[HN Gopher] Spies Jumped from One Network to Another via Wi-Fi i...
___________________________________________________________________
Spies Jumped from One Network to Another via Wi-Fi in an
Unprecedented Hack
Author : impish9208
Score : 19 points
Date : 2024-11-22 12:11 UTC (10 hours ago)
(HTM) web link (www.wired.com)
(TXT) w3m dump (www.wired.com)
| brudgers wrote:
| If your threat model includes nation states, you are outgunned.
|
| A nation state can probably _buy_ the building across the street
| if that 's the value of hacking your system.
|
| Of course there are almost certainly cheaper options,but that's
| the level of time and budget you are up against...teams of
| motivated and well resourced experienced professionals working
| against you full time.
| hulitu wrote:
| > If your threat model includes nation states, you are
| outgunned.
|
| If basic security is not implemented, you have bigger problems.
| (backdoors in Cisco, Fortinet, Palo Alto Networks, skipping
| tests - Cloudstrike)
| brudgers wrote:
| Like I said, there are almost certainly cheaper options. It
| would be unprofessional for intelligence professionals to do
| things to hard way.
|
| You are outgunned.
| rangestransform wrote:
| We should still try our best to secure everything against
| nation state actors, so that people who really need it
| (journalists, dissidents, security researchers, etc.) can blend
| into the crowd with regular consumer grade devices
| transpute wrote:
| WiFi security can be improved by per-device passwords,
| https://github.com/spr-networks/super
| telgareith wrote:
| Or just enable "WPA-enterprise" and have it rotate keys. Then
| you not only have device certificates, you also have per user
| authentication. And if somebody missed it- rotating keys. They
| can change faster than they can be cracked. Then you can also
| layer VPNs ontop of that...
|
| All of which are standard, well known, and proven solutions.
|
| What does that repo offer? With 400 stars, I doubt anybody has
| given it serious attention.
| sigmoid10 wrote:
| You make it sound like you just have to flip a switch in your
| router's settings to enable it, but that is very far from the
| truth. For that to work you need a RADIUS server to handle
| credentials, a certificate authority if you want any useful
| kind of authenticity checks, a process for distributing said
| certificates and finally you need to configure all your
| access points. This is something that companies can (and
| should) have, but for home users it is overkill. Since this
| repo specifically targets home users, I suspect there is a
| place for this among enthusiasts who can't or don't want to
| go all the way on their home network.
| rurban wrote:
| No radius server needed, the builtin kernel module for wifi
| access points can do that easily.
| LorenDB wrote:
| https://archive.ph/cKrq8
| malux85 wrote:
| You know nothing, John Snow
| sharpshadow wrote:
| "Microsoft warned of a vulnerability in Windows' print spooler"
|
| How much I hated just seeing this process. Print related tasks
| should never run when not needed.
___________________________________________________________________
(page generated 2024-11-22 23:01 UTC)