You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 Today 00:20:50
- Micronaut
- Member
- Registered: 2019-07-04
- Posts: 262
New Wifi Vulnerability
Incoming security issue. A whole new set of attacks has been discovered that can affect nearly any public Wifi network.
AirSnitch Breaks Wiki Encryption in Homes and Offices
I rarely use Wifi at all. But I'm now wondering if Stubby actually works in Devuan 6 yet? Or is it still in 'development'? That's one possible useful defense. Or a full VPN. Which I guess I ought to learn to configure. 
Offline
#2 Today 05:17:34
- steve_v
- Member
- Registered: 2018-01-11
- Posts: 666
Re: New Wifi Vulnerability
Or just use separate AP(s) for your untrusted/guest network, and put them on an isolated VLAN... Like sensible people have been doing for about as long as wifi has been a thing - because wifi has been subject to a variety of security issues since day one, and untrusted devices or networks cannot, by definition, be trusted.
I'm now wondering if Stubby actually works in Devuan 6 yet? Or is it still in 'development'? That's one possible useful defense.
Assuming you are talking about this stubby, now I'm wondering if you even understand the article you linked... What does a DNS stub-resolver have to do with anything, and how is it supposed to be a "defence" against a layer-2 port-spoofing attack?
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.
Online
#3 Today 13:10:51
- Micronaut
- Member
- Registered: 2019-07-04
- Posts: 262
Re: New Wifi Vulnerability
DNS spoofing is one use of the new attack(s). There are several and some applications are discussed in the article.
Offline
#4 Today 13:23:07
- steve_v
- Member
- Registered: 2018-01-11
- Posts: 666
Re: New Wifi Vulnerability
DNS spoofing is a very old attack, as are most of the others mentioned. There are undoubtedly more which were not, and calling a fix for one a "defence" is like plugging one hole in a colander and calling it "sealed".
What's new here is breaking client-isolation so those old attacks all work again. It's basically ARP spoofing, and that was a gold-mine in terms of what you could do once you had control of the stream. DNS fuckery is a problem, but it's really just the tip of the iceberg.
If you use "coffee shop" style public wifi (which I personally think is a terrible idea), use a VPN or tunnel (preferrably with a pinned host cert).
If you administer the same, use separate access points and segregate them from your main network.
Ed. Ahh, I see I have reached the perfect post count. 
Last edited by steve_v (Today 13:35:26)
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.
Online
#5 Today 15:14:22
- fsmithred
- Administrator
- Registered: 2016-11-25
- Posts: 2,857
Re: New Wifi Vulnerability
Ed. Ahh, I see I have reached the perfect post count. big_smile
I think I have a better understanding of the phrase, "The devil is in the details."
Offline
#6 Today 17:28:36
- chris2be8
- Member
- Registered: 2018-08-11
- Posts: 366
Re: New Wifi Vulnerability
My home network is entirely wired, with wifi disabled on my router. This provides another justification for taking the time to set it up like that.
Offline
#7 Today 20:53:15
- tux_99
- Member
- Registered: 2025-06-17
- Posts: 107
Re: New Wifi Vulnerability
My home network is entirely wired, with wifi disabled on my router.
Same here, my router is actually a small custom built PC that doesn't even have wifi.
A router provided by the ISP (or even a self-bought off-the-shelf router) is another gaping security hole that I would never allow in my home.
“Either the users control the program – or the program controls the users” Richard Stallman
Offline
Pages: 1
