So, yeah. The wpa_supplicant bug only lets you *impersonate* an AP. It does *NOT* let you MITM it or passively decrypt. This is important.
Show this thread
If you're on a corporate network, an attacker *cannot* transparently MITM you. They can decrypt sent packets but they're *dropped*.
-
-
And if you're on the Internet / public WiFi, you've got plenty more attack scenarios to worry about.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Picture: using corporate network, using web browser with usual configuration, on average sites
-
most sites don't use HSTS, so you can SSLStrip and MITM internet access easily
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.