看到「The curious case of the Raspberry Pi in the network closet」這篇有趣的過程，先從開頭與最後面開始看。首先是他們在辦公室裡面發現有個奇怪的設備：
I checked the DNS logs and found the exact date and time when the Pi was first seen in the network. I checked the RADIUS logs to see which employee was at the premises at that time and I saw multiple error messages that a deactivated account tried to connect to wifi.
That deactivated account belongs to an ex employee who (for some reason) made a deal with management that he could still have a key for a few months until he moved all his stuff out of the building (don't ask..).
中間的過程還蠻有趣的，包括研究是什麼擴充卡 (以及用途)，然後從 SD card 上面挖資料，配合 Google 找線索，還有透過 WiGLE 定位，以及透過內部系統交叉比對，最後找到兇手...
看到用鋁箔紙改善無線網路死角的文章 XDDD：「How I amplified my home's Wi-Fi with aluminum foil.」。完成品長這個樣子：
I didn't see any difference in terms of coverage, it's still the same.
在「Randomize your WiFi MAC address on Ubuntu 16.04」這邊看到作者在介紹如何在 Ubuntu 上藉由改變無線網卡的 MAC address 保護自己的隱私：
Your device’s MAC address can be used to track you across the WiFi networks you connect to. That data can be shared and sold, and often identifies you as an individual. It’s possible to limit this tracking by using pseudo-random MAC addresses.
主要應該是給 Ubuntu 的筆電使用者用...
話說 WPA2 也撐了十三年了：
WPA2 became available in 2004 and is a common shorthand for the full IEEE 802.11i (or IEEE 802.11i-2004) standard.
這次的漏洞可以參考「Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping」這邊。
PoC 稱作 KRACK (Key Reinstallation Attacks)，漏洞將會在十一月正式發表，從會議的標題名稱大概可以知道方向，是對 Nonce 下手：「Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2」。另外站台 www.krackattacks.com 已經放好，等後續的發表更新了。
對於無線網路的各種漏洞，老方法還是目前最有效的方法，也是這次的 workaround 之一：上強度足夠的 VPN。
Update：補上論文「Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2」。
這次 iOS 11 的無線網路與藍芽需要到 Settings (設定) 裡面才能有效關掉的設計，讓 EFF 不爽寫了一篇文章：「iOS 11’s Misleading “Off-ish” Setting for Bluetooth and Wi-Fi is Bad for User Security」。
On an iPhone, users might instinctively swipe up to open Control Center and toggle Wi-Fi and Bluetooth off from the quick settings. Each icon switches from blue to gray, leading a user to reasonably believe they have been turned off—in other words, fully disabled. In iOS 10, that was true. However, in iOS 11, the same setting change no longer actually turns Wi-Fi or Bluetooth “off.”
算是為什麼企業要提供 Full Routing VPN 的一個攻擊管道的說明...
這篇介紹了在飯店裡透過 WiFi 攻擊企業的高階主管，想辦法塞木馬取得資訊，或是滲透進企業內部的網路：「Hackers are using hotel Wi-Fi to spy on guests, steal data」。
Those behind the campaign have continually evolved their tactics and malware payloads, blending phishing and social engineering with a complex Trojan, in order to conduct espionage on corporate research and development personnel, CEOs, and other high-ranking corporate officials.
有點介於 APT 與一般性的攻擊中間...
在「About the security content of iOS 10.3.1」這邊的說明：
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A stack buffer overflow was addressed through improved input validation.
CVE-2017-6975: Gal Beniamini of Google Project Zero
歐盟法院 (The Court of Justice of the European Union) 認為公開無線網路的營運者不需要對使用者的侵權行為負責：「EU Court: Open WiFi Operator Not Liable For Pirate Users」。
不過這是有一些前提的，法院認為應該要符合這幾個要件，營運方才不要負責。基本上完全沒有 filter 限制的無線網路會符合這些條件：
The Court further notes that in order for such ‘mere conduit’ services to be exempt from third party liability, three cumulative conditions must be met:
– The provider must not have initiated the transmission
– It must not have selected the recipient of the transmission
– It must neither have selected nor modified the information contained in the transmission.
In an effort to strike a balance between protecting a service provider from third party liability and the rights of IP owners, the Court ruled that providers can be required to end infringement.
“[T]he directive does not preclude the copyright holder from seeking before a national authority or court to have such a service provider ordered to end, or prevent, any infringement of copyright committed by its customers,” the Court found.
One such measure could include the obtaining of an injunction which would force an operator to password-protect his open WiFi network in order to deter infringement.
On a more positive note, the Court rejected the notion of monitoring networks for infringement or taking more aggressive actions where unnecessary.
“[T]he directive expressly rules out the adoption of a measure to monitor information transmitted via a given network. Similarly, a measure consisting in terminating the internet connection completely without considering the adoption of measures less restrictive of the connection provider’s freedom to conduct a business would not be capable of reconciling the abovementioned conflicting rights,” the Court concludes.
WiGLE 是個蒐集無線網路資訊的服務 (i.e. SSID、mac address 以及定位位置)，依照維基百科上的資料，WiGLE 計畫從 2001 年開始，到現在快十五年了：
The first recorded hotspot on WiGLE was uploaded in September 2001.
趁著最近 Pokémon Go 會跑來跑去，就順便幫忙蒐集資料了...
目前我蒐集資料的方式是透過 WiGLE 的 Android 應用程式 (Wigle Wifi Wardriving) 開著讓他背景跑，然後回到家以後上傳，過一陣子讓系統更新後就可以看到了。