[ale] Strong home wireless router?
Jim Kinney
jim.kinney at gmail.com
Sun Jun 4 20:45:37 EDT 2023
Corp email and phishing. What a pain.
Maybe if there was a way to digitally sign email as a way to guarantee the
source....
</snark>
Security is hard and not easy for the lay person to grok. Trusting Apple
and Google to protect us...., how many subpoenas do they fulfill every year?
So much hardware for home use is "sell and forget" it borders on immoral.
On Sun, Jun 4, 2023, 1:36 PM Solomon Peachy via Ale <ale at ale.org> wrote:
> On Sun, Jun 04, 2023 at 10:34:27AM -0400, DJPfulio--- via Ale wrote:
> > A few years ago (perhaps 3?), a flaw in wifi was discovered that had
> > been in the code since the beginning - over 20 yrs.
>
> The original Wifi WEP "security" was abysmally bad, and was considered
> completely broken 20 years ago, with the network keys capable of being
> recovered in less than an hour of passive sniffing.
>
> What was recently (2017) discovered ("KRACK") was a flaw in many
> *implementations* of the WPA/WPA2 key exchange protocol. Unlike the
> orginal WEP attacks, this one didn't allow for the key data to be
> recovered, and instead relied on forcing one end of the exchange to
> install what effectively amounted to a null key.
>
> Another difference -- the underlying protocol itself was fine, and
> implementations were easily(and rapidly) fixed. Assuming the vendor
> ever shipped an update, that is. (Yet another reason why you should be
> using Free Software on your infrastructure & devices!)
>
> > My CMMI training says, that if 1 bug is found, there's an 86%
> > likelihood of another bug existing in the same software.
>
> Pfft. If you assume anything other than 100% probability of eventually
> finding a flaw, you're a fool. So you have to design your system to
> asusming it's going to need to be updated.
>
> > If you want strong security, assume the protocols have bugs (known and
> > unknown) and take necessary steps to mitigate those. 1 method is to
> > use a full VPN. IPSec is the most secure VPN today.
>
> Yeah, you have to layer stuff. FWIW, even with KRACK, if you used
> encrypted network protocols, the worst the attacker could do is DOS you.
>
> > If you just want to protect against the neighbor's kid and don't want
> > to worry about more sophisticated attacks, that's fine, but that
> > wouldn't count as "strong" in any book on security as a description
> > for wifi security.
>
> Again, "strong" is a relative definition. What's "strong" against a
> neighbor's kid is effectively tissue paper for a state-sponsored agency,
> and what's "strong" for said agency is most likely completely unusable
> for a layperson.
>
> > Where I've worked, we never trusted wifi without our corporate VPN,
> > using 2FA, even on systems that we'd provisioned inside our buildings.
> > This was the requirement by our data security team which wasn't
> > exactly small for this F-10 company.
>
> Meanwhile, at most places I've worked, internal corporate communications
> emails were, more often than not, indistinguishable from phishing based
> on the training said corporate policies required us to undergo. This
> was particularly ironic given that phishing (and related
> social-engineering stuff) remains the primary threat vector for internal
> system compromise.
>
> - Solomon
> --
> Solomon Peachy pizza at shaftnet dot org
> (email&xmpp)
> @pizza:shaftnet dot org (matrix)
> Dowling Park, FL speachy (libra.chat)
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20230604/b6fc7a0a/attachment.htm>
More information about the Ale
mailing list