U tweetove putem weba ili aplikacija drugih proizvođača možete dodati podatke o lokaciji, kao što su grad ili točna lokacija. Povijest lokacija tweetova uvijek možete izbrisati. Saznajte više
7) We have (obviously) monitoring tools to look for APs that are not working, areas with massive spikes in traffic & signs of errors that shouldn't be there. But hey, we don't block ports or protocols: your VPN, Tor or corporate VPN connection works fine.
8) "BUT YOUR WIFI IS OPEN, THERE IS NO ENCRYPTION, ANYONE CAN HACK ME!" No. Most services you use online today are encrypted (HTTPS you know). Quite a few of them has even configured HTTPS to a level where MitM is very, very hard to do for an adversary. Even on open wifi!
9) DNS IS PLAINTEXT.
We know. We are working hard to only use #DNSSEC resolving DNS servers, but of course you can use your own as well. Personally I want to provide our guests with DoT too, and you can use DoH as well with whatever provider you prefer.
10) About DNS:
We @Nordic_Choice use #DNSSEC. We do #DNSSEC for our email with Google. Check our MX records: we use mailservers with the http://smtp.goog (Google) domain, which is #DNSSEC signed.
We ask our providers to use #DNSSEC. You should too.
11) We haven't had a single report coming in from anyone becoming a victim of "hacking", where lack of Client<->AP encryption in our guest wifi was the reason for the incident. *Not a single report.*
12) Yes, we are well aware of clients remembering open wifi SSIDs, & automatically connecting to those SSIDs, even if it is someone playing with Kali or their brand new Hak5 Pineapple. We can't help with your wifi history, and imho most devices have been on open wifi once.
13) Side note: two largest telcos in Norway ran massive campaigns warning against use of (open) wifi last year, promoting 4G instead. One of those telcos is also a BIG provider of open wifi in several countries. Paradox?
14) We have also experienced the confusion related to encryption & captive portals. Some even believe that captive portals are there to protect their security & privacy, and that a captive portal means there is encryption in place.
15) At one point I was told that without "double encryption" + login using a captive portal, we would violate #GDPR, and our wifi could not be used by employees of organisation X.
Tough job trying to fix that one.
16) Now a little probability threat analysis: Where is the most obvious location of a villain wanting to hack you?
17) Another survey: What do you reckon as the most common way of getting hacked:
18) Third survey question: Have you ever been the victim of open Wifi hacking (MitM or other ways) - Infosec cons & Hak5 Pineapple demos excluded?
19) Obviously there are MANY ways to hack, bypass or make any wifi Client<->AP encryption irrelevant. Not to make that an argument against using encryption though, I personally prefer the encrypted version. But risk analysis is cool.
20) There are threats out there, we will always have vulnerabilities, and we have values to protect. As a provider of free & open wifi access for our guests, we try to evaluate all of those, looking at probability & impact, while also remembering UX.
21) I could have said lots more, and I probably forgot something important as well.
A nudge to @boblord here is in place, as well as @schneierblog & many, many others I've learned from in terms of being sober when doing risk analysis. :)
22) So I'll stop my rant here, and say thank you for reading all these tweets. I am now ready to answer your questions, comments and flames.pic.twitter.com/7LM1h2R52X
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
