Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.
Chuck Anderson writes:
> Because none of Fedora's updates aren't actually released yet. They
> are built and undergoing pushing/testing now, but being a public
> distro, anyone can get them if they know where to look:
Ubuntu released a bunch of WPA-related patches a little after noontime
today, it appears.
John Stoffel:
> I'm using DD-WRT on my APs at home, but god do the web pages and
> forums suck for actually figuring out what version to run and
> whether it's patched or not. Sigh...
Ditto for OpenWRT, it appears the project is still alive, but you'd
never know, looking at their website. I may switch to LEDE, which
confusingly appears to be a fork of OpenWRT which is trying to merge
back with OpenWRT....?
--MCV.
_______________________________________________
Wlug mailing list
Wlug@mail.wlug.org
http://mail.wlug.org/mailman/listinfo/wlug