Install the Patch
Welcome
Once it was announced to the public, the news of the KRACK attack spread quickly over the Internet – a flaw in the handshake system for wireless devices that allows an attacker to compromise encryption. According to reports, the attack puts almost all devices that engage in WPA2-encrypted wireless networking at risk.
Dear Reader,
Once it was announced to the public, the news of the KRACK attack spread quickly over the Internet – a flaw in the handshake system for wireless devices that allows an attacker to compromise encryption. According to reports, the attack puts almost all devices that engage in WPA2-encrypted wireless networking at risk. Early warnings said Android was most vulnerable, but later updates reported that Windows, iOS, macOS, and OpenBSD were also at risk. Linux wasn't safe either, with several versions of the wpa_supplicant utility marked as vulnerable. Although the problem was publicly announced in October, vendors were warned privately in May, and many are already well along finding solutions.
The KRACK attack is particularly significant because everybody is using wireless networking. Many people younger than 21 just look bewildered if you show them a Cat 5 networking cable. Such things don't exist in their world, because wireless is everywhere – at the library, at the malt shop, in the home. One of the reasons for the recent explosion in wireless networking is that everybody trusts it now, and they trust it because they have this general sense that the glaring security issues that made everyone nervous about wireless in the first place have somehow been resolved. If you asked many security experts in the past couple years, they would say wireless networking is fine as long as you:
- use WPA2 wireless encryption
- use a strong password
But actually, it turns out those experts were overconfident.
By the time you read this, I hope word of the KRACK attack has already reached you and updates are available for all your wireless devices, including your phone, your tablet, your computer, and your wireless router.
If you haven't heard about KRACK, check with your OS or hardware vendor as soon as you can. The word is that this attack has not appeared in the wild so far, but now that the description is out there, someone is going to implement it, so you'd better hurry.
I hesitate to make this the main subject of the essay, because I often muse about this kind of thing, but I really do need to mention: Shouldn't we have expended a little more time and energy up front to explore this issue before the whole planet went wireless? I know, these kinds of problems are hard to spot, but seriously, this sudden discovery that a tool we depend on is not as secure as we thought it was yesterday seems to be happening a lot.
As for wireless networking, first we had WEP, which we said was secure at first, then we said, "uh … never mind, here's WPA, which we also said was secure, and then we said, "never mind, here's WPA2." Now it's …"uh, yeah, but we gotta fix WPA2."
"Well of course!" you impatiently inform me. "What's the problem? That's what always happens. Developers develop some software, then they tell you its safe and tested, then someone figures out it isn't safe, then the developers create a patch and tell you to install the patch and it will really be safe this time, then you go out and install the patch before some nefarious actor operating with anonymity uses the attack to steal your secrets, then the whole process starts over. What could be more obvious?"
And you're right, that is what always happens, but all I'm saying is, it's really weird if you look at it from a distance. If you believe in Everett's theory of multiple branching universes, you'd have to believe there's a version of us out there somewhere that has figured out a better way to develop software.
But until our universe catches up … INSTALL THE PATCH!
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Fedora Asahi 40 Remix Available for Macs with Apple Silicon
If you've been anticipating KDE's Plasma 6 for your Apple Silicon-powered Mac, then you're in luck.
-
Red Hat Adds New Deployment Option for Enterprise Linux Platforms
Red Hat has re-imagined enterprise Linux for an AI future with Image Mode.
-
OSJH and LPI Release 2024 Open Source Pros Job Survey Results
See what open source professionals look for in a new role.
-
Proton 9.0-1 Released to Improve Gaming with Steam
The latest release of Proton 9 adds several improvements and fixes an issue that has been problematic for Linux users.
-
So Long Neofetch and Thanks for the Info
Today is a day that every Linux user who enjoys bragging about their system(s) will mourn, as Neofetch has come to an end.
-
Ubuntu 24.04 Comes with a “Flaw"
If you're thinking you might want to upgrade from your current Ubuntu release to the latest, there's something you might want to consider before doing so.
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.