lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <18557.1226074166@turing-police.cc.vt.edu>
Date: Fri, 07 Nov 2008 11:09:26 -0500
From: Valdis.Kletnieks@...edu
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: How are you securing your Wireless
	Networks?

On Fri, 07 Nov 2008 09:43:54 GMT, n3td3v said:

> good poll you have doing this, not only do you gain intelligence about
> your readership, but you have a bunch of ip addresses logged with
> their respective answers about their wireless posture. answering such
> a poll could be a security vulnerability in its self but there is no
> security through obscurity though right?

There's nothing I could add to the answers to that poll that a determined
hacker couldn't figure out for themselves by reading the public webpage
we have on "How to hook up to our wireless network", including lists of
which buildings, and even which *areas* in buildings, have wireless coverage
(for instance, in our dorms, there's wireless coverage in the study and lounge
areas, but *not* in the rooms, as each room has 2 wired ports in it.  If you
have a room that's adjacent to a lounge and you get enough signal leakage to
use it, go ahead, but it's not supported).

Or they could just wardrive the campus and figure it out for themselves.

In other words, if an attacker is close enough to our campus that they
could take advantage of our answers, they don't *need* our answers.  And
if they're not close enough, it doesn't matter.

But it *does* give the SANS crew important info on where to focus their
efforts - if 47% answer "My site is doing stupid thing XYZ, and I can't
convince them otherwise", then they know they need to spend more effort
explaining why XYZ is stupid, in words short enough to be understood by
the management person who needs the clue.

Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ