My question was about known networks.

As far as I know, access points only identify via their SSID. Which is a string like "Starbucks". So there is no way to tell if it is the real Starbucks WiFi or a hotspot some dude started on their laptop.

▲

BSDobelix 4 days ago | parent | next [-]

>So there is no way to tell if it is the real Starbucks WiFi or a hotspot some dude started on their laptop.

Aka "unknown" or "public" Network....don't do that.

▲

integralid 4 days ago | parent | next [-]

There is nothing wrong with using public networks. It's not 2010 anymore. Your operating system is expected to be fully secure[1] even when malicious actors are present in your local network.

[1] except availability, we still can't get it right in setups used by regular people.

	▲	breakingcups 4 days ago \| parent [-]
		Unless you run FreeBSD, apparently

▲

TekMol 4 days ago | parent | prev [-]

You don't use public networks?

And when you connect to a non-public WiFi for the first time - how do you make sure it is the WiFi you think it is and not some dude who spun up a hotspot on their laptop?

▲

somat 4 days ago | parent [-]

Why does it matter? I mean I guess it did in this case but that is considered a top priority bug and quickly fixed.

I guess my point is the way the internet works is that your traffic goes through a number of unknown and possibly hostile actors on it's way to the final destination. Having a hostile actor presenting a spoofed wifi access point should not affect your security stance in any way. Either the connection works and you have the access you wanted or it does not. If you used secure protocols they are just as secure and if you used insecure protocols they are just as insecure.

Now having said that I will contradict myself, we are used to having our first hop be a high security trusted domain and tend to be a little sloppy there even when it is not. but still in general it does not matter. A secure connection is still a secure connection.

	▲	3 days ago \| parent [-]
		[deleted]

▲

evandrofisico 4 days ago | parent | prev [-]

WPA2-entreprise and WPA3 both have certificate chains checking exactly to avoid such attacks

	▲	tialaramex 4 days ago \| parent [-]
		Hmm. Are you sure that your stack wouldn't accept these discovery packets until after you've successfully authenticated (which is what those chains are for) ? Take eduroam, which is presumably the world's largest federated WiFi network. A random 20 year old studying Geology at Uni in Sydney, Australia will have eduroam configured on their devices, because duh, that's how WiFi works. But, that also works in Cambridge, England, or Paris, France or New York, USA or basically anywhere their peers would be because common sense - why not have a single network? But this means their device actively tries to connect to anything named "eduroam". Yes it is expecting to eventually connect to Sydney to authenticate, but meanwhile how sure are you that it ignores everything it gets from the network even these low-level discovery packets?