WARNING – Network Krack

We have a new hack to deal with. The WiFi encryption used by your router has been hacked. The WPA and WPA-2 security used since 2003 is the target.

WPA and WPA-2 are security choices you have when setting up your router/access point. Without a password on your router, anyone can connect to your network. It is dumb not to have a password protected network.

Shades of Black

Shades of Black

Routers provided by most ISP’s have a password set by default. It is the long alphanumeric number provided on a sticker on the site of the router/gateway device. The last router I bought did not have a password set by default. Manufacturers seem to think the initial setup is easier with no password.

So, if you bought your router/modem/gateway, whatever you call it, you had to set a password. If you didn’t, you should. Without one, you are open to anyone and numerous types of attacks.

The Workaround

For any web activity involving money, make sure your browser is using HTTPS. When using HTTPS the browser will display a padlock in the address/URL window.

The HTTPS protocol is generated by your browser (computer) and sends encrypted information through the WPA/WPA-2 encrypted computer to the router. It won’t matter that your WPA/WPA-2 portion of the communication channel has been hacked while you are using HTTPS.

Any communication not using HTTPS is subject to interception by the new WPA/WPA-2 hack.

The Fix

Get your router/modem/gateway brand and model. Browse to the manufacturer’s website and see if they have a firmware update. It is a bit early, so they probably don’t. But, they will soon… should. Update your router/modem/gateway.

Second Life

Does this hack affect you when using SL? Not in any serious way.

If you are using a wired connection, you are not using WPA/WPA-2. Those are WiFi protocols used to protect broadcast (wireless) data. Using a wire, you avoid the broadcast and usually get better performance.

If you are using wireless, it still isn’t much of a problem. The viewer to login server connection is encrypted by the viewer using the TLS 1.2 encryption. Also, all SL Marketplace connections use TLS. I’m not sure how much of the rest of the viewer’s communication is encrypted. But, other than the login there isn’t much that would help a hacker.

Leave a Reply

Your email address will not be published. Required fields are marked *