This is going to be my shortest blog ever, because basically it’s just a warning: IGNORE THE MARKETING BULLSHIT AND THE DOOMSDAY JOURNALISTS!
Every time there is an outbreak of malware, or a new vulnerability exposed, or a protocol deprecated, the marketing departments of every security vendor go into overdrive. Their only goal; to make more money. Not to help, not to provide sound advice so that people don’t make bad decisions based on FUD, and not even because they know what the Hell they’re talking about.
And the newspapers do what they do best; create panic with little to no understanding of the subject.
Yes, WPA2 has likely been broken, but because of the integrity of the researcher who discovered it we won’t have any information about it until later today. Which means we currently have no idea of the impact.
Apparently this is the guy you need to be watching; http://www.mathyvanhoef.com/
So here is what I would be doing right now if I were you:
- Determine what the impact would be on your organisation is WPA2 were truly broken;
- Update EVERY relevant device, as by now most of the bigger manufacturers should have a patch or a workaround;
- Tell your entire employee base NOT to panic, but they too should update their home computers (anti-malware etc.), mobile devices and home routers;
- Update your incident response plan to cover any issues.
The one thing you should NOT do is be part of the problem! Don’t spread rumours, spread fact, and be part of the SOLUTION! Share this blog if you want, or at least articles like it.
The security industry is rapidly becoming a bunch of used car salesmen, let’s each do our part to get THIS one right.
[If you liked this article, please share! Want more like it, subscribe!]