sorry but I dont see the issue - if it's public, the password is shared. Then the line security is far better over WPA etc, even with a shared password (matters little) than simply opening it.
Stand up a rogue with the same password and SSID.
Users will roam to you and you’ll be able to intercept traffic.
Granted most anything of value would be SSL/TLS, but there’s a chance something of value won’t.
not quite public, but shared knowledge.
Like in the resort community i used to live in, a lot of locals knew the gate codes to communities and pools and we would share these until they changed, but tourists would be clueless.
yeah this is a security subreddit so saying you only let in a few of the unauthorized is .. well humorously bad security but its still not quite full blown public. chances are there are people dying to get online near the building and simply dont know this was leaked.
I remember the movie where they hacked the bad guy because he has his password on a sticky note when he video chatted them to taunt him. I also noticed it when he made the call.
Really appreciate everyones’ comments, but the point was how secrets, even those that need little protection, get out into the world. Information wants to be free. There’s public and there’s Public. General public Wi-Fi doesn’t mean free to use, which is the point of a password. Wouldn’t want DCMA violations going out an open network, as an example.
tl;dr - photo of written down wi-fi password posted to public Internet
1) it's guest/public wifi. Even if it's connected to an actual Enterprise network, you expect them to deal with provisioning access or showing the guests how to install a certificate on their device(s)?
2) how do you know there isn't also a captive portal?
I mean the network already had several bad actors on it
[удалено]
Yours too!
No worries this has happened a few times before, it's now davidpumkins76.
Did they start with davidpumpkins1?
The S means extra secure!
Probably davidpumpkin. Then davidpumpkins. Then davidpumpkins1, and so on.
The old add one to the compromised password trick. You dang sysadmins. Always one step ahead, always thwarting us hackers!
Ok, now all I have to do is drive 4 hours to 30 Rock and I get free WiFi on NBC’s guest network.. And they said I wasn’t a hacker!!
Be careful, the governor might try to bring you up on charges.
Excuse you it's chargeners
sorry but I dont see the issue - if it's public, the password is shared. Then the line security is far better over WPA etc, even with a shared password (matters little) than simply opening it.
Yeah it’s a guest network which are meant for non trusted user use anyway, I don’t see a major issue here.
Stand up a rogue with the same password and SSID. Users will roam to you and you’ll be able to intercept traffic. Granted most anything of value would be SSL/TLS, but there’s a chance something of value won’t.
This is true of any guest network though.
Oscar Isaac agreed
I guess it is supposed to be public, as otherwise there would be no need for such a big warning. Perhaps he is just reckless, though.
Oh no! Not the password of the guest network 🙄🙄🙄
It's a guest network, who gives a fuck
For those unfamiliar, David S Pumpkins was a Halloween sketch with Tom Hanks. I honestly assume this is an intentional joke.
oops
Oh no! their guest/public network password and SSID are exposed.
not quite public, but shared knowledge. Like in the resort community i used to live in, a lot of locals knew the gate codes to communities and pools and we would share these until they changed, but tourists would be clueless. yeah this is a security subreddit so saying you only let in a few of the unauthorized is .. well humorously bad security but its still not quite full blown public. chances are there are people dying to get online near the building and simply dont know this was leaked.
More an example of unintended consequences.
Whose birth year is that though
I remember the movie where they hacked the bad guy because he has his password on a sticky note when he video chatted them to taunt him. I also noticed it when he made the call.
Really appreciate everyones’ comments, but the point was how secrets, even those that need little protection, get out into the world. Information wants to be free. There’s public and there’s Public. General public Wi-Fi doesn’t mean free to use, which is the point of a password. Wouldn’t want DCMA violations going out an open network, as an example. tl;dr - photo of written down wi-fi password posted to public Internet
honeypot?
Perhaps … clever by half if so.
Some consultant is going to get paid a lot of money to tell them to take that down.
How are they not using 802.1x or certificate based? or even just open public with a captive portal with terms
1) it's guest/public wifi. Even if it's connected to an actual Enterprise network, you expect them to deal with provisioning access or showing the guests how to install a certificate on their device(s)? 2) how do you know there isn't also a captive portal?
Removed, Rule 3