[Discuss] Boston Linux Meeting reminder, Tomorrow, Wednesday, October 18, 2017 - Current issues in SSL and TLS

[bill.n1vux at gmail.com (Bill Ricker)]

On Tue, Oct 17, 2017 at 6:12 AM, Jerry Feldman <gaf at blu.org> wrote:
> When:  October 18, 2017 8PM (7:30PM for Q&A)
> Topic: Current issues in SSL and TLS
> Moderators: Rajiv Manglani
> Location: MIT Building E-51, Room 315
> *** Note new Time ****
> As a result of the new MIT parking regulations, we will be holding our
> meetings later than usual. There should be plenty of metered parking
> available. In Cambridge the meters are free after 8PM. See parking note
> below.
>
> Summary:
>
> SSL and TLS are the protocols which provide the foundation for securing
> Internet traffic.

Which, as we were reminded yesterday, WPA2 is NOT.

Upstream patches for the 9 of 10 CVEs touching Linux filtered through
both Debian and Ubuntu to me already.
Your distro or commercial OS should likewise be updating ASAP.
(If not ask WTF and switch to one that takes it seriously.)

AFAIK WPA2 KRACK is client only, not WAP side, so unless a WiFi Router
is working in reverse or as a wifi repeater/bridge, they're not the
patching problem.

Problem of course is the IoT (Internet of Sh.. Insecure Things)
devices and prior-release phones/tablets that won't get vendor
updates.
(And older stuck laptops/desktops that can't upgrade to latest
Windows/MacOSX. Those need to go onto wired only or spaces secure from
wifi snooping.)