this post was submitted on 03 Oct 2023
7 points (81.8% liked)

Cybersecurity News

1326 readers
1 users here now

Welcome to Cybersecurity News!

A community that collect news and other tidbits related to cybersecurity in all its domains.

There are no hard and fast rules regarding what to post here-- we are fine with both pop news articles and more technical pieces regarding cybersecurity.

We use a bot called flynnbot to repost some rss feed content but the majority of posts are human-curated.

New to Cybersecurity?

Here are some resources to get you started:

Related Communities

!security_cpe@infosec.pub
!cybersecurity@zerobytes.monster
!packetstorm@zerobytes.monster
!security@programming.dev
!secops@lemmy.world
!cybersecurity@sh.itjust.works
!netsec@zerobytes.monster
!securitynews@infosec.pub
!cloudsecurity@infosec.pub
!netsec@links.hackliberty.org
!cybersecurity@infosec.pub
!cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
 

I had an argument with an IT professor I know regarding passwords and security. I was mad about my in-laws having a weak WPA1 protected router and the stock password while I insist on having WPA3 and a very strong passphrase.

Well, the discussion continued and later he said something to the point of “everything tries to guess your password, so I don’t have any where it is possible, because the programs don’t know what to do if there isn’t one“

What are your opinions about this?

top 10 comments
sorted by: hot top controversial new old
[–] Hobo@lemmy.world 11 points 1 year ago

That's a profound misunderstanding of how login brute force works. Also a profound misunderstanding of how credentials cracking/storage works. Basic CTF knowledge would get you that understanding.

I'm not a security "expert" by any stretch, and I'm not a "hacker" either. I'm just a sysadmin that enjoys HTB/THM CTFs. So with that in mind I'm not super knowledgeable on the approach to attacking wifi specifically.

However, generally the first thing we all, and by all I mean CTF players, try is blank passwords/anonymous login. For me I do those manually, but I assure you nessus/ZAP have no problems finding those either (I've seen those on reports professionally before). To add to that, the first line of my rockyou list is a blank line for the above "blank password" reason. Ffuf/burpe/gobuster/nmap script/my custom python script/whatever are all going to try blank passwords first to see what I get. The program itself doesn't give a single shit if I pass it a blank string. Not only that but I'm analyzing the return code, and response length to figure out if I got in or not. At no point will any program be fooled by a blank password.

[–] seaQueue@lemmy.world 8 points 1 year ago

I'm surprised that dude hasn't failed his way upward into a fortune 500 leadership position.

[–] glowie@infosec.pub 8 points 1 year ago

The programs (whatever that means) will just connect...

[–] bless@lemmy.world 6 points 1 year ago

Blank cred is like the first thing that is tried, right before 1234, admin, and password

[–] orca@orcas.enjoying.yachts 6 points 1 year ago

This is a stupid take. “The programs don’t know what to do” - okay, but people do. This is like not locking your front door at all because you think the lock can be broken. Any lock is better than none. You can set a pass phrase, hide the WiFi SSID, and be done with it. No idea why on earth anyone would just not set any password on a router, or anything for that matter, if there is an option to set one.

[–] VonReposti@feddit.dk 5 points 1 year ago

That sounds even worse than security by obscurity.

[–] videodrome@lemmy.capebreton.social 3 points 1 year ago (1 children)

What are your opinions about this?

I just don't understand his statement , can you elaborate more?

[–] FinancesDrone98@programming.dev 1 points 1 year ago (1 children)

His statement is that he has no password whatsoever because it is more secure than having a strong password

[–] videodrome@lemmy.capebreton.social 2 points 1 year ago (1 children)

He's very, very wrong and there are some good answers above as to the why.

Did he give you an example application where he practices this password-free lifestyle?

[–] darelik@lemmy.world 1 points 1 year ago

Yes and what is the name of his pet?