Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The "some access to the target" bit could just being on the same unsecure wifi network as them, such as a coffee shop or library.

Still, I doubt anyone noticed this, and you'd also still need the victim to use qBittorrent and go through this flow that downloads python.

Zero seems pretty likely, yeah.



> The "some access to the target" bit could just being on the same unsecure wifi network as them, such as a coffee shop or library.

Fucking hell, how often do you use torrents in coffee shops let alone install new torrent client while you're at it?

Any public wifi network setup not by a complete idiot today has fully isolated clients.


Does ARP spoofing still actually work? I would have assumed that modern routers block it.

Still the easiest way to MitM random people is to set up your own free WiFi. I've done that in the past, and it works, but HSTS and certificate caching mean it's pretty useless.

I think there's a kind of vaccination effect - nobody is going to put much effort into MitMs because it's useless most of the time, so it isn't as critical when people don't validate certificates.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: