IoT, Code, Security and Server Stuff

Views are my own and not my employer's.

Personal Development Blog...

Coding for fun since 1996, Learn by doing and sharing.

Buy a domain name, then create your own server (get $25 free credit)

View all of my posts.

wireless

Flaw in WPA2 protocol (KRACK) is a reminder of the limited life of all technology.

by

The recent KRACK flaw in the WPA2 protocol is a reminder of the limited life of all technology. All technology has a finite lifespan (intended or not) and you should not bet on a piece of technology being around long.

Advertisement:



Wireless Broken (Again)

WEP wireless security was launched in 1997 and lasted until 2004, WPA and WPA2 replaced WEP but the recent flaw in WPA2 (originated from WEP) will forge an update to WPA2 or launch a WPA3. WPA2 was just a certified WPA.

WPA wireless encryption uses TKIP and AES encryption subsets, TKIP is similar to WEP and should not be used. AES subset is a more rigorous encryption subset available in WPA2 (and is used by the US Government. AES’s main weakness is a brute force attack to find the wireless password so ALL of your passwords must be unique and strong. Do not use common or shared passwords and make sure passwords are as strong as allowed.  I personally use the 1Password Password Manager to generate strong passwords and if you are feeling nerdy you can use the GRC Password Generatorhttps://howsecureismypassword.net/ is a good site that allows you to see how secure a password is (how long a brute force attack would take to obtain your password by brute force).

What can you do to fix wifi

  1. If you are using TKIP in WPA use AES instead.
  2. Check your WiFi routers manufacturer and ask for a new firmware that will fix the KRACK attack.

@TPLINK @TPLINKHelp When will new firmware be available for the TD-W8961N fo fix krackattacks.com ?

It is up to you to know the rick for each technology you use and when you stop using it.

Support Windows

Most operating systems and web browsers have support windows but security protocols, encryption and cyphers do not? why?

Not just Wifi is Broken

As a developer always assume things are insecure and always prepare for the worst, you should ensure brute force attacks are blocked by setting up a firewall on your serves, run a security audit and install software level plugins to ban IP’s when brute force attacks happen.  Don’t forget to set up an SSL certificate (read my Lets Encrypt guide here) and if you want extra security read here on SSL certificate Public Key Pinning.

You can deploy a server in the cloud for as low as $2.5 a month (guide here) on Vultr or set up a server on Digital Ocean (first 2 months are free) read my setup guide here.

Depreciation of libraries and code

Software developers are all too familiar with the depreciation of libraries and code, recently I had to switch from mysql_connect routines that was deprecated in PHP 5.5, luckily a mysqli_connect was available so not a real problem.

Having to switch technology to a faster and or more secure version is a win-win IMHO.

 

Backup

Whats your backup plan? Don’t forget you can easily backup with RSync. There is no excuse for backing up your data.

Git

You should also use source code repositories like GitHub or BitBucket to manage code versions and restore environments when things go bad.

Social Media

Security-related twitter followers I personally follow to keep up to date with security news.
 
GFDI Foundation:
 
0xDUDE
 
Security Now Podcaster:
 
Australian Security Researcher Troy Hunt:

Hashtags are also a great way to stay up to date on exploits (#KRACK, #vuln, #CVE etc).

Handy links

Read more on hackers Tactics, Techniques & Common Knowledge.

Read the OWASP guide to pick up software security best practices.

Stay safe: Research, Secure and Backup.

More Soon..

 

Donate and make this blog better




Ask a question or recommend an article

[contact-form-7 404 "Not Found"]

Revision History

v1.1 Added support windows..

etc