VPN

I recently received the email below from Norton about VPN. I wondered what the technical teams thoughts are on this.

Many thanks

****************************************************************************************
A serious new vulnerability called KRACK (Key Reinstallation Attacks) was announced recently, likely impacting anyone who uses Wi-Fi. All Wi-Fi connection points and devices could be vulnerable�your local coffee shop, home, or workplace connection.

KRACK can allow attackers access to important information like credit card numbers, passwords, and emails transmitted over Wi-Fi networks. This vulnerability can also allow attackers to potentially infect your devices with malware or ransomware.
How to help protect your devices against KRACK
� Wi-Fi users should immediately update their Wi-Fi-enabled devices as soon as a software update is made available. Wi-Fi enabled devices are anything that connects to the Internet � from laptops, tablets, and smartphones to other smart devices such as wearables and home appliances.

� Stay informed - Learn More about the KRACK vulnerability.

� Only browse secure websites whose URL begins with HTTPS. HTTPS-enabled websites provides an extra layer of security by using encryption.

� HIGHLY RECOMMENDED - Consider using a secure Virtual Private Network (VPN) such as Norton WiFi Privacy*, to help protect your data against this new threat.

Note: Changing your Wi-Fi password will not prevent attacks.

Good advice

As has always been the case keep your devices updated to benefit from security patches.

As has always been the case only send sentive information over HTTPS.

Advice is sound but this has always been the case regardless of this new vulnerability.

Thank you both for replying. I think this is a very important issue. Norton are promoting it both via email and their application.

I have known for some time that the technology used in wireless networks is not very secure. This is what I was told:

"WPS is a huge security flaw, when cracked it essentially passes over the WPA2 key. Since the vulnerability is on WPS, even setting a 60 digit WPA2 password will not slow a hacker down, they would get the full 60 digit WPA2 password in the same time frame as if an 8 digit WPA2 key was used. Of course if a home user notices the compromise, they may change their WPA2 key, usually leaving WPS to be re-exploited in the same way."

Given the above, how much would having a VPN help?

Many thanks.

In reply to a post by Tantalus:

Thank you both for replying. I think this is a very important issue. Norton are promoting it both via email and their application.

I have known for some time that the technology used in wireless networks is not very secure. This is what I was told:

"WPS is a huge security flaw, when cracked it essentially passes over the WPA2 key. Since the vulnerability is on WPS, even setting a 60 digit WPA2 password will not slow a hacker down, they would get the full 60 digit WPA2 password in the same time frame as if an 8 digit WPA2 key was used. Of course if a home user notices the compromise, they may change their WPA2 key, usually leaving WPS to be re-exploited in the same way."

Given the above, how much would having a VPN help?

Many thanks.

Then turn off WPS; it is not essential to have.