Berkeley CSUA MOTD:Entry 12473
Berkeley CSUA MOTD
2018/12/12 [General] UID:1000 Activity:popular

2004/3/1-2 [Computer/SW/Security] UID:12473 Activity:low
3/1     Another WiFi question:  If there was an ESS network, and there were
        areas that got signal from only a few APs, couldn't you mount a DoS
        attack on a client by forging their MAC and sending lots of forged
        reassociation messages to an AP they can't get signal from?
        \_ Of course.
           \_ So doesn't this throw cold water on any large ESS network without
              strong authentication?  You can break the access of anyone you've
              been in range of.
              \_ Even if there is strong authentication, you can break the
                 access of anyone.  It's called "jamming," and it's true of
                 every form of wireless communication.  -tom
                 \_ But jamming breaks the access of everyone over a specific
                    area.  Spoofed reassociation breaks access for specific
                    victims across the entire ESS network.
                    \_ so what?  Don't you have better things to do than
                       worry about DOS on wireless networks?  It's trivially
                       easy to do, but it's not a significant problem in
                       the real world.  Why would anyone bother?  -tom
                       \_ Do you work for MS's security division?
                       \_ I was just thinking about sfwireless and some big
                          community networks and bad people.  I know wireless
                          has security problems, and was just exploring a
                          single potential problem
                          \_ you can stop thinking now, you don't seem to be
                             very good at it.  -tom
        \_ This also works on wired networks, modulo arp spoofing.  What's
           your point? -dans
           \_ He's trying to learn.  Why are you and tom being such assholes
              to him?  And then everyone wonders why so few people want to
              attend csua social functions, hang out on wall, or post anon to
              the motd.  Actually I know why tom is being an asshole.  What
              exactly is your beef with the guy?
              \_ He's not trying to learn.  He's trying to show us how
                 clever he is.  -tom
                 \_ considering no one "knows" who he is, there's not much
                    point in strutting his stuff. i think he really is just
                    somewhat amazed at how fallible some things in the real
                    world are, and i think you're just being an asshole.
              \_ Huh? How was he being an asshole? tom's "not good at thinking"
                 was the only thing, which is pretty tame for the motd.
ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2018/12/12 [General] UID:1000 Activity:popular

You may also be interested in these entries...
2013/10/24-11/21 [Computer/Companies/Apple] UID:54747 Activity:nil
9/19    "No, A Severed Finger Will Not Be Able to Access a Stolen iPhone 5S"
        I'm sure the Apple QA department has tested extensively that a severed
        finger will not be able to access a stolen iPhone 5S.
        \_ It doesn't matter whether or not a severed finger can be used.  It
           matters whether or not a robber thinks that a severed finger can be
2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil
6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil
8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil
7/18    "Largest penis record holder arouses security suspicions at airport" (
        \_ I often have that same problem.
        \_ I think the headline writer had some fun with that one.
           \_ One time when I glanced over a Yahoo News headline "U.S. busts
              largest-ever identity theft ring" all I saw was "U.S. busts
2012/4/23-6/1 [Computer/SW/WWW/Browsers] UID:54360 Activity:nil
4/19    My Firefox 3.6.28 pops up a Software Update box that reads "Your
        version of Firefox will soon be vulnerable to online attacks."  Are
        they planning to turn off some security feature in my version of
        \_ Not as such, no, but they're no longer developing this version,
           so if a 3.6.x-targeted hack shows up, you're not going to get