Windows users are most likely in the clear. But you need to be in the know.
If you are an Android or Mac user, stay tuned for more info.
This latest threat is called KRAK (if you Google it, KRAK has nothing to do with apartments in Krakow; although some look very hip).
This notice is from the Feds:
The United States Computer Emergency Readiness Team issued the following warning in response to the exploit:
US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven will be publicly disclosing these vulnerabilities on 16 October 2017.
Details here: https://www.us-cert.gov/ncas/current-activity.
If you have someone managing your tech, and they are current with updates, or you have auto updates, the Windows patch on October 10 should have made this issue a non-issue.
If you are running an out-of-date operating system, check with your information technology professional for the appropriate patches, etc.
If you do not have the auto update features turned on, now is a good time. The good news, possible perps must be in proximity of you (and your device) to attempt to defraud you. So, this is not a look-out-for-problems-overseas-type threat.
The good news, possible perps must be in proximity of you (and your device) to attempt to defraud you. So, this is not a look-out-for-problems-overseas-type threat.
A good rule of thumb is to stay off free Wi-Fi, non-password protected networks, not just during this threat but always. We send way too much sensitive data back and forth; this is just another vulnerability where someone (or several individuals) will try and criminalize computing.
Auto-updates on? Staying off public Wi-Fi?
You are now free to move about the cabin, so to speak.
Blake Dowling is CEO of Aegis Business Technologies and can be reached at firstname.lastname@example.org.