PumpkinSpice
Banned
Yeah of course it does even WPA2.
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
All your WiFi devices are broken, Android/Linux devices particularly devastated
- Thread starter emag
- Start date
Yeah of course it does even WPA2.
StarCreator
Member
Doubtful. It'll probably not be good until the often quoted November 6 date for Android.
And that's only applicable to Pixels, no? Or does Google push out security updates to all Android devices now?
I'm legit surprised, but I think that's because the DS only did WEP (though it was a good 2 year gap between that and the Wii's releases).
KaoteK
Member
Ok thanks. I don't do any banking or purchasing on my phone anyway, so I should be fine...
StarCreator
Member
I can't speak to every manufacturer but my Sony phone uses the Google security patch level dates.
Brawly Likes to Brawl
Member
jeez, there's always some bullshit going on. Does anyone know how Xfinity updates its routers?
The Pet of the Month
Member
Automatically. I'm not aware of any current modems/routers given out by ISPs that have manual check update buttons, even for my Surfboard.
You could always try restarting the equipment so it can check for updates while starting up.
I did in fact ditch that prohibitive ad partnership back in spring 2016 instead of paying the bills, haha, in large part so that site-wide HTTPS could be viable for all NeoGAF visitors by default. Without parting ways with our ad partners there, full HTTPS browsing would've only been possible for ad-free premium subscribers, and the notion of paywalling HTTPS *really* bothered me (especially after we put in all the work to deploy it as a standard feature and I announced it as such).
You must've missed those few straight months of me being completely delirious from sleep deprivation while I rebuilt our in-house ad solutions from the ground up...live...in the middle of an emerging adblock crisis. ;b
Anyway, long story long, our current ad pipeline *is* HTTPS-compliant and hypothetically ready for action on that front, but this pain-in-the-balls EoL forum platform is teetering precariously on a pile of duct tape and custom mods and isn't viable to update anymore. We'll be migrating to a new forum architecture pretty soon, though, so HTTPS is still en route.
jellies_two
Member
You can at least change the login post to be https ?
Only takes a bit more duct tape?
I know the cookie is still http after login so could be hijacked but you can at least say the password isn't ttansmitted in the clear (even if its actually vbulletin hashed now).
Only takes a bit more duct tape?
I know the cookie is still http after login so could be hijacked but you can at least say the password isn't ttansmitted in the clear (even if its actually vbulletin hashed now).
the password is hashed before being submitted to the login page (not sure if that is what you meant, or just the cookie)
STOP THE PRESSES! BIG SCOOP!!!
Blam
Member
I will be waiting for that new forum arch very eagerly
This. I can't even login/post on GAF at work because it is deemed as 'not secure' since it's HTTP instead of HTTPS.
On topic - I'm happy software like LineageOS (14.1) exist for those of us with phones that don't get updates past the first year. Having a 10/5/2017 security patch on my Axon 7 just shows one of the many advantages of rooting a phone.
jellies_two
Member
It's hashed via a standard vb function then transmitted in clear which is bad because vbulletin hashes suck:
https://www.troyhunt.com/data-breaches-vbulletin-and-weak/
I think It should be sent via https just for the login form, then that URL redirects back to http if that's what the site must stick with. That way the post action is encrypted, but the ads remain http.
It is unclear to me why, if ad serving is bad over https, then a rewritten forum would help. Ad networks that plug ads into boxes on a page are either working well over https or not?
Random Human
They were trying to grab your prize. They work for the mercenary. The masked man.
I just got a notification for an iOS update - will that address this?
What version is it requesting to update to and from?
Random Human
They were trying to grab your prize. They work for the mercenary. The masked man.
Its for 11.0.3
It seems like its a week old so Im not sure why Im only getting it now.
Negative. That update is most likely 11.0.3, and the fix will be in 11.1 (currently in beta, release due in the next couple weeks).
sometimes the update algorithm just pings you later. Not everyone updates on the first day.
Random Human
They were trying to grab your prize. They work for the mercenary. The masked man.
Gotcha, thanks! Guess Ill just keep waiting.
It'll be be fixed in the next update which should come out soon. Maybe a week or two I think.
Big Green Anus
Member
Do we need to get new routers? I have Fios internet, which uses Verizon's routers, so I'm not sure if they would update them. I wish buy any wireless router for Fios, but I think you have to use Verizon's router to the Moca or something like that 
Brian Griffin
Member
From what I'm reading it says Android 6.0+ is affected. Sooo since I've been declining the update install every day for 2 years now (because Lolipop would have broken Puzzle and Dragons and then I just kept doing it after they updated the game) and I'm still on Android 4.4.4, is my phone safe?
Do we need to get new routers? I have Fios internet, which uses Verizon's routers, so I'm not sure if they would update them. I wish buy any wireless router for Fios, but I think you have to use Verizon's router to the Moca or something like that
1) You definitely don't need to use Verizon's router. You can use any MoCa bridge. You lose some features like remote DVR though
2) I don't think their routers support the features that need to be patched on the AP side, but they do put out pretty regular (automatic) updates so I wouldn't worry about it
No, it's easier to exploit on higher level Androids but all Androids are affected.
Are you Windows? Because that def got updated.
Grimm Fandango
Member
So what information exactly is available to these hacks? If I'm already logged into GAF on my phone and sign into the network, will they see my password? Or is it only if I log in and have to enter my password? Are viruses and Trojans able to get into my phone much easier?