Send mesh mailing list submissions to mesh(a)lists.sudoroom.org To subscribe or unsubscribe via the World Wide Web, visit https://sudoroom.org/lists/listinfo/mesh or, via email, send a message with subject or body 'help' to mesh-request(a)lists.sudoroom.org You can reach the person managing the list at mesh-owner(a)lists.sudoroom.org When replying, please edit your Subject line so it is more specific than "Re: Contents of mesh digest..." Today's Topics: 1. KRACK attack (Marc Juul) 2. Re: KRACK attack (danarauz(a)gmail.com) ---------------------------------------------------------------------- Message: 1 Date: Tue, 17 Oct 2017 15:52:57 -0700 From: Marc Juul &lt;juul(a)labitat.dk&gt; To: &quot;mesh(a)lists.sudoroom.org&quot; &lt;mesh(a)lists.sudoroom.org&gt; Subject: [Mesh] KRACK attack Message-ID: <CAL4ejvQ4hPDyuMGDWwKd4wL-c0ZTLtP28+mde7dqo2b2=RQ01A@ mail.gmail.com> Content-Type: text/plain; charset="utf-8" You have all probably already heard about the wifi KRACK attack. If not, here is the lowdown: https://www.krackattacks.com/ sudowrt is also affected. What this means is that your private wifi network is... potentially a lot less private. I started work on a fix here: https://github.com/sudomesh/sudowrt-firmware/issues/109 but I ran into a build issue which maybe Grant knows how to fix? https://github.com/sudomesh/sudowrt-firmware/issues/110 Hopefully we can sort this out over the next day or two. In the mean time node-operates may want to disconnect any sensitive devices from their private network. As always you should be using end-to-end encryption for all communications. Install the HTTPS Everywhere <https://www.eff.org/https-everywhere> browser extension if you haven't. For situations where end-to-end encryption is not viable, using a VPN like Mullvad <https://www.mullvad.net/> is a good idea. -- marc/juul