#maninthemiddle — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #maninthemiddle, aggregated by home.social.
-
Accessing the Internet through free public Wi-Fi networks exposes you to serious #security risks.
For our #CyberSecMonth campaign, Alessandro Inzerilli, network and security engineer at the Italian Research and Education Network GARR, explains why you should always use a #VPN, such as #eduVPN, when using such unsecured networks.
🔗 https://connect.geant.org/csm24
#CSM24 #CyberSecurityAwareness #Cybersecurity #SecurityAwareness #ECSM #Network #WiFiSecurity #Spoofing #ManInTheMiddle #WiFi
-
Linksys Velop routers send Wi-Fi passwords in plaintext to US servers
Link
📌 Summary:
根據Testaankoop的調查,發現兩款Linksys路由器正在以明文的方式將Wi-Fi登入資訊傳送到位於美國的亞馬遜(AWS)伺服器,包括Linksys Velop Pro 6E和Velop Pro 7這兩款mesh路由器。這個漏洞讓攻擊者能夠攔截傳輸過程中的Wi-Fi網路名稱(SSID)和密碼,從而進行竊聽和惡意攻擊。儘管Testaankoop多次向Linksys提出警告,但該公司並未採取有效措施,直到Testaankoop再次聯絡後才進行了更新,但仍未解決問題。這個問題可能源於Linksys固件中使用的第三方軟體,但無論如何,這種漏洞仍然存在,即使是最新的Linksys 7 Pro,都無法避免。研究人員建議消費者不要購買這些路由器,因為存在嚴重的網路入侵和資料損失的風險。
🎯 Key Points:
Testaankoop發現兩款Linksys路由器在明文中將Wi-Fi登入資訊傳送到AWS伺服器,包括Linksys Velop Pro 6E和Velop Pro 7。
這個漏洞讓攻擊者能夠攔截SSID和密碼,進行竊聽和惡意攻擊。
Testaankoop多次向Linksys提出警告,但該公司未採取有效措施。
更新後的固件仍無法解決問題。
這個問題可能源於Linksys固件中使用的第三方軟體,但無論如何,這種漏洞仍然存在。
研究人員建議不要購買這些路由器,並建議用戶更改Wi-Fi網路名稱和密碼。
#Linksys #router #meshnetworking #dataprotection #cybersecurity #vulnerability #AWS #thirdpartysoftware #SSID #password #cleartext #plaintext #man-in-the-middle #attack #firmware #security #wiring #hacking #officeenvironments #Patagonia #AI #privacyviolation #classactionlawsuit #Snowflake #MFA #databreaches
🔖 Keywords:
#Linksys #router #meshnetworking #dataprotection #cybersecurity #vulnerability #AWS #thirdpartysoftware #SSID #password #cleartext #plaintext #man-in-the-middle #attack #firmware #security #wiring #hacking #officeenvironments #Patagonia #AI #privacyviolation #classactionlawsuit #Snowflake #MFA #databreaches -
RADIUS protocol vulnerable to new Blast-RADIUS attack
https://stackdiary.com/radius-protocol-vulnerable-to-new-blast-radius-attack/
#BlastRADIUS #Cybersecurity #NetworkSecurity #RADIUS #Vulnerability #MD5 #UDP #Hack #ManInTheMiddle #Encryption #Authentication #Authorization #SecurityThreat #DataBreach #CyberAttack #NetworkProtection #SecureNetworks #TLS #SecurityPatch #NetworkAdmin #TechNews #ITSecurity #DigitalDefense #Infosec #SecureProtocol #CryptoStandards #SecurityUpdate #TechSecurity #NetworkSafety #CyberDefense #DataSecurity
-
Protection against user session attacks (hijack, replay, tampering, CSRF, XSS...)
https://security.stackexchange.com/questions/268882/protection-against-user-session-attacks-hijack-replay-tampering-csrf-xss
#sessionmanagement #attackprevention #sessionfixation #maninthemiddle -
Is my network intercepted or poisoned?
https://security.stackexchange.com/questions/268827/is-my-network-intercepted-or-poisoned
#maninthemiddle #arpspoofing -
Here's a #LibreWolf ticket that was opened last year in the hope that they would include #ManInTheMiddle attack defense.
https://web.archive.org/https://gitlab.com/librewolf-community/browser/linux/-/issues/119
-
Its pretty clear that #TorProject are compromised:
https://web.archive.org/web/20200301013104/https://trac.torproject.org/projects/tor/ticket/24351All it takes to warn the user of a large-scale #manInTheMiddle (#AmazonCloudfront, #Akamai, #CFlare) is to display a pleasant warning page, prompting to "Go Back (recommended)".
#TorBrowser could store that the site is compromised so during subsequent attempts to visit, a similar warning appears preemptively.
An orange HTTPS icon would help too.