Dev1 Galaxy Forum / New Wifi Vulnerability

Re: New Wifi Vulnerability

dummy@example.com (Micronaut) — Sun, 08 Mar 2026 00:21:35 +0000

Yeah, I do the same. At least for desktops. I have a separate Wifi server for laptops only, and only turn it on to update them so they are ready to go into the field. The rest of the time, it stays off and this is a Wifi free house.

Re: New Wifi Vulnerability

dummy@example.com (tux_99) — Fri, 27 Feb 2026 20:53:15 +0000

chris2be8 wrote:

My home network is entirely wired, with wifi disabled on my router.

Same here, my router is actually a small custom built PC that doesn't even have wifi.

A router provided by the ISP (or even a self-bought off-the-shelf router) is another gaping security hole that I would never allow in my home.

Re: New Wifi Vulnerability

dummy@example.com (chris2be8) — Fri, 27 Feb 2026 17:28:36 +0000

My home network is entirely wired, with wifi disabled on my router. This provides another justification for taking the time to set it up like that.

Re: New Wifi Vulnerability

dummy@example.com (fsmithred) — Fri, 27 Feb 2026 15:14:22 +0000

Ed. Ahh, I see I have reached the perfect post count. big_smile

I think I have a better understanding of the phrase, "The devil is in the details."

Re: New Wifi Vulnerability

dummy@example.com (steve_v) — Fri, 27 Feb 2026 13:23:07 +0000

DNS spoofing is a very old attack, as are most of the others mentioned. There are undoubtedly more which were not, and calling a fix for one a "defence" is like plugging one hole in a colander and calling it "sealed".
What's new here is breaking client-isolation so those old attacks all work again. It's basically ARP spoofing, and that was a gold-mine in terms of what you could do once you had control of the stream. DNS fuckery is a problem, but it's really just the tip of the iceberg.

If you use "coffee shop" style public wifi (which I personally think is a terrible idea), use a VPN or tunnel (preferrably with a pinned host cert).
If you administer the same, use separate access points and segregate them from your main network.

Ed. Ahh, I see I have reached the perfect post count.

Re: New Wifi Vulnerability

dummy@example.com (Micronaut) — Fri, 27 Feb 2026 13:10:51 +0000

DNS spoofing is one use of the new attack(s). There are several and some applications are discussed in the article.

Re: New Wifi Vulnerability

dummy@example.com (steve_v) — Fri, 27 Feb 2026 05:17:34 +0000

Or just use separate AP(s) for your untrusted/guest network, and put them on an isolated VLAN... Like sensible people have been doing for about as long as wifi has been a thing - because wifi has been subject to a variety of security issues since day one, and untrusted devices or networks cannot, by definition, be trusted.

I'm now wondering if Stubby actually works in Devuan 6 yet? Or is it still in 'development'? That's one possible useful defense.

Assuming you are talking about this stubby, now I'm wondering if you even understand the article you linked... What does a DNS stub-resolver have to do with anything, and how is it supposed to be a "defence" against a layer-2 port-spoofing attack?

New Wifi Vulnerability

dummy@example.com (Micronaut) — Fri, 27 Feb 2026 00:20:50 +0000

Incoming security issue. A whole new set of attacks has been discovered that can affect nearly any public Wifi network.
AirSnitch Breaks Wiki Encryption in Homes and Offices

I rarely use Wifi at all. But I'm now wondering if Stubby actually works in Devuan 6 yet? Or is it still in 'development'? That's one possible useful defense. Or a full VPN. Which I guess I ought to learn to configure.