[HUGE loving NEWS] Major security flaw discovered in WPA2 protocol

[DodgeViperAcr16]

Does switching your phone or tablet to "Plane Mode" help? Sorry if this is a dumb question.

[Ad Bot]

[otto-san]

damn. I guess we just gotta turn the net off until this is fixed....

[hillkill]

does this mean i got a buy a decent vpn? forget.

[carolcat]

Does switching your phone or tablet to "Plane Mode" help? Sorry if this is a dumb question.

airplane mode turns off all data altogether

[Conan]

does this mean i got a buy a decent vpn? forget.

na just use ethernet

[carolcat]

na just use ethernet

my ethernet hookup is on the other side of the dorm room under my roommate's desk so it's impractical to use it :(

[DodgeViperAcr16]

airplane mode turns off all data altogether

Once again I apologize for the stupid question, but is that better or worse?

Normally I'm not bad at computer-related things but I'm drawing blanks here. I've only had my tablet for less than a year (it's the only mobile device I've had outside my old Nintendo DS).

[gr8dayseth]

An attacker within range of a victim

...
Accessing websites through HTTPS should still be secure.

i mean this is still definitely a big deal but i guess at least it won't affect me too much then, this is a nice lil neighborhood i live in in a nice lil city so

na just use ethernet

altho i guess to be safe i might start doin this, gettin tired of occasional high latency in games anyways >,>

Does switching your phone or tablet to "Plane Mode" help? Sorry if this is a dumb question.

Once again I apologize for the stupid question, but is that better or worse?

Normally I'm not bad at computer-related things but I'm drawing blanks here. I've only had my tablet for less than a year (it's the only mobile device I've had outside my old Nintendo DS).

this security flaw only affects wifi, just using mobile data is fine but be careful of using it too much if u have data limits so u don't get charged more. airplane mode disables wifi and data

[RedGajin]

to those asking about whether turning off wifi on your mobile devices/tablet will protect you from this, yes because this vuln only effects the use of wifi. good way to think about this is that using your home/uni/work wifi essentially has the potential to be as secure as using public wifi at starbucks

ive added a reddit thread that is keeping a compiled list of all patches to the op

also, i said in the op that accessing websites via https (green lock on the url bar for those that dont know) is still secure, this is true in theory, however attackers can utilize a tool (sslstrip for anyone interested, p cool) that can bypass https on websites that aren't properly configured, so still be wary

good news for most of you: microsoft said theyll be pushing out a security patch tomorrow for users

[Kyuande]

oh boy

[DodgeViperAcr16]

OK. Thanks, Red and Seth. Those explanations are much appreciated!

[gr8dayseth]

good news for most of you: microsoft said theyll be pushing out a security patch tomorrow for users

yay!

OK. Thanks, Red and Seth. Those explanations are much appreciated!

np :>

[DodgeViperAcr16]

Good thing we've got unlimited data..... don't think that does much for the wifi though haha.

[Steve5451²]

while it's true that an https connection is secure, a man in the middle attack can be performed that strips the SSL and connects you via normal http by faking a message from the router to switch channels and then speaks on behalf of the router. be on the look out for websites that are no longer Secure. these insecure connections can be altered however they wish or collect data you send to the website, such as your passwords or login sessions


not all websites are affected by this.

[Juncoph]

outside of stuff like open wifi places e.g. a hotel or office, isn't this basically not a big deal? the weak point is the wi-fi specifically, i.e. to exploit the flaw you'd need to install a bug that records everything sent upstream by connected devices, right? that is, low-traffic/personal/home LANetworks probably wouldn't be targeted, no?