Table of contents
Dr. Mathy Vanhoef published today new FragAttacks (fragmentation and aggregation attacks) on fragattacks.com to attack WiFi devices. Those attacks are based on Design and Implementation flaws and it looks like that all WiFi devices (Clients and Wireless Access Points) are affected by those vulnerabilities (therefore hashtag #wificalypse).
He wrote that using HTTPS in combination with HSTS is preventing this type of attacks. HSTS enforces web browsers to use always HTTPS encryption. Security Headers can be used to perform a check if HSTS headers are set on the web server.
EFF Plugin HTTPS Everywhere
EFF (Electronic Frontier Foundation) provides also a plug-in for web browsers called HTTPS Everywhere, which rewrite HTTP requests into HTTPS requests.
FragAttacks on Github
FragAttacks on Github: vanhoefm / fragattacks