Doing freelance tech for an office that doesn’t have WIFI b/c lazy & cheap. Now they’re on the cutting edge 
Looks like there’s lots of products with built-in RADUIS servers, and Windows domain controllers can do it to. Mostly commercial gear though; DD-WRT might be the only consumer solution to do RADIUS without more hardware…
The paper to be presented if anyones interested, or looking to take a nap lol.
HA and they said WPA2 was unbreakable.
My ass.
Nothing is “unbreakable”, everyone who’s been in the real world knows that 
Lawrence Abrams over at Bleepingcomputer is trying to do a list of Vendors responding to the issue. Remember that most big vendors was informed of this months ago. They really have no excuse.
There is also a list on github ofc:
Edit: Bleepingcomputer has been updating their article all day. Same for the krackinfo list.
Ubiquiti has a patch for anyone running Unifi APs.
I’ve been breaking WPA2 for years, but most of it was just RO. This is much more severe.
For those concerned: OpenBSD already has a patch. Even though this is against clients, Ubiquiti and Microtik have also claimed to have released a patch, presumably for their mesh products. Those are the ones I’ve confirmed.
My take of this: The sky isn’t falling, but don’t expect any non-encrypted communications (at layer 7, that is) to be trusted.
The Ubiquiti patch is for all of their AP’s, but yeah, idk how/to what extent they’re able to mitigate it if it’s a client problem.
That’s why I’m assuming it’s for the mesh product.
Still, that’s not going to stop me from doing a rolling update of all 750ish APs across all offices right now.
I got a patch on kubuntu 17.04 already. Liking the response time.
Most vendors have been notified 1 1/2 months ago, some earlier
They were, but I’ve got no information on Netgear putting a patch out. I’d have hoped they’d put something out.
The real pain point here is going to be Android (and IOT, I basically count Android as IOT when it comes to security). Lots of legacy devices that aren’t going to get patched.
FYI, Microsoft has apparently already fixed the vulnerability and Android and iOS are expected in a few weeks.
Update: I found a list of the patches and expected releases that are presently known.
Apple: The iPhone and iPad maker confirmed to sister-site CNET that fixes for iOS, macOS, watchOS and tvOS are in beta, and will be rolling it out in a software update in a few weeks.
Arris: a spokesperson said the company is “committed to the security of our devices and safeguarding the millions of subscribers who use them,” and is “evaluating” its portfolio. The company did not say when it will release any patches.
Aruba: Aruba has been quick off the mark with a security advisory and patches available for download for ArubaOS, Aruba Instant, Clarity Engine and other software impacted by the bug.
AVM: This company may not be taking the issue seriously enough, as due to its “limited attack vector,” despite being aware of the issue, will not be issuing security fixes “unless necessary.”
Cisco: The company is currently investigating exactly which products are impacted by KRACK, but says that “multiple Cisco wireless products are affected by these vulnerabilities.”
“Cisco is aware of the industry-wide vulnerabilities affecting Wi-Fi Protected Access protocol standards,” a Cisco spokesperson told ZDNet. "When issues such as this arise, we put the security of our customers first and ensure they have the information they need to best protect their networks. Cisco PSIRT has issued a security advisory to provide relevant detail about the issue, noting which Cisco products may be affected and subsequently may require customer attention.
“Fixes are already available for select Cisco products, and we will continue publishing additional software fixes for affected products as they become available,” the spokesperson said.
In other words, some patches are available, but others are pending the investigation.
Espressif Systems: The Chinese vendor has begun patching its chipsets, namely ESP-IDF and ESP8266 versions, with Arduino ESP32 next on the cards for a fix.
Fortinet: At the time of writing there was no official advisory, but based on Fortinet’s support forum, it appears that FortiAP 5.6.1 is no longer vulnerable to most of the CVEs linked to the attack, but the latest branch, 5.4.3, may still be impacted. Firmware updates are expected.
FreeBSD Project: There is no official response at the time of writing.
Google: Google told sister-site CNET that the company is “aware of the issue, and we will be patching any affected devices in the coming weeks.”
HostAP: The Linux driver provider has issued several patches in response to the disclosure.
Intel: Intel has released a security advisory listing updated Wi-Fi drives and patches for affected chipsets, as well as Intel Active Management Technology, which is used by system manufacturers.
Linux: As noted on Charged, a patch is a patch is already available and Debian builds can patch now, while OpenBSD was fixed back in July.
Netgear: Netgear has released fixes for some router hardware. The full list can be found here.
Microsoft: While Windows machines are generally considered safe, the Redmond giant isn’t taking any chances and has released a security fix available through automatic updates.
MikroTik: The vendor has already released patches that fix the vulnerabilities.
OpenBSD: Patches are now available.
Ubiquiti Networks: A new firmware release, version 3.9.3.7537, protects users against the attack.
Wi-Fi Alliance: The group is offering a tool to detect KRACK for members and requires testing for the bug for new members.
Wi-Fi Standard: A fix is available for vendors but not directly for end users.
Where do I Ethernet my phone
People at both Apple and Google are jizzing in their pants right now.
i loved pulling out my phone in class and hooking up a wireless mouse to it and browsing the web. the look on peoples faces was priceless 
Not sure why, Apple and Google services need to be secure when accessed from open networks like coffeeshops and airports to begin with.
Good explanation
Patch your clients
I know Fedora, Solus, Arch and OpenSUSE have pushed a patch. Can’t comment on other distros.
Yer is saw the fedora patch. I doint use much else and windows was not effected. After that HTTPS or VPN or TLS still keeps you safe
