Any comments from Sophos regarding WPA2 may be cracked by KRACK (Key Reinstallation AttaCK)

Aruba and Mikrotik have patches released early this morning. Ubiquiti and Apple seem to have patches in the works to be released very short term, would be interested to see if a brand like Sophos with a high focus on security will do the same! Vendors have been privately informed in July, seems like plenty of time to get those patches out!

Awfully quit on the Sophos Twitter and nakedsecurity blogs.

I hope that Sophos has soon a fix for this.

Sophos has been notified on Sept the 6th:

Taken from http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4 

Vendor         StatusDate  NotifiedDate      Updated

Sophos, Inc. Unknown     06 Sep 2017     06 Sep 2017

Sophos has been notified on Sept the 6th:

Taken from http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4 

Vendor         StatusDate  NotifiedDate      Updated

Sophos, Inc. Unknown     06 Sep 2017     06 Sep 2017

I've reached out to my contacts at Sophos looking for an answer (I'm a Platinum Solutions Partner).  I'll post what they give me for public release here.

I have send email to Michael Anderson (water board - The Netherlands).

... hopefully the response will be quick. 

---<%---

I'm having a hard time getting Sophos to release or inform me about a patch/firmware-update for the KRACK Attack (breaking wpa2).

Please contact me or Netstream as soon as possible.

...

...

Aruba and Mikrotik for example have already made a update available...

https://community.ubnt.com/t5/UniFi-Wireless/KRACK-update/m-p/2099299#M254757

https://community.ubnt.com/t5/UniFi-Wireless/FIRMWARE-3-9-3-7537-for-UAP-USW-has-been-released/m-p/2099445#M254807

https://forum.mikrotik.com/viewtopic.php?f=21&t=126695

Have to give a big thumbs-up to Mikrotik here - could not ask for a better vendor response to this.

What is happening with Sophos?

---%<---

Sophos just released this article;

Sophos Wireless APs, XG-W, Cyberoam and SG-W appliances are affected. We will release patches as soon as they are made available to us.

Apply patches as soon as they are available. Sophos will update this article whenever a patch is released to fix the vulnerability.

Customers can reduce their exposure to the vulnerabilities by disabling the Fast Roaming options and disabling Mesh.

My 2cents: Great so will just have to wait for a third party (f.e. Openwrt) to provide a patch, and then let sophos implement that patch in their updates. Two options, 1. this is gonna take some time, or 2. Sophos rushes out an update without proper testing and breaks stuff (aka the usual)

Ronald beat me to the punch.

Pretty sure there already patches out there on GitHub for wpa_supplicant -- which I think Sophos uses for at least some of their products.  Patch time may not be quite that long.. but of course there will be testing, etc. to be done.

Come on Sophos/Intel Mcafee , krackattacks.com is a criminal activity?