security by no security? (programming.dev)

submitted 11 months ago by FinancesDrone98@programming.dev to c/cybersecurity@lemmy.capebreton.social

10 comments fedilink hide all child comments

I had an argument with an IT professor I know regarding passwords and security. I was mad about my in-laws having a weak WPA1 protected router and the stock password while I insist on having WPA3 and a very strong passphrase.

Well, the discussion continued and later he said something to the point of “everything tries to guess your password, so I don’t have any where it is possible, because the programs don’t know what to do if there isn’t one“

What are your opinions about this?

you are viewing a single comment's thread
view the rest of the comments

[-] Hobo@lemmy.world 11 points 11 months ago

That's a profound misunderstanding of how login brute force works. Also a profound misunderstanding of how credentials cracking/storage works. Basic CTF knowledge would get you that understanding.

I'm not a security "expert" by any stretch, and I'm not a "hacker" either. I'm just a sysadmin that enjoys HTB/THM CTFs. So with that in mind I'm not super knowledgeable on the approach to attacking wifi specifically.

However, generally the first thing we all, and by all I mean CTF players, try is blank passwords/anonymous login. For me I do those manually, but I assure you nessus/ZAP have no problems finding those either (I've seen those on reports professionally before). To add to that, the first line of my rockyou list is a blank line for the above "blank password" reason. Ffuf/burpe/gobuster/nmap script/my custom python script/whatever are all going to try blank passwords first to see what I get. The program itself doesn't give a single shit if I pass it a blank string. Not only that but I'm analyzing the return code, and response length to figure out if I got in or not. At no point will any program be fooled by a blank password.

this post was submitted on 03 Oct 2023

7 points (81.8% liked)

Cybersecurity News

1326 readers

1 users here now

Welcome to Cybersecurity News!

A community that collect news and other tidbits related to cybersecurity in all its domains.

There are no hard and fast rules regarding what to post here-- we are fine with both pop news articles and more technical pieces regarding cybersecurity.

We use a bot called flynnbot to repost some rss feed content but the majority of posts are human-curated.

New to Cybersecurity?

Here are some resources to get you started:

Related Communities

!security_cpe@infosec.pub
!cybersecurity@zerobytes.monster
!packetstorm@zerobytes.monster
!security@programming.dev
!secops@lemmy.world
!cybersecurity@sh.itjust.works
!netsec@zerobytes.monster
!securitynews@infosec.pub
!cloudsecurity@infosec.pub
!netsec@links.hackliberty.org
!cybersecurity@infosec.pub
!cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

videodrome@lemmy.capebreton.social

flynnbot@lemmy.capebreton.social