Remix clone Hacker News

So, as I understand it, you 0wn a machine in one organization, then use it to tunnel over to Wi-Fi in the building next door, 0wn another machine there, rinse and repeat until you've created the world's least consensual mesh network?

▲

_nalply 8 hours ago | parent | next [-]

They are exploiting that Wifi didn't have 2fa, because they couldn't overcome 2fa. A company accross the street had a machine that both was accessible by ethernet and wifi and they used that as a bridge.

Conclusions:

1. Anything that doesn't have 2fa is leaking like a sieve.

2. The targeted company needs to implement 2fa for their Wifi as well.

Not mentioned, but I assume that their 2fa is using specialised hardware gadgets like Yubikey and not texts or totp, because else they could target the cell phones, and like everything else they are leaking, or they are attacking the cell phone base stations.

Final conclusion:

A network is as strong as the weakest link. In that case Wifi was not protected by strong 2fa and could be used to breach.

	▲	Sesse__ 5 hours ago \| parent \| next [-]
		> Final conclusion: A network is as strong as the weakest link. Final conclusion: Do not trust a device just because it happens to be on your local network.
	▲	akaiser an hour ago \| parent \| prev \| next [-]
		Eludes me why they didn't have device-certificate-based auth for their Enterprise WiFi in addition to the username+password. Basically comes for free with AD and NPS.
	▲	eru 6 hours ago \| parent \| prev [-]
		> A network is as strong as the weakest link. Depends on how you look at it. We have end-to-end security with things like https, so we don't need to worry about the links in the middle.