Another favorite, https://www.synacktiv.com/publications/cool-vulns-dont-live-... the router sniffed plaintext http to grab HTTP User agents to put them into a curl bash command line string. Nice RCE from the browser.
Not a bot. Anyway if you have questions about router security rather than moderation happy to "delve" into that.
Supernetworks -- ill update. Our initial comment got moderated for too much self promotion so also apologies there and again for anyone who is offended
[flagged]
You can check our comment history https://news.ycombinator.com/threads?id=supernetworks
Thanks Tom. This whole comment thread is a bit of a dumpster fire of opinions however we have been working on the wifi security problem for a long time and we have a lot to say about it. Router manufacturers competing…
Yep, unfortunately fuzzy. For enterprise wifi deployments, one amusing thing to do when configuring 802.1X is to test ARP spoofing the upstream radius server after associating, and self-authenticate. It might be…
Some 802.1x have inherent mitm attacks that have been called out since 2004 and never got the v2 (https://www.rfc-editor.org/rfc/rfc6677.html). EAP-TLS however is the best practice here + VLANs.
Hostapd now has support for multi pass SAE /WPA3 password as well. We have an implementation of dynamic VLAN+per device PSK with WPA3 (https://github.com/spr-networks/super) we've been using for a few years now.…
This attack exploits multi PSK networks precisely. If it's all one PSK the attacker can already throw up a rogue AP for WPA3 or just sniff/inject WPA2 outright. The back half of a secure multi PSK setup is deploying…
This is mostly accurate, to clarify the association IDs tie into what VLANs will be assigned and that does block all of the injection/MITM attacks. This also assumes that the VLAN segments are truly isolated from one…
EAP TLS provides strong authentication, is much better than the other enterprise authentication options, but will not block these lateral attacks from other authenticated devices. The second half of the deployment is…
yes understood, the first article isn't the main subject of the article.
by complexity class that would be consensus, although the argument for building BPP systems is about the energy cost being orders of magnitude less and perhaps also some polynomial speedup
yes, this paper is the main subject of the article
A direct equivalent, no, as stated in the introduction. "Notably, while probabilistic computers can emulate quantum interference with polynomial resources, their convergence is in general believed to require exponential…
Some of the properties of fil-c managed heaps are very similar to what CHERI can do with Cornucopia by the way: see https://dl.acm.org/doi/10.1145/3620665.3640416
tragically, this is exactly what it is
"given that destroying the correlation between two entangled particles" i think this is the assumption that is easy to make without digging deeper into entanglement. i am still in the process of reading this article…
We have a similar container @juhovh, for a plugin for the router we work on. in case this is helpful for you, feel free to to review https://github.com/spr-networks/spr-tailscale/blob/main/Dock...
A particularly tricky exploit in the linux futex implementation from 2014, by Pinkie Pie, https://issues.chromium.org/issues/40079619 "The requeue-once rule is enforced by only allowing requeueing to the futex…
encrypted DNS goes a long way towards mitigating this as well.
Novel or not, this seems like it can be actively exploited?
It is a book, "Underground: Hacking, madness and obsession on the electronic frontier". I seem to recall cross it hosted under mit.edu/~hacker/underground.txt or something like that
Another favorite, https://www.synacktiv.com/publications/cool-vulns-dont-live-... the router sniffed plaintext http to grab HTTP User agents to put them into a curl bash command line string. Nice RCE from the browser.
Not a bot. Anyway if you have questions about router security rather than moderation happy to "delve" into that.
Supernetworks -- ill update. Our initial comment got moderated for too much self promotion so also apologies there and again for anyone who is offended
[flagged]
You can check our comment history https://news.ycombinator.com/threads?id=supernetworks
Thanks Tom. This whole comment thread is a bit of a dumpster fire of opinions however we have been working on the wifi security problem for a long time and we have a lot to say about it. Router manufacturers competing…
[flagged]
Yep, unfortunately fuzzy. For enterprise wifi deployments, one amusing thing to do when configuring 802.1X is to test ARP spoofing the upstream radius server after associating, and self-authenticate. It might be…
Some 802.1x have inherent mitm attacks that have been called out since 2004 and never got the v2 (https://www.rfc-editor.org/rfc/rfc6677.html). EAP-TLS however is the best practice here + VLANs.
Hostapd now has support for multi pass SAE /WPA3 password as well. We have an implementation of dynamic VLAN+per device PSK with WPA3 (https://github.com/spr-networks/super) we've been using for a few years now.…
This attack exploits multi PSK networks precisely. If it's all one PSK the attacker can already throw up a rogue AP for WPA3 or just sniff/inject WPA2 outright. The back half of a secure multi PSK setup is deploying…
This is mostly accurate, to clarify the association IDs tie into what VLANs will be assigned and that does block all of the injection/MITM attacks. This also assumes that the VLAN segments are truly isolated from one…
EAP TLS provides strong authentication, is much better than the other enterprise authentication options, but will not block these lateral attacks from other authenticated devices. The second half of the deployment is…
yes understood, the first article isn't the main subject of the article.
by complexity class that would be consensus, although the argument for building BPP systems is about the energy cost being orders of magnitude less and perhaps also some polynomial speedup
yes, this paper is the main subject of the article
A direct equivalent, no, as stated in the introduction. "Notably, while probabilistic computers can emulate quantum interference with polynomial resources, their convergence is in general believed to require exponential…
Some of the properties of fil-c managed heaps are very similar to what CHERI can do with Cornucopia by the way: see https://dl.acm.org/doi/10.1145/3620665.3640416
tragically, this is exactly what it is
"given that destroying the correlation between two entangled particles" i think this is the assumption that is easy to make without digging deeper into entanglement. i am still in the process of reading this article…
We have a similar container @juhovh, for a plugin for the router we work on. in case this is helpful for you, feel free to to review https://github.com/spr-networks/spr-tailscale/blob/main/Dock...
A particularly tricky exploit in the linux futex implementation from 2014, by Pinkie Pie, https://issues.chromium.org/issues/40079619 "The requeue-once rule is enforced by only allowing requeueing to the futex…
encrypted DNS goes a long way towards mitigating this as well.
Novel or not, this seems like it can be actively exploited?
It is a book, "Underground: Hacking, madness and obsession on the electronic frontier". I seem to recall cross it hosted under mit.edu/~hacker/underground.txt or something like that