Setec Astronomy

User avatar
Jadagul
Posts: 6299
Joined: 26 Apr 2010, 18:51

Re: Setec Astronomy

Post by Jadagul » 17 Oct 2017, 02:10

Sandy wrote:
17 Oct 2017, 02:07
Jadagul wrote:I'm really confused about why MS was able to get a patch out already, and Google is expecting to take most of a month.
Because it's a flaw in the spec, not the implementation, and MS is historically extremely OK rolling out implementations that don't conform to the spec.
So what, MS rolled out a fix that breaks the spec, and google etc are taking longer because they want fixes that conform to the spec?

(I did see that the reason Google/Linux is so much more vulnerable is that they took a throwaway comment in the spec seriously and implemented it).

User avatar
Sandy
Posts: 9411
Joined: 26 Apr 2010, 18:03
Location: In the hearts of little children, clogging their arteries.

Re: Setec Astronomy

Post by Sandy » 17 Oct 2017, 03:25

Jadagul wrote:
Sandy wrote:
17 Oct 2017, 02:07
Jadagul wrote:I'm really confused about why MS was able to get a patch out already, and Google is expecting to take most of a month.
Because it's a flaw in the spec, not the implementation, and MS is historically extremely OK rolling out implementations that don't conform to the spec.
So what, MS rolled out a fix that breaks the spec, and google etc are taking longer because they want fixes that conform to the spec?
Pretty much. Microsoft is light years better than they were in the "Embrace, Extend, Extinguish" 90s, but they are less enthusiastic about standards than the other players, with the occasional exception of Apple.

The other question is how well they tested the fix against router implementations. It may be they all use a couple of different chipsets and once you confirm it still works with them and defeats the attack, you're golden. But I don't know much about that or where the implementation is coded on the router side.

Another unknown is, when the standard is updated, whether it breaks MS's implementation...or whether they adopt MS's fix, or whether MS will be out of spec but still compatible in practice...and whether that will affect anything later.

Of course, this may just be the death knell for WPA2 like WEP before it, so there won't be any more spec revisions past a quick fix for this.

It's possible all my concerns are moot. MS is much more amenable these days, and I'm definitely not saying what they did was wrong, practically speaking. They just have that tendency left over from the bad old days.
Hindu is the cricket of religions. You can observe it for years, you can have enthusiasts try to explain it to you, and it's still baffling. - Warren

User avatar
Mo
Posts: 21098
Joined: 26 Apr 2010, 17:08

Re: Setec Astronomy

Post by Mo » 20 Oct 2017, 00:01

Sandy wrote:
17 Oct 2017, 03:25
Jadagul wrote:
Sandy wrote:
17 Oct 2017, 02:07
Jadagul wrote:I'm really confused about why MS was able to get a patch out already, and Google is expecting to take most of a month.
Because it's a flaw in the spec, not the implementation, and MS is historically extremely OK rolling out implementations that don't conform to the spec.
So what, MS rolled out a fix that breaks the spec, and google etc are taking longer because they want fixes that conform to the spec?
Pretty much. Microsoft is light years better than they were in the "Embrace, Extend, Extinguish" 90s, but they are less enthusiastic about standards than the other players, with the occasional exception of Apple.

The other question is how well they tested the fix against router implementations. It may be they all use a couple of different chipsets and once you confirm it still works with them and defeats the attack, you're golden. But I don't know much about that or where the implementation is coded on the router side.

Another unknown is, when the standard is updated, whether it breaks MS's implementation...or whether they adopt MS's fix, or whether MS will be out of spec but still compatible in practice...and whether that will affect anything later.

Of course, this may just be the death knell for WPA2 like WEP before it, so there won't be any more spec revisions past a quick fix for this.

It's possible all my concerns are moot. MS is much more amenable these days, and I'm definitely not saying what they did was wrong, practically speaking. They just have that tendency left over from the bad old days.
Didn't a lot of router companies have a lot of fixes shortly after the announcement? My understanding was the academic gave the industry a heads up and there was time between the discovery and it becoming public to develop a fix.
his voice is so soothing, but why do conspiracy nuts always sound like Batman and Robin solving one of Riddler's puzzles out loud? - fod

no one ever yells worldstar when a pet gets fucked up - dhex

User avatar
Jadagul
Posts: 6299
Joined: 26 Apr 2010, 18:51

Re: Setec Astronomy

Post by Jadagul » 20 Oct 2017, 00:40

No.

Some people had fixes out. Microsoft patched before the reveal, and BSD did as well. I think the core linux app was patched by the reveal as well---it's patched now.

But most of the router companies haven't issued patches, and neither have android or ios. There's a few lists going around like this one: http://www.zdnet.com/article/here-is-ev ... right-now/

User avatar
Mo
Posts: 21098
Joined: 26 Apr 2010, 17:08

Re: Setec Astronomy

Post by Mo » 14 Nov 2017, 16:40

Julian Assange seems awfully butthurt about selective leaking of his private information.

his voice is so soothing, but why do conspiracy nuts always sound like Batman and Robin solving one of Riddler's puzzles out loud? - fod

no one ever yells worldstar when a pet gets fucked up - dhex

User avatar
JasonL
Posts: 21013
Joined: 05 May 2010, 17:22

Re: Setec Astronomy

Post by JasonL » 14 Nov 2017, 16:53

ahahaaa

User avatar
thoreau
Posts: 24445
Joined: 06 May 2010, 12:56
Location: Back to the lab again

Re: Setec Astronomy

Post by thoreau » 14 Nov 2017, 17:46

I'd have a lot more sympathy for Assange if he were an equal-opportunity leaker of any and all public sector secrets, not a guy coordinating his activities with a Presidential campaign.
"The first rule of Grylliade club is 'Why are we talking about Grylliade club?'"
--Jake

User avatar
Eric the .5b
Posts: 11045
Joined: 26 Apr 2010, 16:29

Re: Setec Astronomy

Post by Eric the .5b » 14 Nov 2017, 18:26

I'd be amused more at Assange's twisting if Blues weren't trying to paint anyone who ever leaked anything, criticized the last adminstration about the contents of those leaks,, or were otherwise "disloyal" to Obama as Russian agents.
"Better that ten guilty persons escape than that one innocent suffer."
"Cyberpunk never really gave the government enough credit for their ability to secure a favorable prenup during the Corporate-State wedding." - Shem

User avatar
Warren
Posts: 21855
Joined: 26 Apr 2010, 17:03
Location: Goat Rope MO
Contact:

Re: Setec Astronomy

Post by Warren » 16 Nov 2017, 17:14

I call for the a-pox-alypse
THIS SPACE FOR RENT

Post Reply

Who is online

Users browsing this forum: No registered users and 5 guests