Out of the Ecuador

Cometh the hour, leaveth the man. As you will all have seen, it appears that Julian Assange’s time has come.

As the Ecuadorian Ambassador to the United Kingdom decided to call time on his asylum, the long arm of the law was waiting and promptly felt his collar, and cuffs for that matter, dragging him out on a charge of skipping bail.

Unsurprisingly, very soon after the nickage, almost as if this had been orchestrated (imagine?), the USA unsealed a March 2018 indictment charging Assange with conspiracy to commit computer intrusion. This charge is based on collusion with Chelsea Manning to breach passwords on US secret databases, which were then published on Assange’s WikiLeaks website mostly verbatim.

It is not for us to comment on the good or bad of this case but it is certain that it will raise a lot of questions about the press, whistleblowing and disclosure.

Given that most of the harvested/stolen information was released unedited and recklessly exposed personal information of private citizens, security operatives, even apparently outing a gay man from Saudi, naming rape victims, this doesn’t look like responsible journalism and much of it may not be in the public interest.

Let us all see what happens, the Americans are talking about a 5-year maximum sentence. They probably said this with their fingers crossed. Anyone know what happened to Marcus after this?

This week has also seen a brace of crack security chaps detailing methods to break the security of WPA3 commenting that the protocol was not subject to public review, the attacks even have a name and a logo – DragonBlood (mwahahaha). You will all know how we love a name and a logo for an exploit, gives us the tingles all over.

In addition to notifying the relevant authorities, the brain the size of planet’s researchers also uploaded a set of tools to GitHub for your delectation:

  • Dragondrain—a tool that can test to which extent an Access Point is vulnerable to DoS attacks against WPA3’s Dragonfly handshake.
  • Dragontime—an experimental tool to perform timing attacks against the Dragonfly handshake.
  • Dragonforce—an experimental tool that takes the information to recover from the timing attacks and performs a password partitioning attack.
  • Dragonslayer—a tool that implements attacks against EAP-pwd.

Obviously it was Patch Tuesday this week. We try not to rewrite other people’s materials – here is the best resource to find out the usual patch recommendations.

If you have a WPA2/WPA3 wireless environment and want some help to test it, our crack team are available to assist. Please contact us at: [email protected] or call 020 7517 3900.