It requires disassociating and reassociating to the MAC so it requires two, which would cause a denial of service one would notice while watching it. Whether they can denial of service their way to the key, while someone is not actively watching, was not addressed. The paper is about essentially getting data from clients when there are two MACs. They glossed over the one MAC situation by saying someone would notice it so it was not useful.
My concern is doing it asynchronously against things when no one is watching.
Basically it takes turn being the client and the AP both so that it can get the traffic from both. It is an evil twin attack doubled.
It might have broken EAP TLS.
If your wifi is off when you are not using it and you are not getting denial of serviced while using it and you have only one Mac for your SSID, this attack is not occuring.
I had organized neighbors who broke WPA3 using tools, i disabled downgrade to WPA2 and they still broke it. I had one that setup an evil twin to catch my Linux login They stole the IP of one of boxes so they could get my login, and joined my network to setup the credential stealer. I caught this when my password didn't work at the ssh login. That was an apartment and they knew when I caught them.
The problem is not wardrivers. The problem is your neighbors running 24x7 cyber operations. It happens everywhere. When I moved to a house there was a persistent attacker, and finally I setup my own key and authentication infrastructure.
They broke everything.
Finally I had to go EAP TLS and rotate certificates every three months.
Evil twin attack that keeps switching sides... The first of its kind, soon to be automated into a single button if it isn't already.
Does the temporal key mechanisms prevent them from taking a key they denial of serviced their way to while I was work -- do the temporal mechanisms prevent them from sniffing all my packets when I get home. They will not use it to get data during the denial of service.... But if they can get that radius key and use it five hours later during some backups or something...
From my experience at our startup, AI is still pretty shit at Rust. It largely fails to understanding lifetime, Pin, async, etc. Basically anything moderately complex. It hallucinates a lot more in general than JS for comparable codebase size (in the 250k lines range).
Are hallucinations in code generation still a problem? I thought with linters, type checkers, and compilers especially as strict as Rust, LLM agents easily catch their own mistakes. At least that's my experience: the agent writes code, runs linters and compilers, fixes whatever it hallucinated, and I probably get a working solution. I tell it to write unit tests and integration tests and it catches even more of its own mistakes. Not saying that it will always produce code free of bugs, but hallucinations haven't been an issue for me anymore.
We will see when the attacks are public, a lot of the malicious server attacks we have seen in the past were kinda of overblown. Not discounting OP but it is very easy to get into clickbait territory.
Forced savings like done in Quebec, Canada is likely the best model for most people even though I dont like it as an individual that knows how to manage its portfolio. It also has the benefit of creating a sovereign wealth fund that can invest locally and be an economic driver but independent from the government.
I actually like the forced saving of Québec. I also have a defined benefit pension plan, a TFSA and RRSP but I am happy to be forced to contribute the RRQ for the general welfare of the province even though I know how manage my portfolio.
Considering that they also have to consider economic development in their investment decisions, the RRQ funds are well managed by the CDPQ.
This is all good and well wishes as long as investors are willing to pour money into the bubble. When the music stops is where we will see the true colors. Corporations are optimized to make money, governments should be optimized to protect people.
It is interesting to see yjs with hoccuspocus being used. I am currently considering our options for real time document editing + full text search.
Seems like a common approach is something like using yjs for sync with a temporary LSM storage like rocksdb for updates and then periodically snapshot to postgres for full text search and compaction.
I am pushing myself to learn nix and get rid of base images altogether.
The syntax is hard without a functional background but I strongly believe this is the next logical step to harden containers and have reproducible builds.
reply