Most Votes
- What's the highest dollar price will Bitcoin reach in 2024? Posted on February 28th, 2024 | 8481 votes
- Will ByteDance be forced to divest TikTok Posted on March 20th, 2024 | 7686 votes
Most Comments
- What's the highest dollar price will Bitcoin reach in 2024? Posted on March 20th, 2024 | 68 comments
- Will ByteDance be forced to divest TikTok Posted on March 20th, 2024 | 20 comments
Comments should work now. (Score:4, Informative)
Restarted this poll to fix comments. Apologies for the lack of comments on the previous one.
Re: (Score:2, Funny)
Apologies for the lack of comments on the previous one.
Nope, we're not buying it. Clearly, it was part of some evil plan your evil masters at Dice Evil Holdings eviled up for some evil purpose (we'll make up... I mean, determine just what it was supposed to do later) and only our complaining could possibly foil this evil from taking over the world*. We're clearly heroes and whining on an online message board is a viable tactic to save the world!
*: Slashdot
Re:Comments should work now. (Score:4, Insightful)
Care to restart it again with a correct list of "least to most secure" options?
What about the previous poll? (Score:4, Interesting)
http://slashdot.org/poll/2613/time-until-facebook-is-replaced [slashdot.org]
Can you please kindly restart that one too so we can post comments?
Re: (Score:2)
Yeah, I like the socialization on /.!
Re:Comments should work now. (Score:5, Insightful)
How about restarting it again to get rid of the absolutely idiotic choices. Please stop promoting the misconception that MAC filtering, SSID hiding, or DHCP disabling are worth anything at all for network security. All any of those three do is make legitimate use harder while not hindering an attacker in the slightest. Does anyone think there are people who can crack WPA2 but can't run Wireshark for 15 seconds to see both legitimate MACs and the IP scheme?
Re:Comments should work now. (Score:5, Insightful)
Problem is Slashdot no longer has anyone working here that knows anything about technology.
You wanted the Slashdot from 10 years ago, it's gone.
Re:Comments should work now. (Score:5, Informative)
The poll choices included:
WPA/WPA2 w/ hidden SSID: A bit more secure
Ditto, but w/ MAC whitelist: A tough tighter
Ditto, but DHCP disabled: Wireless fortress
All of those were built on WPA/WPA2 encryption. Since it flew over your head, the OP was simply pointing out that non-broadcast SSIDs, MAC filtering, and requiring static IP configuration adds no additional security, since anyone able to get past the first hurdle will find it trivial to get past the rest. The choices, by implying that things get more secure, are misleading.
Re: (Score:3)
Re:Comments should work now. (Score:5, Informative)
The point is that anyone attacking WiFi in any way is using passive monitoring tools. Those will see your AP no matter if it broadcasts or not. Those will also see any clients, and thus already have a list of valid MACs.
Even more fun, any computer that is set to automatically connect to a "hidden" AP is constantly broadcasting looking for it whenever not connected. So your computer, phone, etc. advertises the existence of a "hidden" AP everywhere you go. Probably impacts battery life too.
Even old-school Netstumbler would show the active clients.
MAC filtering, SSID hiding, etc. are all below WEP64 in terms of security. They can only be considered worthwhile in a situation where for whatever reason (shitty old client device you can't replace usually) you absolutely must have an open AP but want to have it at least be a slight challenge to access.
If there is any encryption at all, even the trivially broken WEP64, none of those things add anything as literally every single person who could crack even that can bypass the rest.
It's the same sort of cargo cult "security" technique as the fuckwits who disable ICMP on their routers and think that makes them invisible on the internet rather than just being a pain in the ass to diagnose network problems.
Re: (Score:3)
It's the same sort of cargo cult "security" technique as the fuckwits who disable ICMP on their routers and think that makes them invisible on the internet rather than just being a pain in the ass to diagnose network problems.
Gah this. Heck, the number of times I've had orders come down to 'hide the SSID' from people supposedly more trained in network security than I am...
'But it's more secure!'. Arg.... All you're doing is changing the broadcasting of the SSID from our more or less secure location to everywhere any wireless device set up for our network goes with the wireless enabled.
The WPA2 and mandatory VPN to the NCC is all the security you need(on the wireless aspect).
Re: Comments should work now. (Score:3, Funny)
No, it's in there; Everyone lives next to him.
Re: (Score:2)
more constructively, I used to do the MAC whitelist thing, but now every device has a darn wifi so the list becomes unmanageable. every phone, every printer, every speaker system, every streaming device...WPA2 is fine.
Re:Comments should work now. (Score:5, Funny)
It must be a porn thing.
Re: (Score:3)
"I thought that was because you just felt that the poll didn't need any comments"
No comment.
high-velocity lead security (Score:2, Insightful)
A clear field of view and a targeting range in excess of the WAP's range should be sufficient security.
Re: (Score:3, Interesting)
WEP WEP WEP (Score:3)
Re: (Score:3)
>I'm still using WEP for the simple reason that I would have to update several devices settings, and I'm too lazy for that.
Yep. And it's compatible with everything.
It has enough security that it keeps out casual people, but not enough to pretend you have actual security.
You should never trust your wifi network. Even if you have some magical unhackable security, all you need is one friend connecting with a cell phone and Google knows it (Android phones autoupload wifi passwords by default) and therefore t
Re: (Score:2, Insightful)
Between eeeeeeevil NSA agent driving up to my home and surfing porn with my Google-acquired credentials and neighbour's kid discovering Backtrack pwning my WEP network or a passing by wardriver doing same, one is about as likely as winning jackpot in a lottery by finding a ticket on the street, and another like getting 2:1 payment back on one ticket from a thousand you bought.
It's like saying "Well, a nicely placed C4 charge would blow this safe open anyways, so I might as well just hide my money in my old
Re: (Score:3)
Re: (Score:3)
This. Wifi *outside* your firewall (Score:3)
Dude, provide guest wifi on the outside of your firewall
When I lived in SF, I put my wifi *outside* my firewall to provide free guest access to the coffee shop at the end of the block.
Wifi was open - with just a splash screen asking people not to abuse it and not to complain if it went down.
QOS routing ensured that the guest traffic didn't interfere with my own; and casual occasional monitoring suggested that noone abused it from either a bandwith or content point of view.
Think it'd be great if all wifi routers were configured that way by default. The wi
Re: (Score:3)
Re:WEP WEP WEP (Score:5, Funny)
Who the fuck needs 15 minutes for that?
My calculator could do it in 10 seconds..
Re: WEP WEP WEP (Score:2)
hidden SSID? MAC filter? Really? (Score:5, Informative)
Is it so hard to spoof a MAC address? I wouldn't call that security.
Also hidden SSID is a bad idea, period.
http://blogs.technet.com/b/networking/archive/2008/02/08/non-broadcast-wireless-ssids-why-hidden-wireless-networks-are-a-bad-idea.aspx [technet.com]
WPA2 with CCMP-only encryption is good enough. Added security comes from a random SSID and good password.
Re:hidden SSID? MAC filter? Really? (Score:4, Insightful)
Disabling DHCP is the most ludicrous option. The only way this could make your home network more secure is if it is an open network and you want to prevent devices from automatically connecting. Do you really think someone is going to crack your WPA2 encryption, spoof your MAC address, and then give up because they don't feel like configuring a static IP address? Or is there actually some valid security reason for disabling DHCP?
Re: (Score:3)
I use a limited dhcp pool so if I can't get an address on one of my devices because they are all leased then I know some one has cracked my wpa or more likely the kids have friends over with a device and have been giving out my password.
Re:hidden SSID? MAC filter? Really? (Score:5, Insightful)
But what if someone cracked your WPA and instead of using DHCP they assigned themselves a static IP outside of the DHCP pool?
Re: (Score:2)
But what if someone cracked your WPA and instead of using DHCP they assigned themselves a static IP outside of the DHCP pool?
That's what firewalls are for, no?
Re: (Score:2, Interesting)
Ok I setup my Router to handle only 3 mac addresses.
You walk by my house you see a signal. however the ssid is hiden and is under WPA2 and you need to know what Mac Addresses I have allowed. It is getting more and more difficult.
At best you can peer into the window and see say a Dell Laptop and you could get some of the numbers that Dell systems tend to use. But still you are going to wait a long time in elements trying to break into a router.
Re:hidden SSID? MAC filter? Really? (Score:5, Funny)
I would just throw a brick through the window and take the Laptop.
Re:hidden SSID? MAC filter? Really? (Score:5, Funny)
Obligatory comic [xkcd.com]
Re:hidden SSID? MAC filter? Really? (Score:5, Insightful)
Firstly, a hidden SSID is pointless and trivial to snoop (and if you've turned on the option to connect if it is not broadcasting your devices call out the SSID constantly). Secondly your MAC address is broadcast in the clear regardless of your network encryption, anyone can easily find these by watching wireless traffic.
A relatively unique SSID (as in, unlikely to be in an existing rainbow table) paired with a reasonable password is all that is required to secure a personal wifi network.
Re: (Score:3)
It's your neighbours that you need to worry about. Easy to get a working MAC address, just wait for one of your devices to connect. In fact that it also what they need to gather the necessary packets to start an offline dictionary attack on your WPA2 key anyway, so you can see that it offers exactly zero benefit over WPA2 alone.
Re: (Score:3)
I can fire up kismet on my laptop and straight away see what MAC addresses are connecting to your SSID (regardless of whether it's broadcast). It's that easy. I've never bothered trying to spoof a MAC and breaking a wifi key, but getting the SSID and MAC address is trivial.
Guessing MAC addresses by model of laptop, SNORT!
Re: (Score:3)
Re: (Score:3)
Or perhaps like parking your car behind a glass wall with a sliding door...
Re: (Score:2)
Re: (Score:2)
Steve Jobs, is that you?
Re: (Score:3)
... and wearing it around your neck like gangster bling until you get back to your car.
Re: (Score:2)
It is kinda like hiding your important stuff underneath the seat when you park you car in the parking lot.
If you are in an area where they are a lot of Wireless networks, chances are the more open ones will get in. Hiding your SSID in general makes it less of a target to try to get hacked.
Opposite (Score:2)
Someone hacking into wireless networks would go after networks that were not broadcasting SSID, under the theory there would be something more interesting on that network.
It's not like a WiFi hacker is not going to start with a WiFi scanner and work from there...
Re:hidden SSID? MAC filter? Really? (Score:4, Insightful)
How the hell is exposing an SSID "insecure" in any way anyway? What will happen? Why do people still fall for security through obscurity? What do they think your WIFI password is for?
Some people have a need to feel special, like they know some trick that gives them the upper hand over the teeming masses. Relying on a strong protocol and a good password... well that's no good - even non-techies can do that!
Re: (Score:3)
How the hell is exposing an SSID "insecure" in any way anyway? What will happen? Why do people still fall for security through obscurity? What do they think your WIFI password is for?
Some people have a need to feel special, like they know some trick that gives them the upper hand over the teeming masses. Relying on a strong protocol and a good password... well that's no good - even non-techies can do that!
It's the difference between the attacker wanting _a_ wireless network, or _your_ wireless network. If the attacker wants _a_ wireless network, then yours just needs to be a bit more secure than your neighbors. If they want _your_ wireless network then they'll break into your house and get what they want anyway.
Re: (Score:3)
There can only be one (Score:3)
Only one of the possible responses provides any real security against malicious intent. The others might keep nosy neighbours and casual wardrivers out, with varying degrees of effectiveness.
Then there's the first option. This used to be my philosophy. I still believe in sharing wireless, but these days I do it with a dedicated vlan and a WPA2 key that is disclosed right in the SSID. Sharing doesn't have to mean throwing security out the window.
Re: (Score:2)
WPA2 key that is disclosed right in the SSID
What is the point?
Re: (Score:3)
Re: (Score:2)
http://security.stackexchange.com/questions/8591/are-wpa2-connections-with-a-shared-key-secure [stackexchange.com]
Basically, with WPA/WPA2 PSK, anyone who really wants to decrypt a user's traffic can (so long as they witness the association or force a reassociation). It's minimally more difficult than just sniffing unencrypted wifi packets.
Re: (Score:2)
http://security.stackexchange.com/questions/8591/are-wpa2-connections-with-a-shared-key-secure [stackexchange.com]
Basically, with WPA/WPA2 PSK, anyone who really wants to decrypt a user's traffic can (so long as they witness the association or force a reassociation). It's minimally more difficult than just sniffing unencrypted wifi packets.
Perhaps, but at least you can go from worrying about real cybercriminals + dangerous idiot script kiddies to just worrying about the former.
Any simply implemented measure that mitigates some portion of threat and risk is worth it, IMO.
Re: (Score:3)
I can't believe my comment was downmodded. Did you read the stack exchange answer? You need some tool (like wireshark) to sniff packets on an unencrypted wireless link. It is trivially more difficult with an encrypted connection when the attacker knows the WPA passphrase. Any "script kiddie" who can figure out how to use wireshark to sniff unencrypted packets on the public VLAN will also be able to sniff encrypted packets. Wireshark does it for you. All said script kiddie needs to do is use the aircra
Re: (Score:3)
I still believe in sharing wireless, but these days I do it with a dedicated vlan
I initially read that as "I do it with a dedicated van" and was rather amused.
If you can't trust the encryption you're screwed (Score:5, Insightful)
Hiding the SSID and/or MAC whitelisting will make it a bit tougher for a casual attacker. BUT, a casual attacker will be totally defeated by WPA2. If whoever is attacking you is able to break WPA2, then the hidden SSID and MAC whitelist will offer you zero protection against them.
Thus, they're pointless and an inconvenience to legitimate users. My dad is obsessed with MAC whitelists which is a pain as every time I take my laptop over there I have to wait while he reconfigures the fricking router (yes, he deletes the entry when I leave).
Re:If you can't trust the encryption you're screwe (Score:5, Funny)
My dad is obsessed with MAC whitelists which is a pain as every time I take my laptop over there I have to wait while he reconfigures the fricking router (yes, he deletes the entry when I leave).
Don't let him get to know APK then.
Re: (Score:2)
Next time you're there, copy down one of his MAC addresses and start spoofing it.
Re:If you can't trust the encryption you're screwe (Score:5, Informative)
A link for those who don't Google [google.com]
PSK vs 802.1x (Score:4, Interesting)
I know one isn't supposed to complain about the lack of choices in the poll, but if this is asking about security there should have been an option for PSK vs. 802.1x.
Re: (Score:2)
That was a suggestion. Optional. Like pants.
firewalled (Score:2)
Come at me, bro. (Score:5, Funny)
Re:Come at me, bro. (Score:5, Funny)
Re: (Score:3)
lol no (Score:2)
Disabling SSID Broadcast - Less Secure (Score:5, Informative)
Re: (Score:2)
Not less secure. More secure to the casual hacker. Not more or less secure to somebody targeting you.
If somebody wants to get on a wireless connection and sees 10 broadcasted SSID's... they would likely try those first. They could wait for a client to send out a request with the ID in it, but there are those 10 that are screaming "HERE I AM!!" that is very easy to find. It's the "I don't need to out swim the shark" approach.
Now of somebody is targeting you... Hidden or not, they will find your connecti
Re:Disabling SSID Broadcast - Less Secure (Score:5, Informative)
Yes. The point I'm trying to make is that if:
1) You set your SSID to "my_secret_ssid" and then disable broadcast
2) You configure your laptop to connect automatically to "my_secret_ssid" and check the box that this is a non-broadcast ssid
Then
3) Every time you bring your laptop to work or the airport or the donut shop, it will start beaconing to look for "my_secret_ssid".
Evil nefarious types have the tools to look for those beacons and automatically reply with "my_secret_ssid" to trick your machine into connecting to them. Theoretically they can then pass this connection to a legitimate network connection, but leave themselves in the middle. You and your laptop won't necessarily know that this has happened.
How to avoid this: Don't automatically connect to wifi, and don't configure non-broadcast SSIDs on your machines any longer than you need to.
Re: (Score:2)
Ahh! That is a good point.
But if I'm at an airport and I connect to "My_Secret_SSID", I know I'm out of range. It's a pretty big tell, but in the moments from connecting to disconnection could be long enough to plant something nasty.
But when I travel, I normally turn off my wi-fi connections. Bit of my OCDness of having things scanning for things that are not there.
Now the man-in-the-middle attack is there, if at home somebody could set up an SSID to match you, but that could be done both broadcast and h
Re: (Score:3)
This is only an issue for password-less systems or cases where the attacker knows the password, because the handshake protocol requires both the access point and the client to know the password. In either of those cases, an attacker could just as well sniff the network traffic.
Is there a scenario where (hidden_SSID + WPA2) is actually more insecure than (broadcast_SSID + WPA2)?
WPA2 (Score:2)
WPA2 should be secure. I understand it is not vulnerable to known attack in the enterprise configuration with EAP-TTLS, where the WPA supplicant has a CA installed and can authenticate the peer using a certificate.
But in the home scenario, what prevents MiM attacks? How can the WPA supplicant make the difference between your own wifi router, and the malicious neighbor's one?
Re: (Score:2)
Re: (Score:2)
Damn Nintendo DS (Score:3)
wpa2 and a random MAX_LENGTH passwd (Score:2)
My take on home WPA2 best practices, in case it helps anyone:
Re: (Score:2)
Your SSID is meaningless. Everything else is basic password security 101.
Re:wpa2 and a random MAX_LENGTH passwd (Score:4, Informative)
Your SSID gets used as part of the encryption process. By ensuring it's unique, an attacker can't use rainbow tables to attempt to recover your password.
Re: (Score:2)
+ distance (Score:2)
What is... (Score:2)
A tough tighter?
Re: (Score:2)
Maybe he meant "tough titty" as in "You want on my network? Tough titties!"
works for me (Score:5, Funny)
ive found that by smashing my router with a hammer until plastic bits fly all over, ive obtained 100% security.
Re: (Score:2)
Ah, the David Ortiz method.
Secure the systems, mildly restrict the wifi (Score:2)
Unsecured by design (Score:2)
I have a 50 megabit connection with an unsecured wireless G/N network with an SSID of "The People's Wifi".
Warms my heart every time I log into the router config page and see a half dozen new devices :)
I do limit the access for everyone else though -- web, email, vpn, and that's about it. Don't want any idiots who don't know how to use block lists firing up a dozen torrents though my network. Granted, I do it via port forwarding, so they could still get through, but anyone with that kind of knowledge is smar
Wired Ethernet only (Score:4, Interesting)
Powerline Ethernet is by itself insecure. Your house may very well share one utility transformer with several neighbors. Your house wiring is effectively connected to theirs.
Oh yeah. Don't forget those outside plugs. No telling who might sneak up and plug something in there.
Wired (Score:2)
Despite the fact that my laptop could go wireless, I opted for wired connections and have the WiFi functionality of my 2Wire router disabled. I don't like wireless; never have. All those bits penetrating me... :P
WPA is in the wrong category there (Score:3)
WPA is in the wrong category, and the security of hidden SSIDs is over-stated. Let's fix this:
WEP/WPA: Waiting to be compromised
WPA2: Should be secure
WPA/WPA2 w/ hidden SSID: Not really any more secure, since all your devices are now broadcasting your SSID whether you're near your AP or not.
Ditto, but w/ MAC whitelist: Not really any tighter, since the devices MAC is broadcast unencrypted and can be trivially spoofed.
Re: (Score:3)
It's just an extra protection against people who don't know how to spoof MAC or see hidden networks.
You don't need protection from those people. WPA2 will stop them cold. You need protection from people who can defeat WPA2.
We're protecting ourselves from that kid down the street, not some pro hacker.
That kid down the street isn't going to break WPA2, and if he CAN break WPA2 do you REALLY think he can't figure out MAC spoofing or find hidden SSIDs?
Its the equivalent of storing your bicycle in a large bank s
Missing option: WPA2 Enterprise (Score:4, Informative)
Re:Guest network (Score:4, Interesting)
Guest networks are socially important, and friendly, no matter how much the cable modem companies dislike sharing. Unfortunately the WiFi encryption standards assume that if you want privacy you also want to limit who can use the network, so if you want encryption on a guest network you need to resort to approaches like your SSID "passwordispassword".
For a long time, most of my neighbors and I ran unencrypted networks, so if my DSL was out for a day, I could borrow a nearby "linksys". (When 802.11g came out, most of those routers got set up with passwords, so I'd have to go over to Starbucks if my DSL was down.) The only problem I ever had was when one of my neighbors got a virus and her PC used my Wifi to spam. Fortunately I have a friendly ISP, so they just called me and said "BTW, we've blocked half a million spams from your line today, can you see if it's your PC or your Wifi?" One of my friends considered it a civic benefit to run Wifi so his neighbors' teenage kids could have uncensored Internet if they wanted - was fine until the kid discovered file-sharing and flooded the airwaves.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
It's pretty easy for an attacker to hook up a high gain directional antenna in order to remain out of sight.
Re: (Score:2)
WTF? Cluelessness is like a delicate flower. Your ruining theirs. I bet you tell them there is no Santa.
Re: (Score:2)
Re: (Score:2)
WPA2-EAP with FreeRadius running on a Raspberry Pi. TomatoUSB firmware with no WPS, limited IP pool and static IP addresses. No SSID broadcast. No wireless admin access to router. Raspberry Pi is on it's own subnet. Using 10.0.0.0 rather then 192.168.0.0. Obfuscation to the point I can't even remember it all.
My Vista laptop is not happy with this setup....
I'd love to be able to use WPA2-EAP-TLS. However, the standard was invented for "enterprises" where all the equipment is supplied and configured by the corporate IT department. So, you need to set up a certificate authority (CA) to sign your access point and client keys, and then you need to install the appropriate certificates in the appropriate places on all your WiFi things.
It's annoying to get the CA certificate installed in Windows, and it's challenging to get the certificate onto iPhone. I have no ide
This. (Score:2)
How about WPA2-secured network with a DMZ-d open guest wifi? Some access points do this.
This.
I run an open guest WiFi. When I need to use the WiFi myself, I'm inside the DMZ, and it has a preference for traffic inside the DMZ when it comes to bandwidth allocation: I can use some or all of it, but it's not getting cannibalized by my neighbors. If they need to have reasonable response times running Unreal Tournament (or whatever) to avoid getting fragged, but I need to do work, they can pick someone else's open access point, or they can run one of their own.
Re: (Score:3)
What you mean is, it would be as worthless as it is now." The RIAA cases aren't criminal proceedings, but civil suits, where the standard is not "beyond a reasonable doubt," but "preponderance of evidence." That means that if the jury is 51% sure that you did it, they must vote for the plaintiff, meaning that the RIAA wins. In order to use an open wireless as a defense, proving th
Re: (Score:3)