Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sophos Researcher Suggests Password 'Free' to Spur Wi-Fi Encryption

timothy posted more than 3 years ago | from the has-some-drawbacks dept.

Encryption 332

An anonymous reader writes "In the wake of concerns about FireSheep sniffing credentials from people using unencrypted public WiFi hotspots, a security researcher has proposed that the problem does not just lie with big websites like Facebook, but also with those who provide free wireless internet access. Chet Wisniewski, a researcher at security firm Sophos, proposes that all free WiFi hotspots should be encrypted — with the password 'free.' ''I propose standard adoption of WPA2 and a default password of "free." Whenever you wish to connect to complimentary WiFi, you select "Courtyard Marriott" or "Starbucks" like you always have, but you are then prompted for a password. Just type "free". It's not hard. In fact, operating system vendors could even program your PC to automatically try the password "free" before prompting you for a password on the assumption that you might be selecting a free service.'"

Sorry! There are no comments related to the filter you selected.

I like this. (0)

Anonymous Coward | more than 3 years ago | (#34183254)

This is actually a pretty good idea.

I tried it (2, Funny)

goombah99 (560566) | more than 3 years ago | (#34183542)

Watch out! I tried typed in "Free" instead of of "free" like the Sophos Dude recommends and it wiped out all my time machine backups.

Well, at least that's what happened after I hard crashed my computer in the middle of a back up. But I'm sure it was sophos to blame.

Re:I like this. (1)

tqk (413719) | more than 3 years ago | (#34183576)

Me too. Isn't this an example of a "mesh network", a la OLPC?

Re:I like this. (5, Interesting)

TheLink (130905) | more than 3 years ago | (#34183724)

I've suggested this before a few times: http://it.slashdot.org/comments.pl?sid=457132&cid=22455074 [slashdot.org]

Thing is he left out the part where there are two different modes of WPA2.

One (WPA2 PSK) where if everyone has the same password, it's still not secure (know the same key, sniff a session's 4 way handshake, and you can decrypt that session's traffic).

And one (the other WPA2) where it's supposedly more secure, but apparently still has problems: http://wifinetnews.com/archives/2010/07/researchers_hints_8021x_wpa2_flaw.html [wifinetnews.com]

Yeah, not so simple for Starbucks to get right...

Basically the WiFi standards bunch screwed up. So I actually blame them for a lot of the problems. So many years and they still haven't got WiFi to the level of TLS/HTTPS.

HTTPS doesn't solve the "stupid user problem", or the "browsers not warning users of changed CAs", but at least the tech/standard isn't that crap, it's more a people problem.

This will not work. (-1)

Anonymous Coward | more than 3 years ago | (#34183264)

This will not work, and the fact that he suggested it is sad. WPA2 does not prevent other people who are on the same WiFi network from seeing your data. It only prevents people who are not on the network from sniffing the data. Since the program Firesheep requires you to be on the WiFi network you are sniffing, this solution will absolutely not work.

The only way to be secure is to use SSL or a VPN.

Re:This will not work. (1)

Mostly Harmless (48610) | more than 3 years ago | (#34183316)

That's not entirely true. WPA2 will prevent Firesheep from working provided the WPA2 traffic isn't being decrypted.

Re:This will not work. (1)

mattventura (1408229) | more than 3 years ago | (#34183350)

I'm not familiar with firesheep in particular, but wouldn't the OS be decrypting the traffic for you (since you are connected to the network) and then firesheep simply captures it? or does firesheep work on a lower layer, bypassing that part of the OS's networking?

Re:This will not work. (2, Informative)

yuhong (1378501) | more than 3 years ago | (#34183706)

The client has the keys only to decrypt traffic targeted to the client, not to other clients.

Re:This will not work. (0)

Anonymous Coward | more than 3 years ago | (#34183718)

Firesheep resides on the attackers computer, it forges the session cookie so that the attacker can access any site that you are logged in to. To forge your session cookie it monitors the traffic on the unencrypted wifi-network. If you have an encrypted connection the attacker first has to decrypt your connection before forging your cookie.

Re:This will not work. (1)

Dayta (65733) | more than 3 years ago | (#34183574)

Yes it does. Although you start out your session by connecting to the network with one password for everyone, your computer then negotiates an individual password for your connection to the wireless router. This means that you cannot see other people's traffic.

Re:This will not work. (3, Informative)

yuhong (1378501) | more than 3 years ago | (#34183716)

It is easy to bypass though by capturing a four-way handshake. A fake authentication can be used in order to have a client go though it again.

Re:This will not work. (1)

kenshin33 (1694322) | more than 3 years ago | (#34183810)

I've always wondered .. in an encrypted wifi network you can not just sniff if your connected to that net work can you ??????
If the answer to that question is no you can sniff this doesn't solve the problem does it, if the answer is of course you can not just sniff ... well that's just a bump in a road, because all the protection that encryption (for wifi that is) provides ceases to exists once the traffic hits the access point (otherwise no internet at all), if you can manage to direct let's say all traffic through your laptop what would happen (one very handy tool to do that is good old ettercap)??? I'm guessing back to square one. So in any case the solution to the problem (this particular one) is between the hands of the web site (USE SSL) not the end user.
Iplayed arround with this at the university found one workaround: (that works with facebook) LOGOUT. I'm guessing that invalidates the session cookie and no more possible access. Though it doesn't work with hotmail -- whether you logout or not the attacker (me for instance) still has access -- Gmail on the other hand is not affected at all (to my knowledge). The other not so easy solution is to get access to a vpn.

Careful with those quotation marks (0, Troll)

Anonymous Coward | more than 3 years ago | (#34183266)

"free" and "free." are not the same.

Re:Careful with those quotation marks (0)

Anonymous Coward | more than 3 years ago | (#34183332)

that would be funny if the 2nd 'free' were not at the end of a sentence

Re:Careful with those quotation marks (0)

Anonymous Coward | more than 3 years ago | (#34183368)

Instead it's just factual. Isn't that funny?

Re:Careful with those quotation marks (0)

Anonymous Coward | more than 3 years ago | (#34183432)

The 2nd 'free' was not at the end of a sentence, it was in the middle of a runaway sentence.

Re:Careful with those quotation marks (1)

NoSig (1919688) | more than 3 years ago | (#34183420)

In English punctuation is supposed to go before closing quotation marks, so it is never "free", but instead "free." Now granted that's completely stupid, but it is correct English and the sensible thing you are advocating is incorrect English.

Re:Careful with those quotation marks (2, Interesting)

ildon (413912) | more than 3 years ago | (#34183434)

Except when you're signifying an explicit string that will need to be readable by a computer. I would tend to err on the side of caution lest someone mistake my correct English punctuation for some sort of design intent.

Re:Careful with those quotation marks (4, Informative)

Gadget_Guy (627405) | more than 3 years ago | (#34183508)

I'm afraid it is not that simple. You should always be wary of assuming that the rules used in your locality are universal. There are two styles in general use regarding punctuation and quotation marks. See the wikipedia entry [wikipedia.org] on the subject:

In the U.S., the standard style is called American style, typesetters' rules, printers' rules, typographical usage, or traditional punctuation, whereby commas and periods are almost always placed inside closing quotation marks. This style of punctuation is common in the U.S., Canada, and in the U.K. in fiction and journalism.

The other standard style--called British style or logical punctuation--is to include within quotation marks only those punctuation marks that appeared in the quoted material, but otherwise to place punctuation outside the closing quotation marks.

Using the British style is less ambiguous in this case.

Re:Careful with those quotation marks (0)

Anonymous Coward | more than 3 years ago | (#34183444)

I think you meant to say that "free" is not the same as "free.". ;-)

Re:Careful with those quotation marks (0)

Anonymous Coward | more than 3 years ago | (#34183562)

''I propose standard adoption of WPA2 and a default password of "free."

And none of you noticed that "free." in that case should be 'free.' " What makes it funnier is that the first 'free' is in single quotes, because the whole thing is in double quotes which means that sentence should read, 'I propose standard adoption... of "free." '

It's like a bug in some horrible recursive subroutine!

Re:Careful with those quotation marks (1)

corsec67 (627446) | more than 3 years ago | (#34183598)

And the 'Free' in the title as well.

Re:Careful with those quotation marks (0)

Anonymous Coward | more than 3 years ago | (#34183674)

You missed the one in article's title - "Free"

Nice work by summary writer, submitter and editor ..

I don't think so. (0)

Anonymous Coward | more than 3 years ago | (#34183268)

I'm afraid this does not work the way you think it does. If everyone knows the password, then anyone can still view all traffic on the network, no?

Re:I don't think so. (2, Insightful)

Anonymous Coward | more than 3 years ago | (#34183342)

No.

Before everyone says that's idiotic... (3, Interesting)

Mabbo (1337229) | more than 3 years ago | (#34183272)

... just keep in mind that with WPA, the initial password is just used for connecting to the network, after which a session password is shared (right? pretty sure I'm right about that). So, technically, it would prevent someone from stealing your interwebs as long as you were already connected. Now, the guy who got to Starbucks before you and started sniffing before you did, he definitely has your personal information now, and this is a stupid idea.

Re:Before everyone says that's idiotic... (4, Insightful)

phantomcircuit (938963) | more than 3 years ago | (#34183286)

So, technically, it would prevent someone from stealing your interwebs as long as you were already connected.

Unless of course the attacker sends fake de-authentication packets forcing a new handshake to occur...

Re:Before everyone says that's idiotic... (2, Interesting)

CosmeticLobotamy (155360) | more than 3 years ago | (#34183366)

Security's not my area, so maybe this question is nonsense, but why does each wireless router not have its own unique public/private key pair installed at the factory (that could later be changed by the owner) so that the session key could be generated by the client, sent to the server encrypted by the public key, and now only the router can decrypt the session key?

Re:Before everyone says that's idiotic... (2, Insightful)

Anonymous Coward | more than 3 years ago | (#34183614)

Parent post raises an interesting point: Assuming you trust the security of the router itself, it's possible to have perfect inbound wireless security by giving your public key to the router, but it's impossible to have perfect outbound wireless security unless you have a pre-existing relationship with the router (i.e. you know its public key), or unless its key is signed back to a trusted root authority.

I propose that the pre-existing relationship case is a lost cause, since it would essentially require the hotel or coffee shop publish its router's key behind glass and have the manager periodically check for signs of tampering of the published key (* social engineering hack: "key change notice" on official looking letterhead taped to windows around the store). However, I'll also propose that trusted root signing authority case is also a lost cause because of the massive infrastructure costs required. Essentially only the big players could afford it, and it would require enterprise level security procedures in coffee shops run by high school dropouts. Plus, who would actually check the router certificate to see if it looks valid? It's not something you can check programmatically like comparing a website certificate's subject to the domain name.

Anyway, even if you somehow manage to secure the outbound wireless portion of the connection, that still leaves the router's private key or ISP connection as weak links. Random strangers won't be able to hijack your connection unless the key is easily cracked, but a determined hacker will still find a way to read everybody's data that passes over the router.

My conclusion: It's impossible to have true wifi security, so let's not kid ourselves. If you care about your privacy, you should use SSL or some form of VPN to a trusted location. In this case, no wifi security may be the best answer, because it'll help push the adoption of SSL websites. The sooner we stamp out plain-text protocols the better.

Re:Before everyone says that's idiotic... (2, Interesting)

yakovlev (210738) | more than 3 years ago | (#34183488)

In other words, the designers of WPA2 screwed up by not using something like Diffie-Hellman to negotiate a private connection before the initial password even changed hands?

I realize this would be subject to man-in-the-middle, but that would seem to be detectable as you would get two different responses when you tried to do the initial negotiation, after which the OS should report "something's screwy with this network" and refuse to connect.

Re:Before everyone says that's idiotic... (5, Informative)

Anonymous Coward | more than 3 years ago | (#34183560)

In other words, the designers of WPA2 screwed up by not using something like Diffie-Hellman to negotiate a private connection before the initial password even changed hands?

I realize this would be subject to man-in-the-middle, but that would seem to be detectable as you would get two different responses when you tried to do the initial negotiation, after which the OS should report "something's screwy with this network" and refuse to connect.

WPA designers punt the problem of establishing initial session encryption key to EAPOL. Designers of EAP applications can use whatever authentication protocol and crypto bindings between layers that they want.

DH is pointless in the case you point out because it would be trivial to operate as you point out a middle man to circumvent. For a "This is screwy" response to be possible it would require some prior knowledge to establish a trust relationship between systems. Encryption without trust is less than useless.

Re:Before everyone says that's idiotic... (5, Insightful)

kwerle (39371) | more than 3 years ago | (#34183664)

... Encryption without trust is less than useless.

I am so tired of that statement. Encryption without trust is Encryption. It is way less than ideal, but way better than cleartext.

I don't particularly trust my local cafe'.
I really don't trust their ISP.
I especially don't trust the phone company.
I entirely don't trust the government.
I certainly don't trust facebook.

But I use the cafe' wireless who uses their ISP who uses the phone company who is tapped by the government when I use facebook. And if the wifi were encrypted, I would not also have to worry about my fellow cafe' sniffers.

So is that first hop encryption a complete solution? Nope. Anyone between the wireless router and facebook can still listen in. But it'd sure be a hellofa lot better than in the clear.

Encryption without trust is not security, but it is encryption.

Re:Before everyone says that's idiotic... (1, Troll)

Nursie (632944) | more than 3 years ago | (#34183798)

"And if the wifi were encrypted, I would not also have to worry about my fellow cafe' sniffers.

So is that first hop encryption a complete solution? Nope. Anyone between the wireless router and facebook can still listen in. But it'd sure be a hellofa lot better than in the clear."

Except it's not, because there are attacks that allow you to see the data if you capture the handshake, regardless of whether the traffic once you've set up the session is encrypted or not. And there are ways to force the handshake to replay without the user ever finding out. Even with DH there are various MITM, DNS insertion and other tricks that can be done.

Worse than useless I'm not sure, but equal to useless, certainly, because it doesn't stop the other people in the coffee shop from doing anything much they like, they just need slightly more sophisticated tools than firesheep.

Re:Before everyone says that's idiotic... (0)

Anonymous Coward | more than 3 years ago | (#34183812)

How is encryption without authentication better than no encryption? You already agreed that it doesn't provide the security you need ("complete solution"). So you need end-to-end encryption with authentication anyway. That is exactly as good with no encryption on a lower layer, so what do you gain? I can tell you why encryption without authentication is worse in: People see that the Wifi is encrypted, and if they're not very knowledgeable about the subject, they think that that protects them from eavesdropping, so they don't look for actual security. I.e., they succumb to what's called a "false sense of security".

(For completeness sake: There are scenarios where encryption without authentication can force an attacker to use an active attack (MITM) instead of a passive attack (sniffing). In that case, even encryption without authentication can be useful, but in the case of WPA with preshared secrets, it doesn't do that.)

Let's says that this is really idiotic! (2, Informative)

louarnkoz (805588) | more than 3 years ago | (#34183638)

There are so many ways this suggestion is wrong, it is not even funny.

TFA says WPA2 negotiates unique encryption keys with every computer that connects to it. This means you and I cannot spy on one another's traffic even when sharing access on the same access point. That's true, but anyone who can listen to the exchange and know the shared key will be able to learn the key. Plus, there is a very neat man in the middle attack.

Suppose that I am an evil sheep herder near a Starbuck cafe. Nothing prevents me from broadcasting a Wi-Fi beacon that announces that I am running a Starbuck access point. Here comes the sheep, who is really happyto see that the connection is secure. Hey, he used WPA2 and the "free" password, his packets are encrypted. Except they are all coming to my laptop. Oops!

Twenty years later... (0)

Anonymous Coward | more than 3 years ago | (#34183276)

Why does it keep returning "free"??

Ridiculous And Totally Not Helpful (5, Interesting)

phantomcircuit (938963) | more than 3 years ago | (#34183278)

Maybe he hasn't noticed that wireshark can decrypt WPA2 traffic so long as the network is being sniffed when the client originally connects.

Re:Ridiculous And Totally Not Helpful (4, Insightful)

tlhIngan (30335) | more than 3 years ago | (#34183364)

Maybe he hasn't noticed that wireshark can decrypt WPA2 traffic so long as the network is being sniffed when the client originally connects.

Yep. And then we'll have a new version of Firesheep with WPA2 decryption. And then another version that'll ARP-spoof the gateway machine so every connected device then routes through your PC.

It'll end up being that a Firesheep user will just have a fast DHCP server and acting as a gateway for the WiFi so all traffic goes through your PC, forwarding packets to the real gateway.

No, the ONLY way to defeat Firesheep is to properly encrypt sessions. Otherwise we're just doing an arms race. The ARP spoofing and fake DHCP is basically endgame short of access points going and isolating users from each other. Which would then end up being someone sets up a fake access point that routes to the real one.

The endgame is, Firesheep can always win. Or anyone with a packet sniffer. Unless the site goes completely SSL.

Re:Ridiculous And Totally Not Helpful (3, Interesting)

adolf (21054) | more than 3 years ago | (#34183544)

The endgame is, Firesheep can always win. Or anyone with a packet sniffer. Unless the site goes completely SSL.

Indeed, this is the most obvious end result.

And now, for the most ridiculous question ever: Why isn't this being done? It isn't 1995 anymore: SSL is (at worst) easy and well-understood for these purposes.

Why does this continue to be an uphill battle?

Re:Ridiculous And Totally Not Helpful (0)

Anonymous Coward | more than 3 years ago | (#34183588)

Why isn't this being done? It isn't 1995 anymore: SSL is (at worst) easy and well-understood for these purposes.

Why does this continue to be an uphill battle?

Because certs from "trusted by default" organizations are ridiculously expensive.

Re:Ridiculous And Totally Not Helpful (1)

psyclone (187154) | more than 3 years ago | (#34183712)

Even a $300 / yr EV cert [wikipedia.org] is cheap for the top 100 internet properties.

Re:Ridiculous And Totally Not Helpful (1, Interesting)

Anonymous Coward | more than 3 years ago | (#34183612)

Because you have to pay to get your certificate signed, and sites that aren't transmitting sensitive data aren't going to pay for it.

Yes, you can self-sign and avoid the costs, but if you do that the browsers tell the users that you're a dirty, evil cheat and liar for doing so, scaring visitors away from your site. It's taught people to think that insecure browsing is safer than SSL with self-signed certificates.

Until something changes with either the browsers or the signing process, we'll never see 100% SSL use on webpages.

Re:Ridiculous And Totally Not Helpful (1)

Nursie (632944) | more than 3 years ago | (#34183816)

"It's taught people to think that insecure browsing is safer than SSL with self-signed certificates."

Look at it this way - someone sees the 'https' and thinks it's secure, so they do their internet stuff over it, potentially with sensitive personal or financial data.

Is it secure? Is it bollocks. MITM is perfectly possible. To the extent that in our arms-race-at-starbucks scenario where the hacker has done his ARP spoofind and DHCP, you just add an MITM proxy for SSL connections. Done, your self-signed certs are now useless.

Self-signed == no authentication == no security. UNLESS the private cert or cert authority public certificate is distributed first and in an offline manner.

Re:Ridiculous And Totally Not Helpful (0)

Anonymous Coward | more than 3 years ago | (#34183678)

Because it is not entirely trivial to encrypt the volume of traffic running through something like facebook.
Not to mention the issue of non-encrypted content hosted by possibly-3rd-party CDNs.

Re:Ridiculous And Totally Not Helpful (0)

Anonymous Coward | more than 3 years ago | (#34183692)

And why do people hate on self-signed certificates so much? They're perfect for this kind of thing.
(They're no validation of the identity of the remote site, but that doesn't mean they're not useful for encrypting traffic.)

Re:Ridiculous And Totally Not Helpful (1)

ADRA (37398) | more than 3 years ago | (#34183722)

It sucks for load balancers unless you're offloading the SSL to the load balancer itself, then you have issues with embedded server URL's needing to be rewritten to not only use the load balancer IP's but also all HTTP:// references into HTTPS:// references, which in turn may blow up some random poorly written apps that depend on specific file sizes... plus all the overhead of possibly decompressing a compressed result, scanning for the offending URI and re-compressing the fixed the results, etc...

This is actually from personal experience regarding JNLP hosted from servlets, but the same can apply with any web technologies that use absolute addresses within the web application.

Re:Ridiculous And Totally Not Helpful (2, Insightful)

kwerle (39371) | more than 3 years ago | (#34183736)

Ugh. Replies about SSL's being expensive. Please.

SSL is overhead. Let's say that you're facebook, and let's say that the actual cost overhead is 1/1,000,000 of a penny per page served up.

What is facebook's throughput? I have no idea.
http://techcrunch.com/2010/04/21/facebook-like-button/ [techcrunch.com]

So it's a lot. So much that even if SSL overhead is just one one millionth of a cent per page served up, it is clearly at least hundreds of dollars a month. From the article, I'd guess that it's at least thousands of dollars a month.

Clearly, that's chump change for facebook, but until now, that's all money they've saved. And that's if the overhead is 1/10^6th of a penny. If it's 10^5th we're talking 10's of thousands. If ssl costs 1/10,000 of a penny per page, we're talking 100's of thousands of dollars a month. That starts to add up.

Again, I have absolutely no freaking idea how much overhead it is, and I have no idea their volume. But at the volume they're doing, you can see where any measurable overhead would cost real money.

My guess is that they will throw money at the problem and it'll go away. But they won't be happy to do it.

Re:Ridiculous And Totally Not Helpful (1)

Nursie (632944) | more than 3 years ago | (#34183826)

So what if we had an authenticated wireless system (similar to SSL or SSH) using signed certificates? It pushes the processor requirements in a WAP up a little, but isolates users from each other.

I think there are ways to do this sort of thing but at present they're complex and enterprisey...

Re:Ridiculous And Totally Not Helpful (0)

Anonymous Coward | more than 3 years ago | (#34183564)

how do you encrypt sessions between your ps3 and your router?

Re:Ridiculous And Totally Not Helpful (0)

Anonymous Coward | more than 3 years ago | (#34183584)

Got a wireless-newbie question...
Do you think, in a scenario where ARP spoofing and faking DHCP is possible, that it would be possible to act as the target victim's DNS server, sending target bogus replies to all *.facebook.com A record lookups? If that were true, and you also found a shady/bug-ridden/pliable certificate authority * to hand you a certificate that will validate using the current browser's trusted certificate authorities, would SSL not even be safe?

*some security folks argue that even certificate authorities are not trustable

PS. When I considered this problem, I googled around, and I found some folks at http://security.goatse.fr/clench-our-way-of-saying-screw-you-to-ssl-pki-forever [goatse.fr] who seem to have a solution that is useful even if SSL can't be trusted. Put simply, comparing hash(nonce+PK as client sees it+password) against hash(nonce+server's PK+password) without sending the hash across the wire. It gives additional security for a shared secret, ie a password, not additional protection against any other traffic sniffing if the SSL security is compromised.

Re:Ridiculous And Totally Not Helpful (0)

Anonymous Coward | more than 3 years ago | (#34183654)

> It gives additional security for a shared secret, ie a password, not additional protection against any other traffic sniffing if the SSL security is compromised

I just remembered that this won't be a concern: if the session won't validate due to MITM attack, the server will not proceed to show any sensitive data.

Re:Ridiculous And Totally Not Helpful (1)

TheLink (130905) | more than 3 years ago | (#34183774)

Yeah I've suggested this before him, but at least I got that part right[1] :).

http://slashdot.org/comments.pl?sid=1578784&cid=31437480 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=457132&cid=22455074 [slashdot.org]

It's quite sad "Sophos Researcher" doesn't seem to know how broken WiFi security is.

[1] Somewhat right anyway - seems like the "secure" mode I mentioned in those posts might not be that secure: http://wifinetnews.com/archives/2010/07/researchers_hints_8021x_wpa2_flaw.html [wifinetnews.com]

Blame the WiFi standards bunch, they can't seem to get stuff right. Why didn't they just copy ideas from SSL or SSH?

Forget free WiFi (0)

Anonymous Coward | more than 3 years ago | (#34183280)

I want free LOVE, man. Where is the free love?

Standard Default Password? (1)

Mostly Harmless (48610) | more than 3 years ago | (#34183290)

I don't like the sound of "standard default password." That's just asking for all sorts of trouble. How about changing the SSID to something like, "Starbux Network Password: freenet" This way the password is available without having to post signs, etc., and you don't have to worry about involving default passwords of any sort. However, this is still a band-aid over the real problem. Facebook and the like should just get on the ball and enforce TLS.

Re:Standard Default Password? (2, Interesting)

gnapster (1401889) | more than 3 years ago | (#34183516)

Unencrypted access points already use a standard password: the empty password [gnu.org] . How is this any different?

Re:Standard Default Password? (1)

julesh (229690) | more than 3 years ago | (#34183862)

Unencrypted access points already use a standard password

No, they don't. Unencrypted access points don't use a password at all. The password in WPA et al is used to generate a key; unencrypted networks don't have a key.

WPA2 minimum passphrase length... (5, Insightful)

atomicstrawberry (955148) | more than 3 years ago | (#34183292)

... is 8 characters.

Re:WPA2 minimum passphrase length... (1, Informative)

Anonymous Coward | more than 3 years ago | (#34183296)

OK then "PASSWORD"

Re:WPA2 minimum passphrase length... (1)

VincenzoRomano (881055) | more than 3 years ago | (#34183300)

So don't mind that security genius.

Re:WPA2 minimum passphrase length... (1)

Architect_sasyr (938685) | more than 3 years ago | (#34183396)

A default password of "freewifi" then.

I have the distinct impression that he is getting at using a word that makes people think "hangon, maybe I should change this" rather than just going "oh my wireless works now". We're still going to have issues with codes generated on phone numbers or serials or whatever, but making it a little more obvious to the end user that what they are connecting to is available to anyone should help (hahahahaha)

Re:WPA2 minimum passphrase length... (0)

Anonymous Coward | more than 3 years ago | (#34183378)

Is this standard-mandated, or simply an if-statement inside of your router's firmware?

Re:WPA2 minimum passphrase length... (0)

Anonymous Coward | more than 3 years ago | (#34183388)

ZACKLY what i was thinking!!

Re:WPA2 minimum passphrase length... (1)

sandawgscorch (1106917) | more than 3 years ago | (#34183394)

bingo! that was the first thing i thought when i saw that he obviously doesn't work with wifi much....

Re:WPA2 minimum passphrase length... (1)

stms (1132653) | more than 3 years ago | (#34183404)

So Make it freewifi this is a stupid idea anyway.

Re:WPA2 minimum passphrase length... (5, Funny)

wilson_c (322811) | more than 3 years ago | (#34183512)

freeeeee?

Portable Devices (0)

Anonymous Coward | more than 3 years ago | (#34183308)

The problem with WPA2 is that in my experience some portable devices don't support WPA2.
Example: Nintendo DS doesn't have any games that support WPA2(or any type of WPA as far as I know). WEP is the highest that it supports. (Now this may be wrong, but my understanding is that the network stuff is linked into the game, so older games will never be able to support anything better than WEP)
And there is a Web Browser for it, there is the official Opera cart. It also only supports up to WEP.

Re:Portable Devices (1)

pedestrian crossing (802349) | more than 3 years ago | (#34183782)

It's not at the game level, it is at the device level. The Nintendo DS only supports WEP.

Per-client encryption: WEP vs WPA (1)

miquong (569138) | more than 3 years ago | (#34183320)

One important caveat: this would be useless if the access point is using WEP, which uses the same key to encrypt each client's traffic. It would be trivial to modify Firesheep or any other tool to be able to overcome this. My understating is that WPA is somewhat better since it uses the pre-shared key + a per-session key, though that per-session key could still be sniffed if the attacker captured the handshake when the target first connects. So neither option is secure but WEP would just be snake oil and little better than clear-text.

Re:Per-client encryption: WEP vs WPA (0)

Anonymous Coward | more than 3 years ago | (#34183454)

anyone using WEP is an idiot as I can crack the password in less than 5 minutes on a piece of shit laptop with barely any processing capacity.

Re:Per-client encryption: WEP vs WPA (0)

Anonymous Coward | more than 3 years ago | (#34183502)

Idiot or not, I still have some equipment that can only use WEP, so for now, that is what my router uses.

Then again, I live on a farm and my nearest neighbor is 1/2 mi away, so I don't worry about somebody jacking my connection.

Re:Per-client encryption: WEP vs WPA (2, Insightful)

rew (6140) | more than 3 years ago | (#34183636)

Two guys, Diffie and Hellmann thought up a protocol that allows someone to listen to a "key exchange" without being able to determine the key that the two parties decide on.

One party decides on a base (g) and a modulus (p) and sends it to the other side. Our attacker will of course grab this info. Next each party will think up a number. Alice choses a, Bob choses b. Alice sends g^a mod p to Bob. Bob sends g^b mod p back to A. They key is then easy to calculate for Alice and bob. Alice does K = (g^b)^a = g^ab , while Bob does K = (g^a)^b = g^ab where the listening crook just has g^a and g^b and can't figure out a or b which are needed to find the key K in reasonable time.

Thus this protocol being known for almost 35 years allows easy encryption with a key that a eavesdropper cannot easily snoop..

'Free' or 'free'? (3, Informative)

snsh (968808) | more than 3 years ago | (#34183356)

capitals matter. and don't WPA2 phrases have to be at least 8 characters?

Re:'Free' or 'free'? (4, Funny)

at_slashdot (674436) | more than 3 years ago | (#34183442)

FreeWiFi (8 characters, combines lower and upper case to make it more secure ;)

Re:'Free' or 'free'? (1)

pjfontillas (1743424) | more than 3 years ago | (#34183604)

FreeWiFi (8 characters, combines lower and upper case to make it more secure ;)

More secure? Even if everybody knows the passphrase?

Re:'Free' or 'free'? (1)

Anonymous Coward | more than 3 years ago | (#34183632)

Woosh.

Yeah, with a password we'll never have any problem (0)

Anonymous Coward | more than 3 years ago | (#34183372)

All it takes is one password, and you're fine. Doesn't matter that you're connecting to a network with no authentication, no security, and no way to really protect yourself in the event of being compromised.

How about we get some better way to test credentials??

No! (0)

Anonymous Coward | more than 3 years ago | (#34183374)

That would require connecting to all available networks just to find out if any are accessible. The status of a network must be announced in the broadcast. If you wanted to have encryption enabled on public hotspots, then you'd have to standardize something that's in the beacon frames to declare public availability, for example an SSID prefix. Standard shared secrets are also not useful because they don't prevent attackers from sniffing or MITMing and decrypting the whole session. It's that "encryption without authentication" thing. Mr. Sophos researcher, keep working on the anti-virus snake-oil and let professionals handle encryption.

fu@cker (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#34183384)

Join GGNA (GAY

ARP Poisoning (0)

Anonymous Coward | more than 3 years ago | (#34183398)

ARP poisoning apparently means nothing to this "security researcher"

I find it sad... (2, Informative)

metrix007 (200091) | more than 3 years ago | (#34183402)

That a security research doesn't know better than this. Encryption with a PSK is useless as far as sidejacking is concerned. There is no decent client to client encryption unless you use WPA/2 Enterprise.

To suggest otherwise is bullshit, and he should be blaming the websites who are the problem.

Free (0)

Anonymous Coward | more than 3 years ago | (#34183436)

I never understood what value people see in encrypting just the edge when the rest of the network is no more trust worthy. I never understood why people think using an open hotspot is any more of a security risk than using the Internet. Neither can be trusted and both should be assumed to be hostile.

WRT using a well known secret to connect -- This only works if the server has a certificate and the client validates it. Not realistic for free hotspots because it requires the owner to pay for essentially an SSL certificate (EAP-TTLS or EAP-PEAP). This approach would offer the same security between the user and access point as https access to your favorite banking web site.

If however there is no MITM protection (Server uses a self-signed cert or none at all) using a well known password does raise the bar over open wifi but not by much. The channel would be secure against passive easedropping only and would provide zero protection against attackers operating a proxy server...

This is esentially the problem... You see a free wifi advertised and connect to it.. You have no prior relationship, no reason to trust the owner... No technological encryption solution will help provide security if there is no morsal of trust to build on.

My advise is to use end-end encryption technology if you have anything important to do. It makes life much easier and actually has tangable value from a security perspective.

Free as in Fired (0)

Anonymous Coward | more than 3 years ago | (#34183440)

This is a good idea in theory, it at least keeps the air-sniffing under control (Which is insanely easy to do.)

However what really needs to happen is that people need to have their home wireless router have a VPN end-point that it always connects to, even if it's the local network. When it goes roaming, it then needs to connect again to this VPN endpoint so that it's traffic is again secure. It wastes double the bandwidth of your home connection, but at least you're not being snooped on.

More technically inclined people can simply SSH a socks proxy of any machine they know, to use it as a ad-hoc VPN. Again, wastes their bandwidth but it's as safe as the end point network is.

A better solution is in whatever replaces 802.11a/b/g/n is to have open-encrypted mode that basically operates as a "randomly generated password" on the connection, and the hardware that runs the access point only throws an instruction page if connected un-encrypted that allows for a one-time password key.

Or even better yet, roll out IPv6 and the ability to hijack sessions will go away because IPv4 NAT that is responsible for this problem will then go away.

I already do this (1)

AceyMan (199978) | more than 3 years ago | (#34183460)

My SSID at home advertises the WPA2 key, that is my SSID is keyissomestring . Im happy to share my bandwidth, but I don't want to share my data.

That says a lot about the 'researcher' (4, Insightful)

flyingfsck (986395) | more than 3 years ago | (#34183476)

Uhmm, maybe Sophos should invest in security training of their staff before they start selling supposed security products.

He's not a researcher, he's a salesman (5, Informative)

Anonymous Coward | more than 3 years ago | (#34183796)

Uhmm, maybe Sophos should invest in security training of their staff before they start selling supposed security products.

He's neither a researcher (someone who works in the virus labs) nor an engineer (someone involved in development of our endpoint or management products). He's in sales. Nothing to see here people, move along.

Posting anonymously because I work there.

Why is WiFi security so crappy? (0)

Anonymous Coward | more than 3 years ago | (#34183478)

Why do you need to type in a password to have encryption? Access control and confidentiality are different things. The access point and the client should both autogenerate their own key pairs, use those to establish a strong symmetric session key, and encrypt all further transmissions with that. By default. Completely transparent to the user, because the keys are autogenerated (e.g., from /dev/rand).

Man-in-the-middle would not work either, because the would-be attacker would have to set up his own access point and then the end user would see two access points in the "Connect to" list and would notice the "fake" AP. And since the connection handshake is encrypted with the public key of the real AP, the attacker can't get inbetween.

Paid wifi (1)

MrEricSir (398214) | more than 3 years ago | (#34183594)

The logical extension of this is that for paid wifi, we can always use the password "paid" right?

'Free' or the SSID (1)

Dayta (65733) | more than 3 years ago | (#34183600)

I quite like the idea of the password being the SSID name rather than 'free'. I think it's easier to adhere to (don't need to worry about capitalisation) and more likely to be adhered to as a 'standard' by all the random coffee shops who are out of their depth as it is.

Pew Research Center is touting a relatively new fo (0, Offtopic)

EdwardC (1937748) | more than 3 years ago | (#34183622)


This mind you about how The Pew Research Center is touting a relatively new form of poll bias called the &ldquo;<a title="Election 2010 and the Cell phone Impact" href=" http://personalmoneystore.com/moneyblog/2010/11/02/cell-phone-effect-election-2010/">cell phone impact</a>,&rdquo; and based on the New York Times, it will impact Election 2010. As the NY Times puts it, about a quarter of American adults use mobile phones exclusively. As many poll individuals don't call cell phones, Pew believes that the results could be skewed by as much as four points.

Free (3, Funny)

Alsee (515537) | more than 3 years ago | (#34183626)

That's amazing! I've got the same password on my luggage!

-

Here's how I'd do it. (3, Insightful)

dannycim (442761) | more than 3 years ago | (#34183628)

1. Bring laptop with extra WiFi dongle into a public area.
2. Connect to Free WiFi spot using internal nic.
3. Act as an Access Point on second nic with a cooler sounding SSID.
4. NAT traffic to first WiFi net and grab everything of interest.
5. ???
6. Profit!!!1!!ONE!

Re:Here's how I'd do it. (0)

Anonymous Coward | more than 3 years ago | (#34183734)

Exactly why the proposed scheme is retarded.

Re:Here's how I'd do it. (1)

ADRA (37398) | more than 3 years ago | (#34183766)

You could always do that even if every 'open' access point was encrypted. If you want to start mandating legal licensing of access points than I think you're going to find some resistance from this crowd. If else, how can you assure that anything I'm connected to is legitimately what I think it is? That, or we start creating a registry of 'official' access points in the wild, and start issuing certificates like SSL currently works. Both require bureaucracy, and expense, and both are pretty much the only solutions that could close the gap we're seeing between security and wireless internet access.

Oh, I thought of another good idea, though this involves extra hardware. You have (at the coffee shop) a card swiper/USB host/whatever that stores a single one time password and self-signed certificate onto the device. You read the card into your device (laptop/phone, etc..) and then you know that the device you're connecting to much have the same information as the swiped device, otherwise its spoofing. This means that coffee shops can regulate who can use the service (or give it away for free for people physically accessible to swipe the data) and it means the consumer of the wireless is sure that the system is closed. I haven't worked it all out since its cloudy in my mind, but this can also be a solution to the MIM attack, since I can transfer the initial handshake through non-open channels, nay?

Full of flaws. But highlights an important issue. (1)

mmj638 (905944) | more than 3 years ago | (#34183670)

This proposal has a ton of flaws that have already been highlighted in other comments (4 characters is too short, summary screws up "Free" vs "free.", the session is still easily hijacked to anyone present during the handshake, an so forth).

However, the real benefit to this kind of proposal, in my mind, is that it brings more public attention to the fact that unencrypted wifi is security madness.I've said to people before that I think that it needs to be illegal to sell an access point capable of unencrypted operation.

But it brings attention to our desperate need for a solution allowing businesses offering "free public wifi" to be able to ensure users' authenticated sessions aren't shared with each other. This is a reasonable expectation of privacy equivalent to non-electronic forms of communication, for example where somebody can't see you filling out a paper form unless they're standing right there looking over your shoulder.

encrypted but not authenticated (1)

tolomea (1026104) | more than 3 years ago | (#34183686)

Currently we have a Wifi security mode that is unencrypted and unauthenticated (open) and several that are encrypted and authenticated (wep, wpa1, wpa2 etc) There is a need for a Wifi security mode that is encrypted but not authenticated. Which is essentially what this proposal is getting at. Of course the actual proposal fails miserably because WPA is not secure against attackers who know the shared secret. So we need a new security mode that fills this role in a secure manner.

localization (1)

cowtamer (311087) | more than 3 years ago | (#34183688)

Now anyone who travels abroad frequently will have to learn the local equivalent of 'free' in every location. Horrible for people who airport-hop internationally :)

(It's bad enough to try to figure out Google's language settings)

No, this is stupid. (-1, Troll)

Anonymous Coward | more than 3 years ago | (#34183730)

Instead, let's switch to a non-broken standard that doesn't require a pre-shared key to encrypt anything

Automatic login attempts... (1)

ADRA (37398) | more than 3 years ago | (#34183740)

will still get you arrested for illegal breach into a seemingly closed system. The attempt (even if performed by the system) is still your legal responsibility. The only possible caveat being that this workaround somehow becomes part of the next wireless standard, in which case its assumed that you are offering your services for all to consume. Having an automatic attempt to connect using 'free' as a colloquial solution to WPA2's flaws are the wrong approach.

802.1X uses public key encryption (1)

sharps1 (1937778) | more than 3 years ago | (#34183748)

That's just silly to require a password with the goal being encryption when the password isn't even what is used to encrypt the data. The 802.1X standard uses public key encryption so the solution is to move towards 802.1X and away from 802.11.

This security firm has zero integrity (1)

Mr_Plattz (1589701) | more than 3 years ago | (#34183824)

If this firm had any integrity before this article, they can comfortable assume they have zero right now. What kind of "researcher" at a Security Firm doesn't know WPA2 is minimum 8 characters?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?