Recent Topics
Learned Some Realtor Slang The Other Day
by LoneRanger. 10/21/18 05:29 AM
Need advice on some cheap cars
by HorseThief. 10/21/18 02:29 AM
Acdelco Dexos 2 - 5W-40
by virginoil. 10/21/18 01:21 AM
Looking for Good Value H8 49AGM Battery
by 1JZ_E46. 10/20/18 11:01 PM
2018 X3 xDrive 3.0 impressions
by MCompact. 10/20/18 10:13 PM
UOA Pennzoil Plat. 5/40 Euro results
by TurboJW. 10/20/18 09:34 PM
Is bleeding the ABS necessary when bleeding the brakes?
by JLawrence08648. 10/20/18 08:17 PM
Check out my poor condition brakes
by maxdustington. 10/20/18 06:46 PM
Mechanics or engineers explain this
by 97prizm. 10/20/18 06:39 PM
Does this sound like a virus or file corruption?
by Hemispheres. 10/20/18 06:30 PM
Toyota 0w-20, 12,029 km, 2010 RAV4, 2.5 L
by IanInCalgary. 10/20/18 05:47 PM
Quinoa
by 53' Stude. 10/20/18 05:15 PM
Vunerable Routers
by Donald. 10/20/18 04:15 PM
04 Accord auto trans 180k miles
by GON. 10/20/18 04:06 PM
2019 Volkswagen Jetta
by Scout1. 10/20/18 04:06 PM
BALDWIN B7243 CUT OPEN
by 53' Stude. 10/20/18 03:58 PM
MC FL820S CUT OPEN
by 53' Stude. 10/20/18 03:42 PM
MC FL1A (NEW FILTER) CUT OPEN
by 53' Stude. 10/20/18 03:31 PM
Newest Members
WagonWheel, zsero, fsaid92, KalapanaBlack, oe542
66255 Registered Users
Who's Online Now
30 registered members (bbhero, A_Harman, dave1251, BlakeB, 5 invisible), 542 guests, and 30 spiders.
Key: Admin, Global Mod, Mod
Forum Statistics
Forums67
Topics292,259
Posts4,876,871
Members66,255
Most Online2,494
Oct 17th, 2018
Donate to BITOG
Previous Thread
Next Thread
Print Thread
Hop To
Page 1 of 2 1 2
WPA2 WiFi Hack & VPN Services #4545048
10/16/17 11:21 AM
10/16/17 11:21 AM
Joined: Sep 2010
Posts: 7,594
SE Texas
2015_PSD Offline OP
2015_PSD  Offline OP
Joined: Sep 2010
Posts: 7,594
SE Texas
With the announcement of a WPA2 hack I would surmise it will be some time before patches are available (if they ever are) for the massive number of devices affected. Although I do not have any state secrets to protect and realize that it will take some time before the hack is available widespread enough to affect me or others in an individual basis, it does tip the scales a bit towards enlisting a VPN service.

Does anyone here use a VPN service and/or have a recommendation for one? I see some lifetime offerings out there and I typically move about 1TB per month so I would want one to be "unlimited" in both bandwidth and number of devices which can be used simultaneously.

Thanks in advance for sharing.


2018 MB AMG GLC43 3.0L Coupe - Castrol 0W-40/Purflux
2018 MB C300 2.0L - M1 0W-40/OEM
2015 F-250 6.7L PS Diesel - Delo 15W-40/CQ Blue
2014 Explorer 3.5L Limited - M1 AFE 0W-20/FU
Re: WPA2 WiFi Hack & VPN Services [Re: 2015_PSD] #4545060
10/16/17 11:29 AM
10/16/17 11:29 AM
Joined: Aug 2008
Posts: 19,501
Ontario, Canada
StevieC Offline
StevieC  Offline
Joined: Aug 2008
Posts: 19,501
Ontario, Canada
IPVanish.com Been using them for years. Super fast servers in multiple countries. Easy to use software if you want 0 configuration.

Lifetimes are usually slow and unreliable because the servers are overcrowded. I have been down that road.

Wired is the only 100% security. There will always be a hack for wireless because it's across the air. Change your key frequently and use cyptic hex type passwords to make it harder to sniff out what the key is over the air, don't broadcast your SSID, and turn on MAC Address filtering. Although none of this is foolproof it makes it harder to get into your network. I take it one step further and restrict my LAN from wireless clients. I turn this off to do file transfers and then turn it back on so as to keep anyone that makes it onto my wireless netowkr, out of my other clients on the network.

Last edited by StevieC; 10/16/17 11:36 AM.

'18 Dodge Grand Caravan GT - Valvoline (Break-in)
'06 Santa Fe - 535,000km AMSOIL SS 0w30 / ATF
Re: WPA2 WiFi Hack & VPN Services [Re: 2015_PSD] #4545065
10/16/17 11:34 AM
10/16/17 11:34 AM
Joined: Jan 2010
Posts: 844
NEPA
shrooms Offline
shrooms  Offline
Joined: Jan 2010
Posts: 844
NEPA
Tor?


2002 Mazda MPV. PUP 5W20, Fram XG2, Dex VI
2001 Honda Civic HX. M1 EP 5W20, Fram XG3717
Re: WPA2 WiFi Hack & VPN Services [Re: 2015_PSD] #4545066
10/16/17 11:34 AM
10/16/17 11:34 AM
Joined: Jun 2005
Posts: 11,412
Santa Barbara, CA
bdcardinal Offline
bdcardinal  Offline
Joined: Jun 2005
Posts: 11,412
Santa Barbara, CA
I use Private Internet Access. Last month I did about 1400GB in traffic. Actually to the point I have been put on a data-cap from my ISP.


2014 Ford Mustang GT Track Pack
1995 Ford Mustang GT

Ford/Mazda Parts Counter
NRA Benefactor Member
Opinions expressed are my own.
Re: WPA2 WiFi Hack & VPN Services [Re: StevieC] #4545079
10/16/17 11:42 AM
10/16/17 11:42 AM
Joined: Sep 2010
Posts: 7,594
SE Texas
2015_PSD Offline OP
2015_PSD  Offline OP
Joined: Sep 2010
Posts: 7,594
SE Texas
Originally Posted By: StevieC
IPVanish.com Been using them for years. Super fast servers in multiple countries. Easy to use software if you want 0 configuration.

Lifetimes are usually slow and unreliable because the servers are overcrowded. I have been down that road.

Wired is the only 100% security. There will always be a hack for wireless because it's across the air. Change your key frequently and use cyptic hex type passwords to make it harder to sniff out what the key is over the air, don't broadcast your SSID, and turn on MAC Address filtering. Although none of this is foolproof it makes it harder to get into your network. I take it one step further and restrict my LAN from wireless clients. I turn this off to do file transfers and then turn it back on so as to keep anyone that makes it onto my wireless netowkr, out of my other clients on the network.
Yep, all of that is already enabled (or disabled) on my network. Thanks for the information on the VPN. I will check them out.


2018 MB AMG GLC43 3.0L Coupe - Castrol 0W-40/Purflux
2018 MB C300 2.0L - M1 0W-40/OEM
2015 F-250 6.7L PS Diesel - Delo 15W-40/CQ Blue
2014 Explorer 3.5L Limited - M1 AFE 0W-20/FU
Re: WPA2 WiFi Hack & VPN Services [Re: 2015_PSD] #4545080
10/16/17 11:43 AM
10/16/17 11:43 AM
Joined: Aug 2008
Posts: 19,501
Ontario, Canada
StevieC Offline
StevieC  Offline
Joined: Aug 2008
Posts: 19,501
Ontario, Canada
thumbsup


'18 Dodge Grand Caravan GT - Valvoline (Break-in)
'06 Santa Fe - 535,000km AMSOIL SS 0w30 / ATF
Re: WPA2 WiFi Hack & VPN Services [Re: 2015_PSD] #4545084
10/16/17 11:47 AM
10/16/17 11:47 AM
Joined: Apr 2008
Posts: 37,492
Ontario, Canada
OVERKILL Offline
OVERKILL  Offline
Joined: Apr 2008
Posts: 37,492
Ontario, Canada
From the actual disclosure:

Quote:
As a proof-of-concept we executed a key reinstallation attack against an Android smartphone. In this demonstration, the attacker is able to decrypt all data that the victim transmits. For an attacker this is easy to accomplish, because our key reinstallation attack is exceptionally devastating against Linux and Android 6.0 or higher. This is because Android and Linux can be tricked into (re)installing an all-zero encryption key (see below for more info). When attacking other devices, it is harder to decrypt all packets, although a large number of packets can nevertheless be decrypted.


That is sure to burn some bonnets.


2018 RAM 1500 Big Horn EcoDiesel
2016 Grand Cherokee SRT
Re: WPA2 WiFi Hack & VPN Services [Re: 2015_PSD] #4545096
10/16/17 11:59 AM
10/16/17 11:59 AM
Joined: Apr 2008
Posts: 37,492
Ontario, Canada
OVERKILL Offline
OVERKILL  Offline
Joined: Apr 2008
Posts: 37,492
Ontario, Canada
Also particularly relevant here:

Quote:
Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.


2018 RAM 1500 Big Horn EcoDiesel
2016 Grand Cherokee SRT
Re: WPA2 WiFi Hack & VPN Services [Re: StevieC] #4545109
10/16/17 12:17 PM
10/16/17 12:17 PM
Joined: Apr 2008
Posts: 37,492
Ontario, Canada
OVERKILL Offline
OVERKILL  Offline
Joined: Apr 2008
Posts: 37,492
Ontario, Canada
Originally Posted By: StevieC
IPVanish.com Been using them for years. Super fast servers in multiple countries. Easy to use software if you want 0 configuration.

Lifetimes are usually slow and unreliable because the servers are overcrowded. I have been down that road.

Wired is the only 100% security. There will always be a hack for wireless because it's across the air. Change your key frequently and use cyptic hex type passwords to make it harder to sniff out what the key is over the air, don't broadcast your SSID, and turn on MAC Address filtering. Although none of this is foolproof it makes it harder to get into your network. I take it one step further and restrict my LAN from wireless clients. I turn this off to do file transfers and then turn it back on so as to keep anyone that makes it onto my wireless netowkr, out of my other clients on the network.


Sniffing an SSID and spoofing a MAC are both extremely easy and provide a false sense of security. In fact hiding an SSID makes one more likely to be targeted because it screams "Important data here".

The best protection if one is forced to use WiFi is WPA2-AES with a complex key. Other measures such as using a security appliance to sniff/filter all traffic passing through a network aren't really viable in most consumer scenarios.


2018 RAM 1500 Big Horn EcoDiesel
2016 Grand Cherokee SRT
Re: WPA2 WiFi Hack & VPN Services [Re: shrooms] #4545110
10/16/17 12:18 PM
10/16/17 12:18 PM
Joined: Sep 2015
Posts: 985
PENNSYLVANIA
JeepWJ19 Offline
JeepWJ19  Offline
Joined: Sep 2015
Posts: 985
PENNSYLVANIA
Originally Posted By: shrooms
Tor?


Does not help wifi security issues, and is not as safe as what people make it out to be.


2002 Jeep WJ 4.0 | Mobil 1 HM 5w30 |
TG8A | 2.5" lift | 148k miles

Software Engineer :]
Re: WPA2 WiFi Hack & VPN Services [Re: 2015_PSD] #4545237
10/16/17 03:23 PM
10/16/17 03:23 PM
Joined: Jan 2008
Posts: 1,021
TX
robertcope Offline
robertcope  Offline
Joined: Jan 2008
Posts: 1,021
TX
Using a VPN service seems like a bit of an overkill. Almost any site that you access via the web that matters, for example, is going to be accessed over https (even BITOG) which adds another layer of security. I'm not saying this exploit does not matter, but I don't think it is anything to panic about, either. Of course, I've been wrong before...

Re: WPA2 WiFi Hack & VPN Services [Re: 2015_PSD] #4545284
10/16/17 04:24 PM
10/16/17 04:24 PM
Joined: Mar 2010
Posts: 1,327
Michigan
BobsArmory Offline
BobsArmory  Offline
Joined: Mar 2010
Posts: 1,327
Michigan
I have used Nord VPN for a while now on my computers and cell phones with great success. My company requires that I use a VPN if I access their portal or work email using my electronics from their list of approved VPNs and Nord is one of them.


Keeping the forces of evil at bay
2016 Chevy Malibu LT 1.5 Liter Turbo
2017 Chevy Equinox LT 2.4 Liter
Re: WPA2 WiFi Hack & VPN Services [Re: robertcope] #4545296
10/16/17 04:32 PM
10/16/17 04:32 PM
Joined: Sep 2010
Posts: 7,594
SE Texas
2015_PSD Offline OP
2015_PSD  Offline OP
Joined: Sep 2010
Posts: 7,594
SE Texas
Originally Posted By: robertcope
Using a VPN service seems like a bit of an overkill. Almost any site that you access via the web that matters, for example, is going to be accessed over https (even BITOG) which adds another layer of security. I'm not saying this exploit does not matter, but I don't think it is anything to panic about, either. Of course, I've been wrong before...
I used to think that but I do not anymore. With laws being passed that allow ISPs to sell information regarding your usage and other things a VPN is starting to make more and more sense.


2018 MB AMG GLC43 3.0L Coupe - Castrol 0W-40/Purflux
2018 MB C300 2.0L - M1 0W-40/OEM
2015 F-250 6.7L PS Diesel - Delo 15W-40/CQ Blue
2014 Explorer 3.5L Limited - M1 AFE 0W-20/FU
Re: WPA2 WiFi Hack & VPN Services [Re: BobsArmory] #4545298
10/16/17 04:33 PM
10/16/17 04:33 PM
Joined: Sep 2010
Posts: 7,594
SE Texas
2015_PSD Offline OP
2015_PSD  Offline OP
Joined: Sep 2010
Posts: 7,594
SE Texas
Originally Posted By: BobsArmory
I have used Nord VPN for a while now on my computers and cell phones with great success. My company requires that I use a VPN if I access their portal or work email using my electronics from their list of approved VPNs and Nord is one of them.
Any limits?


2018 MB AMG GLC43 3.0L Coupe - Castrol 0W-40/Purflux
2018 MB C300 2.0L - M1 0W-40/OEM
2015 F-250 6.7L PS Diesel - Delo 15W-40/CQ Blue
2014 Explorer 3.5L Limited - M1 AFE 0W-20/FU
Re: WPA2 WiFi Hack & VPN Services [Re: OVERKILL] #4545315
10/16/17 04:44 PM
10/16/17 04:44 PM
Joined: Aug 2008
Posts: 19,501
Ontario, Canada
StevieC Offline
StevieC  Offline
Joined: Aug 2008
Posts: 19,501
Ontario, Canada
Originally Posted By: OVERKILL
Originally Posted By: StevieC
IPVanish.com Been using them for years. Super fast servers in multiple countries. Easy to use software if you want 0 configuration.

Lifetimes are usually slow and unreliable because the servers are overcrowded. I have been down that road.

Wired is the only 100% security. There will always be a hack for wireless because it's across the air. Change your key frequently and use cyptic hex type passwords to make it harder to sniff out what the key is over the air, don't broadcast your SSID, and turn on MAC Address filtering. Although none of this is foolproof it makes it harder to get into your network. I take it one step further and restrict my LAN from wireless clients. I turn this off to do file transfers and then turn it back on so as to keep anyone that makes it onto my wireless netowkr, out of my other clients on the network.


Sniffing an SSID and spoofing a MAC are both extremely easy and provide a false sense of security. In fact hiding an SSID makes one more likely to be targeted because it screams "Important data here".

The best protection if one is forced to use WiFi is WPA2-AES with a complex key. Other measures such as using a security appliance to sniff/filter all traffic passing through a network aren't really viable in most consumer scenarios.



thumbsup Thanks! smile


'18 Dodge Grand Caravan GT - Valvoline (Break-in)
'06 Santa Fe - 535,000km AMSOIL SS 0w30 / ATF
Page 1 of 2 1 2

BOB IS THE OIL GUY® Powered by UBB.threads™