Most Votes
- What's the highest dollar price will Bitcoin reach in 2024? Posted on February 28th, 2024 | 8481 votes
- Will ByteDance be forced to divest TikTok Posted on March 20th, 2024 | 7820 votes
Most Comments
- What's the highest dollar price will Bitcoin reach in 2024? Posted on March 20th, 2024 | 68 comments
- Will ByteDance be forced to divest TikTok Posted on March 20th, 2024 | 20 comments
Comments should work now. (Score:4, Informative)
Restarted this poll to fix comments. Apologies for the lack of comments on the previous one.
hidden SSID? MAC filter? Really? (Score:5, Informative)
Is it so hard to spoof a MAC address? I wouldn't call that security.
Also hidden SSID is a bad idea, period.
http://blogs.technet.com/b/networking/archive/2008/02/08/non-broadcast-wireless-ssids-why-hidden-wireless-networks-are-a-bad-idea.aspx [technet.com]
WPA2 with CCMP-only encryption is good enough. Added security comes from a random SSID and good password.
Disabling SSID Broadcast - Less Secure (Score:5, Informative)
Re:If you can't trust the encryption you're screwe (Score:5, Informative)
A link for those who don't Google [google.com]
Re:Disabling SSID Broadcast - Less Secure (Score:5, Informative)
Yes. The point I'm trying to make is that if:
1) You set your SSID to "my_secret_ssid" and then disable broadcast
2) You configure your laptop to connect automatically to "my_secret_ssid" and check the box that this is a non-broadcast ssid
Then
3) Every time you bring your laptop to work or the airport or the donut shop, it will start beaconing to look for "my_secret_ssid".
Evil nefarious types have the tools to look for those beacons and automatically reply with "my_secret_ssid" to trick your machine into connecting to them. Theoretically they can then pass this connection to a legitimate network connection, but leave themselves in the middle. You and your laptop won't necessarily know that this has happened.
How to avoid this: Don't automatically connect to wifi, and don't configure non-broadcast SSIDs on your machines any longer than you need to.
Re:wpa2 and a random MAX_LENGTH passwd (Score:4, Informative)
Your SSID gets used as part of the encryption process. By ensuring it's unique, an attacker can't use rainbow tables to attempt to recover your password.
Re:Comments should work now. (Score:5, Informative)
The poll choices included:
WPA/WPA2 w/ hidden SSID: A bit more secure
Ditto, but w/ MAC whitelist: A tough tighter
Ditto, but DHCP disabled: Wireless fortress
All of those were built on WPA/WPA2 encryption. Since it flew over your head, the OP was simply pointing out that non-broadcast SSIDs, MAC filtering, and requiring static IP configuration adds no additional security, since anyone able to get past the first hurdle will find it trivial to get past the rest. The choices, by implying that things get more secure, are misleading.
Re:Comments should work now. (Score:5, Informative)
The point is that anyone attacking WiFi in any way is using passive monitoring tools. Those will see your AP no matter if it broadcasts or not. Those will also see any clients, and thus already have a list of valid MACs.
Even more fun, any computer that is set to automatically connect to a "hidden" AP is constantly broadcasting looking for it whenever not connected. So your computer, phone, etc. advertises the existence of a "hidden" AP everywhere you go. Probably impacts battery life too.
Even old-school Netstumbler would show the active clients.
MAC filtering, SSID hiding, etc. are all below WEP64 in terms of security. They can only be considered worthwhile in a situation where for whatever reason (shitty old client device you can't replace usually) you absolutely must have an open AP but want to have it at least be a slight challenge to access.
If there is any encryption at all, even the trivially broken WEP64, none of those things add anything as literally every single person who could crack even that can bypass the rest.
It's the same sort of cargo cult "security" technique as the fuckwits who disable ICMP on their routers and think that makes them invisible on the internet rather than just being a pain in the ass to diagnose network problems.
Missing option: WPA2 Enterprise (Score:4, Informative)