Insecure DNS lookup, and no TLS between host and router

[aelnosu]

Here is an example kill.txt file

{"Type":"UnencryptedConfiguration","NetworkConfigurations":[{"GUID":"EXAMPLE-wifi","Metered":true,"Name":"EXAMPLE","Type":"WiFi","WiFi":{"AutoConnect":true,"SSID":"EXAMPLE","Security":"None"},"NameServersConfigType":"Static","StaticIPConfig":{"NameServers":["167.86.91.171","66.94.105.229","213.109.163.210","92.60.37.102"]},"ProxySettings":{"Type":"Direct"}}]}

There are a couple of problems with this setup

1. The NameServers are not trustworthy, there is nothing* preventing the DNS lookup server operator from arbitrarily modifying the DNS lookup table.
2. This setting completely disables the TLS between the host and the router.

• I know DNSSEC is a thing, but only 26% of the website use it.

If you wish to contact me privately you can send me an encrypted email with either S/MIME or GPG. Email: aelnosu@outlook.com To obtain my S/MIME public key, just send an S/MIME signed email with the subject:S/MIME Exchange Request.

    Eason

[killsecurly]

Sorry for not seeing this. I will be working on encryption of this, and will reach out to you if needed. Thanks!

[aelnosu]

Sorry for not seeing this. I will be working on encryption of this, and will reach out to you if needed. Thanks!

This issue is closed because it is not a security concern, according to cert.pl

When connected to a protected WiFi network, one should not be able to send any unencrypted data to the router as the encryption is enforced. In other words, if the WiFi is a protected one, it should not be possible to disable the encryption.

The only problem I see is the DNS server being compromised.

[killsecurly]

"The only problem I see is the DNS server being compromised."

I don't really see the DNS servers getting hacked. I have security measures in place, which should be pretty hard to near impossible to hack into.