Thanks to Linguica on the Doomworld forums for mentioning this topic, it's how I noticed it.
The down and dirty of it:
- Linux is more vulnerable than Windows. This is a huge problem for most home users, since many routers use some form of Linux. Therefore, it is imperative that you patch your router as soon as possible. If your ISP does not have updated firmware available to fix this exploit, pester the everliving fuck out of them until they have one available.
- Android is a Linux variant. If you have an Android phone or tablet, you must install updates and allow your device to patch itself when it becomes available. (You can easily trigger an update *if* it's downloaded simply by restarting your phone while it's charging - if not, you can dial *#*#checkin#*#* to get it to check for one)
- Windows is not in the clear, and still must be patched to prevent this exploit. Last week's update (10-10-2017) has the relevant fixes.
- From what I understand, Mac OS X and iOS devices are not affected. (Older devices might be, though - still, patch if you can)
- This exploit is not usable from the internet, itself. Rather, it requires someone with a crack-enabled device to move within range of your computer, or your Wi-Fi access point.
Kinsie wrote:Some additional info:
- Google will push a fix to its own Android-based Pixel devices on November 6th. Expect the fix to spread to other Android devices from there... but of course, it's always a crapshoot as to whether Androids get the latest updates.
- Public developer betas of Apple's operating systems are already patched. Expect a public release in a few weeks. In the meantime, Apple devices are apparently in the same "less vulnerable" bucket as pre-patch Windows devices.
If you choose not to patch, don't use Wi-Fi. Your data and security is not worth the risk.
If you want to research this on your own simply Google "Krack" (exact spelling).