Ruckus to have a patch before somebody packaged up in a nice little tool for script kiddies? Would you care if you could just update Windows to mitigate the new threat? Apparently you wouldn't, and that makes you incompetent and naive in network security. I won't address your other noise again about apps using SSL.

Nobody is arguing that we shouldn't have to patch our clients, but even they have stated to patch BOTH. Well we can't do that yet. According to the latest word that will be two weeks away at the earliest for 'some' devices. Now we are waiting on a managers response about how everything is just fine, so long as 'xyz' is in place, or not in use. That's not acceptable. If you wanted to reassure everyone of the risks to certain features and the network safety otherwise, that should have been in the day one security brief assuring us of this with an ETA date on the firmware releases and which models.

An example of how to respond correctly (even spelling out which things aren't effected if that's your stance):
https://help.ubnt.com/hc/en-us/articles/115013737328-Ubiquiti-Devices-KRACK-Vulnerability
0 Kudos

jakob_peterh_ns
Contributor II
In response to it_registration

‎10-18-2017 07:02 AM

Playing Ruckus' card - Really? Gezus..
All I'm saying is: keep the perspective! This thread is going nuts over how all wifi is suddenly useless, when facts is, it's not!This thread is going nuts over how all security is suddenly compromised and peoples highly secret communications is at risk, and I'm simply pointing out: It the communications it that secret, you should have other security measures in place!
I'm not fond if how Ruckus is handling this either, but stop making the world come to and end over this, when in fact it's not.

jesse_johnston_
New Contributor III
In response to it_registration

‎10-18-2017 07:07 AM

I wouldn't say 'the world', I'd say Ruckus' reputation.
0 Kudos
Copyright © 2024 Khoros, LLC