KRACK: The Most Dangerous Hack Since Equifax & What To Do About It.
David Koff

Don’t buy into the Hype..

KRACK is real.

What isn’t real is being able to “realistically” use this attack in the wild without being VERY obvious about it. I mean VERY obvious.

Here’s a technical “KRaCK Crib Sheet” i compiled from various sources while educating on the details when this was announced.

It’s worth noting “what it takes” to currently exploit this in a “controlled environment.” That said, it will probably be a matter of time before it can be done more quickly and easily in a lesser-controlled environment. So- time is on your side. Use it to patch where you can.

And if you can’t — make sure you use SSL. Because while you can’t revover a network key, you can eavesdrop on traffic. But if that traffic is encrypted, well, then not such a big deal. (Here’s where your commentary about VPN use is particularly brilliant.)

Although currently the “RISK” is hype, the awareness/exposure of the flaw is valuable in several ways.

Risk will change, though. So it will pay to be dilligent.

But is the world coming to an end?