|
Mathy Vanhoef
@
vanhoefm
Orion Arm
|
|
PhD | Postdoc @ NYU Abu Dhabi / KU Leuven | Network Security & Applied Crypto | Dragonblood & krackattacks.com & rc4nomore.com | PGP 95A987F5
|
|
|
2.536
Tweetovi
|
1.273
Pratim
|
11.312
Osobe koje vas prate
|
| Tweetovi |
| Mathy Vanhoef proslijedio/la je tweet | ||
|
ACM WiSec 2020
@acm_wisec
|
16 h |
|
|
||
|
Mathy Vanhoef
@vanhoefm
|
31. sij |
|
Congratulations!!
|
||
|
|
||
| Mathy Vanhoef proslijedio/la je tweet | ||
|
Lionel Page
@page_eco
|
27. sij |
|
Amazing: a trail of termites (up) and a trail of ants (down), both protected by a row of their soldiers in a stand-off, without fighting.
from @mehdi_moussaid
pic.twitter.com/4ULo2idgH4
|
||
|
|
||
|
Mathy Vanhoef
@vanhoefm
|
26. sij |
|
Scripts to detect whether WPA2 clients are vulnerable to KRACK have been updated to work properly on the latest Kali release (which uses a new scapy version). github.com/vanhoefm/krack…
|
||
|
|
||
| Mathy Vanhoef proslijedio/la je tweet | ||
|
Chris Evans
@scarybeasts
|
26. sij |
|
Actually it's a cunning buffer overflow attack on the sequencer. Airgap, what airgap?: bioinformatics.stackexchange.com/questions/1122…
|
||
|
|
||
| Mathy Vanhoef proslijedio/la je tweet | ||
|
Davide Balzarotti
@balzarot
|
23. sij |
|
The Security Circus 2019 update is now online:
s3.eurecom.fr/~balzarot/note…
|
||
|
|
||
| Mathy Vanhoef proslijedio/la je tweet | ||
|
Travis Downs
@trav_downs
|
22. sij |
|
Yesterday I learned (YIL?) that even if a type is standard layout, and trivially copyable, it is not always safe, even in practice, to use it a destination for std::memcpy or to zero it with std::memset.
That is, the following is not safe: pic.twitter.com/cAsj3lYqgN
|
||
|
|
||
|
Mathy Vanhoef
@vanhoefm
|
22. sij |
|
It is, but the MAC address often doesn't reveal the purpose of the device (e.g. you only learn that it's a Cisco AP).
|
||
|
|
||
| Mathy Vanhoef proslijedio/la je tweet | ||
|
Katia Segers
@katiasegers
|
21. sij |
|
Alweer een mooi staaltje van grondige #factchecking en een les van @ArbiterOfTweets in mediawijsheid. Zeer de moeite om tot het einde door te lezen. twitter.com/ArbiterOfTweet…
|
||
|
|
||
|
Mathy Vanhoef
@vanhoefm
|
21. sij |
|
Would this mainly be for home or professional networks?
|
||
|
|
||
|
Mathy Vanhoef
@vanhoefm
|
21. sij |
|
Most of it is Cisco. Smaller part is Abb/Trop and they do mesh networks and smart city stuff.
|
||
|
|
||
|
Mathy Vanhoef
@vanhoefm
|
21. sij |
|
Not yet, so far we've only done a passive Wi-Fi wardrive. But actively trying to get the SSID might be a good idea.
|
||
|
|
||
|
Mathy Vanhoef
@vanhoefm
|
21. sij |
|
It would be interesting to know about products that internally use hidden Wi-Fi networks. That can point us in the right direction.
|
||
|
|
||
|
Mathy Vanhoef
@vanhoefm
|
21. sij |
|
It might be something like that. Would be interesting to know which products indeed use Wi-Fi in this manner. Then we could try to check if these or similar products are used in certain areas.
|
||
|
|
||
|
Mathy Vanhoef
@vanhoefm
|
21. sij |
|
Interesting. That would indeed point in the direction of smart city technology.
|
||
|
|
||
|
Mathy Vanhoef
@vanhoefm
|
21. sij |
|
Unlikely to be just home networks. But yes, lot's of Wi-Fi networks that don't broadcast their SSID.
|
||
|
|
||
|
Mathy Vanhoef
@vanhoefm
|
21. sij |
|
In a recent Wi-Fi wardrive we're seeing tons of hidden Wi-Fi networks in cities. In some cities almost 40% of networks are hidden ones! Who knows what is causing this? Maybe it's some Smart City technology?
|
||
|
|
||
|
Mathy Vanhoef
@vanhoefm
|
15. sij |
|
Thanks, tweet removed. I clearly shouldn't be tweeting while having a headache.. :/
|
||
|
|
||
|
Mathy Vanhoef
@vanhoefm
|
13. sij |
|
Note that the above USENIX Security paper analyzes the security of the group key used to protect broadcast/multicast traffic. It's randomly generated by the AP. Both in WPA2/3 having a predictable group key is *bad*.
|
||
|
|
||
|
Mathy Vanhoef
@vanhoefm
|
13. sij |
|
In the WPA2 handshake, bad randomness has no real practical impact. Simplified, bad randomness in WPA3 effectively leaks the password (technically it leaks the password element P for a given client/AP pair).
|
||
|
|
||