Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
_bxg1
on May 1, 2019
|
parent
|
context
|
favorite
| on:
Remote Code Execution on Most Dell Computers
Sounds like the attacker has to be on the local network (or presumably VPN) to use the exploit? If so that's a nontrivial hurdle in many cases.
Tehnix
on May 1, 2019
|
next
[–]
Like a WiFi at a café or airport?
ru999gol
on May 1, 2019
|
parent
|
next
[–]
it should be mentioned that even with WPA2-PSK wifi you are vulnerable to arp spoofing
Tharkun
on May 1, 2019
|
parent
|
prev
|
next
[–]
Public WiFi networks really should use client isolation. Sadly, many don't.
euroclydon
on May 1, 2019
|
root
|
parent
|
next
[–]
You can just go to a public place and run your own hotspot.
codedokode
on May 1, 2019
|
root
|
parent
|
next
[–]
And use a name and SSID of some well-known public WiFi network. Then make a captive portal to force the user open an attacker-controlled page in a browser.
Xylakant
on May 1, 2019
|
root
|
parent
|
prev
|
next
[–]
Even if client isolation is used, do you trust your local cafe’s WiFi AP?
_bxg1
on May 1, 2019
|
parent
|
prev
|
next
[–]
I was thinking in enterprise contexts, but, yes, that's fair. Still, anybody doing anything important on public WiFi should be using a VPN.
zknz
on May 1, 2019
|
root
|
parent
|
next
[–]
How will a vpn protect the user if the target laptop is listening on a public wifi connection?
_bxg1
on May 1, 2019
|
root
|
parent
|
next
[–]
Actually maybe it wouldn't... I guess underneath the VPN it still has to be listening.
albertgoeswoof
on May 1, 2019
|
prev
|
next
[–]
The author details the options. If can find an XSS on dells website it’s possible.
kibibu
on May 1, 2019
|
prev
[–]
It looks to me like you could register any domain
starting with
"localhost" (eg. localhostevil.com) and it would work.
(apart from the download whitelist)
Join us for
AI Startup School
this June 16-17 in San Francisco!
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
