this post was submitted on 11 Sep 2024
667 points (98.3% liked)
Technology
59428 readers
3150 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Why the F were they broadcasting the SSID on a "secret" wifi network? That's just asking to get caught. If they had hidden the SSID most people would never have known about it.
You're expecting intelligence and competence from these people? The ones who thought it would be a good idea to violate a half dozen regulations to even install it in the first place?
Supposedly she was an information and IT specialist... Setting the thing up to not broadcast its SSID should have been one of the first things they thought of. But probably she didn't know it could be done, which again speaks to her overall incompetence.
Extra fun is that the head chief never gave anyone else the password. She logged into each of the other chiefs devices.
She could have 100% also typed in the ssid at the time. It would have taken almost no extra effort.
You can view WiFi passwords for saved networks on pretty much every OS. There's no reason to be secretive about entering WiFi passwords, at least to the people whose devices you're entering the password on.
Indeed, I can share it from my phone via QR or just see the password plain.
She should have used eap-tls..
You think someone stupid enough to make all the above mistakes would be savvy enough to build PKI and a RADIUS server? You're giving her too much credit.
Again, forgot the /s 😂
The worker still would have found it.
You can still see a WiFi network (and tell that it is unique from others) even when it’s not broadcasting SSID. It’s just one less piece of information available when someone is trying to access it.
Security through obscurity isn’t security, but it’ll keep neighborhood kids from trying to guess the password from across the street. On a warship? They’d have still seen it.
Yes but not as blatant as STINKY
Everyone with a smartphone would see STINKY and immediately get suspicious, while only techs would have noticed the hidden network and investigated on that
It took 6 months to discover, and even then it was by techs who went to physically install different hardware saw the dish hardware mounted to the ship. That's the real WTF here, how do these ships not have some kind of passive RF scanning/rogue AP detection??
It was seen by regular enlisted people who saw the network on their phones and left comment sheets asking WTF it was, but the person in question snatched up the papers before they got to the officers. If they had hidden the SSID, nobody would have seen it because nobody scans for hidden SSIDs on their phones.