WPA2 WiFi Hack & VPN Services

Status
Not open for further replies.
CarbonSteel

CarbonSteel

Joined
Sep 26, 2010
Messages
9,807
With the announcement of a WPA2 hack I would surmise it will be some time before patches are available (if they ever are) for the massive number of devices affected. Although I do not have any state secrets to protect and realize that it will take some time before the hack is available widespread enough to affect me or others in an individual basis, it does tip the scales a bit towards enlisting a VPN service.

Does anyone here use a VPN service and/or have a recommendation for one? I see some lifetime offerings out there and I typically move about 1TB per month so I would want one to be "unlimited" in both bandwidth and number of devices which can be used simultaneously.

Thanks in advance for sharing.
 
IPVanish.com Been using them for years. Super fast servers in multiple countries. Easy to use software if you want 0 configuration.

Lifetimes are usually slow and unreliable because the servers are overcrowded. I have been down that road.

Wired is the only 100% security. There will always be a hack for wireless because it's across the air. Change your key frequently and use cyptic hex type passwords to make it harder to sniff out what the key is over the air, don't broadcast your SSID, and turn on MAC Address filtering. Although none of this is foolproof it makes it harder to get into your network. I take it one step further and restrict my LAN from wireless clients. I turn this off to do file transfers and then turn it back on so as to keep anyone that makes it onto my wireless netowkr, out of my other clients on the network.
 
Last edited:
Originally Posted By: StevieC
IPVanish.com Been using them for years. Super fast servers in multiple countries. Easy to use software if you want 0 configuration.

Lifetimes are usually slow and unreliable because the servers are overcrowded. I have been down that road.

Wired is the only 100% security. There will always be a hack for wireless because it's across the air. Change your key frequently and use cyptic hex type passwords to make it harder to sniff out what the key is over the air, don't broadcast your SSID, and turn on MAC Address filtering. Although none of this is foolproof it makes it harder to get into your network. I take it one step further and restrict my LAN from wireless clients. I turn this off to do file transfers and then turn it back on so as to keep anyone that makes it onto my wireless netowkr, out of my other clients on the network.
Yep, all of that is already enabled (or disabled) on my network. Thanks for the information on the VPN. I will check them out.
 
thumbsup2.gif
 
From the actual disclosure:

Quote:
As a proof-of-concept we executed a key reinstallation attack against an Android smartphone. In this demonstration, the attacker is able to decrypt all data that the victim transmits. For an attacker this is easy to accomplish, because our key reinstallation attack is exceptionally devastating against Linux and Android 6.0 or higher. This is because Android and Linux can be tricked into (re)installing an all-zero encryption key (see below for more info). When attacking other devices, it is harder to decrypt all packets, although a large number of packets can nevertheless be decrypted.


That is sure to burn some bonnets.
 
Also particularly relevant here:

Quote:
Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.
 
Originally Posted By: StevieC
IPVanish.com Been using them for years. Super fast servers in multiple countries. Easy to use software if you want 0 configuration.

Lifetimes are usually slow and unreliable because the servers are overcrowded. I have been down that road.

Wired is the only 100% security. There will always be a hack for wireless because it's across the air. Change your key frequently and use cyptic hex type passwords to make it harder to sniff out what the key is over the air, don't broadcast your SSID, and turn on MAC Address filtering. Although none of this is foolproof it makes it harder to get into your network. I take it one step further and restrict my LAN from wireless clients. I turn this off to do file transfers and then turn it back on so as to keep anyone that makes it onto my wireless netowkr, out of my other clients on the network.


Sniffing an SSID and spoofing a MAC are both extremely easy and provide a false sense of security. In fact hiding an SSID makes one more likely to be targeted because it screams "Important data here".

The best protection if one is forced to use WiFi is WPA2-AES with a complex key. Other measures such as using a security appliance to sniff/filter all traffic passing through a network aren't really viable in most consumer scenarios.
 
Originally Posted By: shrooms
Tor?


Does not help wifi security issues, and is not as safe as what people make it out to be.
 
Using a VPN service seems like a bit of an overkill. Almost any site that you access via the web that matters, for example, is going to be accessed over https (even BITOG) which adds another layer of security. I'm not saying this exploit does not matter, but I don't think it is anything to panic about, either. Of course, I've been wrong before...
 
I have used Nord VPN for a while now on my computers and cell phones with great success. My company requires that I use a VPN if I access their portal or work email using my electronics from their list of approved VPNs and Nord is one of them.
 
Originally Posted By: robertcope
Using a VPN service seems like a bit of an overkill. Almost any site that you access via the web that matters, for example, is going to be accessed over https (even BITOG) which adds another layer of security. I'm not saying this exploit does not matter, but I don't think it is anything to panic about, either. Of course, I've been wrong before...
I used to think that but I do not anymore. With laws being passed that allow ISPs to sell information regarding your usage and other things a VPN is starting to make more and more sense.
 
Originally Posted By: BobsArmory
I have used Nord VPN for a while now on my computers and cell phones with great success. My company requires that I use a VPN if I access their portal or work email using my electronics from their list of approved VPNs and Nord is one of them.
Any limits?
 
Originally Posted By: OVERKILL
Originally Posted By: StevieC
IPVanish.com Been using them for years. Super fast servers in multiple countries. Easy to use software if you want 0 configuration.

Lifetimes are usually slow and unreliable because the servers are overcrowded. I have been down that road.

Wired is the only 100% security. There will always be a hack for wireless because it's across the air. Change your key frequently and use cyptic hex type passwords to make it harder to sniff out what the key is over the air, don't broadcast your SSID, and turn on MAC Address filtering. Although none of this is foolproof it makes it harder to get into your network. I take it one step further and restrict my LAN from wireless clients. I turn this off to do file transfers and then turn it back on so as to keep anyone that makes it onto my wireless netowkr, out of my other clients on the network.


Sniffing an SSID and spoofing a MAC are both extremely easy and provide a false sense of security. In fact hiding an SSID makes one more likely to be targeted because it screams "Important data here".

The best protection if one is forced to use WiFi is WPA2-AES with a complex key. Other measures such as using a security appliance to sniff/filter all traffic passing through a network aren't really viable in most consumer scenarios.



thumbsup2.gif
Thanks!
smile.gif
 
Originally Posted By: 2015_PSD
Originally Posted By: BobsArmory
I have used Nord VPN for a while now on my computers and cell phones with great success. My company requires that I use a VPN if I access their portal or work email using my electronics from their list of approved VPNs and Nord is one of them.
Any limits?


No limits what so ever. When at home or on the road I stream HD movies thru NORD all the time with no restrictions.
 
Originally Posted By: 2015_PSD
Originally Posted By: robertcope
Using a VPN service seems like a bit of an overkill. Almost any site that you access via the web that matters, for example, is going to be accessed over https (even BITOG) which adds another layer of security. I'm not saying this exploit does not matter, but I don't think it is anything to panic about, either. Of course, I've been wrong before...
I used to think that but I do not anymore. With laws being passed that allow ISPs to sell information regarding your usage and other things a VPN is starting to make more and more sense.


Keep in mind DNS is probably an ISP's best friend here, as DNS servers track every query your connection makes (and subsequently every device connected to it). If you use an alternative DNS provider, that brings with it its own suite of detractors and benefits. I use OpenDNS (now owned by Cisco). VPN providers can do the same thing with every query made over their tunnels.
 
Originally Posted By: OVERKILL
Keep in mind DNS is probably an ISP's best friend here, as DNS servers track every query your connection makes (and subsequently every device connected to it). If you use an alternative DNS provider, that brings with it its own suite of detractors and benefits. I use OpenDNS (now owned by Cisco). VPN providers can do the same thing with every query made over their tunnels.
Ah...you mean use the DNS providers that my ISP does not use? Wink...wink.
 
Originally Posted By: 2015_PSD
Originally Posted By: OVERKILL
Keep in mind DNS is probably an ISP's best friend here, as DNS servers track every query your connection makes (and subsequently every device connected to it). If you use an alternative DNS provider, that brings with it its own suite of detractors and benefits. I use OpenDNS (now owned by Cisco). VPN providers can do the same thing with every query made over their tunnels.
Ah...you mean use the DNS providers that my ISP does not use? Wink...wink.


Heheh
wink.gif
 
Status
Not open for further replies.

Similar threads

OVERKILL
What is a VPN? A BITOG Guide
2
Replies
21
Views
3K
OVERKILL
OVERKILL
  • Locked
Meraki MX64 Firewall - Review
Replies
2
Views
2K
OVERKILL
OVERKILL
The real cost of wind and solar: Why rates don't match the claims
4 5 6
Replies
116
Views
10K
oil pan 4
wwillson
  • Locked
Answers - Pennzoil Technology behind "Made From Natural Gas" and Vehicle maintenance while driving less Q&A
Replies
5
Views
31K
RateNate
wwillson
Pennzoil GF-6 and Low Viscosity Engine Oil Q&A - Answers
Replies
15
Views
20K
4WD
Back
Top