What is Krack? It's an attack that exploits all wifi devices.

Are you at risk? Yes, but not really.

Should you worry? Not really. To exploit your systems, someone needs to be at close range and even then they aren't able to exploit 'secure' content (websites with a padlock in the address bar).

What can this exploit do to you? Simply put, it can read (or inject into) insecure content in real time. In theory someone could inject a phishing form onto any unpadlocked page.

Should you do anything? Make sure all of your devices are kept up to date. Make sure there aren't any creeps sitting in your driveway on laptops. Avoid clicking things that seem dodgy. So business as usual. Keep an eye out for any devices left sitting around where they don't belong.

But my TV has wifi!? Okay, yes, so EVERY wifi device is 'at risk', but there is a point where it doesn't matter too much - what data is someone going to be able to steal from a TV? Is that data going to be worth wardriving for?

What is wardriving? Simply put, wardriving is where someone drives around a town with a laptop looking for unprotected wifi networks so they can steal data or just generally be dicks. This new exploit simply gives them another attack vector.

Do you need to change wifi password? No, the attack ignores the password and doesn't expose it.

The attack only exploits WPA - should you use WEP instead? No. Thats like saying "A keycutter saw my keys once, so he MIGHT be able to get in. Better just leave my doors hanging wide open!"


Are you affected? Yes, probably.

Should you be worried? Probably not. Chances are low that it's actively been exploited. There is some residual data around, but chances are good that you'll be fine.

Should you change your passwords? Yes, probably. But you should rotate your passwords regularly anyway.

Am I downplaying the threat? Absolutely - Cloudbleed is REALLY, REALLY BAD. But it probably won't affect you. It's potentially worse than heartbleed and heartbleed was already really bad.

What is Cloudflare? Cloudflare is a service that sits between a website and you, making it so that you get data from a location closer to you than the website actually is. My websites are in Oregon, Cloudflare means that, from Australia, you only have to get to Sydney to get my site.

What happened? They had a memory leak. I could send a certain command and get a page full of garbage. Sometimes, very rarely (specifically 0.00003%), that garbage will have something interesting in it. However I can send that command as many times as I like.

What is a memory leak? Say I tell you to read 13 words of page 197 of the Lord of the Rings, but you misheard me and read 13 billion words. That's more words than the book contains, so you're just reading everything you can find.