Web lists-archives.com

Re: Bug#858612: ITP: wifiphisher -- Automated phishing attacks against Wi-Fi networks




Hi,

Le 25/03/2017 à 11:44, Raphael Hertzog a écrit :
> Hi,
> 
> On Sat, 25 Mar 2017, Thibaut Paumard wrote:
>> I'm not sure of the benefit for the project of shipping this, 
> 
> This is a tool that is shipped in Kali Linux, a Debian derivative and we
> are trying to merge back packages useful for penetration testers into
> Debian. The benefit is clear for that category of users.

Thanks for the pointer. Just out of curiosity, do you intend on using
the blends framework for the pkg-security team?

>> but do we have ways of protecting our users from it?
> 
> Given that this is mainly "social engineering", the best way to protect
> users is to teach them about what can be done securely or not. I'm afraid
> that this answer won't satisfy you but the job of the penetration tester
> is to point out when some users do not follow best security practices
> or when the current practices are just not secure enough.

Reading the description of wifiphisher, it looks awfully easy to steal
important credentials from anyone who is connected to any wifi,
including most "secured" connections, not to mention airport hotspots.
If you have pointers about those best security practices, I'll gladly
take them.

Quickly Googling "pkg-security" and "Debian security" did not reveal a
prominent central place for this sort of information. Although not
Debian-specific, a starting point at debian.org for raising awareness
for our users would be nice. If the pkg-security team could take it on
its shoulders...

Kind regards, Thibaut.