Sophos Researcher Suggests Password 'Free' to Spur Wi-Fi Encryption 332
An anonymous reader writes "In the wake of concerns about FireSheep sniffing credentials from people using unencrypted public WiFi hotspots, a security researcher has proposed that the problem does not just lie with big websites like Facebook, but also with those who provide free wireless internet access. Chet Wisniewski, a researcher at security firm Sophos, proposes that all free WiFi hotspots should be encrypted — with the password 'free.' ''I propose standard adoption of WPA2 and a default password of "free." Whenever you wish to connect to complimentary WiFi, you select "Courtyard Marriott" or "Starbucks" like you always have, but you are then prompted for a password. Just type "free". It's not hard. In fact, operating system vendors could even program your PC to automatically try the password "free" before prompting you for a password on the assumption that you might be selecting a free service.'"
Before everyone says that's idiotic... (Score:4, Interesting)
Re:Before everyone says that's idiotic... (Score:5, Insightful)
So, technically, it would prevent someone from stealing your interwebs as long as you were already connected.
Unless of course the attacker sends fake de-authentication packets forcing a new handshake to occur...
Re: (Score:3, Interesting)
Security's not my area, so maybe this question is nonsense, but why does each wireless router not have its own unique public/private key pair installed at the factory (that could later be changed by the owner) so that the session key could be generated by the client, sent to the server encrypted by the public key, and now only the router can decrypt the session key?
Re: (Score:2, Insightful)
Parent post raises an interesting point: Assuming you trust the security of the router itself, it's possible to have perfect inbound wireless security by giving your public key to the router, but it's impossible to have perfect outbound wireless security unless you have a pre-existing relationship with the router (i.e. you know its public key), or unless its key is signed back to a trusted root authority.
I propose that the pre-existing relationship case is a lost cause, since it would essentially require th
Re: (Score:2, Interesting)
I realize this would be subject to man-in-the-middle, but that would seem to be detectable as you would get two different responses when you tried to do the initial negotiation, after which the OS should report "something's screwy with this network" and refuse to connect.
Re:Before everyone says that's idiotic... (Score:5, Informative)
In other words, the designers of WPA2 screwed up by not using something like Diffie-Hellman to negotiate a private connection before the initial password even changed hands?
I realize this would be subject to man-in-the-middle, but that would seem to be detectable as you would get two different responses when you tried to do the initial negotiation, after which the OS should report "something's screwy with this network" and refuse to connect.
WPA designers punt the problem of establishing initial session encryption key to EAPOL. Designers of EAP applications can use whatever authentication protocol and crypto bindings between layers that they want.
DH is pointless in the case you point out because it would be trivial to operate as you point out a middle man to circumvent. For a "This is screwy" response to be possible it would require some prior knowledge to establish a trust relationship between systems. Encryption without trust is less than useless.
Re:Before everyone says that's idiotic... (Score:5, Insightful)
... Encryption without trust is less than useless.
I am so tired of that statement. Encryption without trust is Encryption. It is way less than ideal, but way better than cleartext.
I don't particularly trust my local cafe'.
I really don't trust their ISP.
I especially don't trust the phone company.
I entirely don't trust the government.
I certainly don't trust facebook.
But I use the cafe' wireless who uses their ISP who uses the phone company who is tapped by the government when I use facebook. And if the wifi were encrypted, I would not also have to worry about my fellow cafe' sniffers.
So is that first hop encryption a complete solution? Nope. Anyone between the wireless router and facebook can still listen in. But it'd sure be a hellofa lot better than in the clear.
Encryption without trust is not security, but it is encryption.
Re: (Score:2, Troll)
"And if the wifi were encrypted, I would not also have to worry about my fellow cafe' sniffers.
So is that first hop encryption a complete solution? Nope. Anyone between the wireless router and facebook can still listen in. But it'd sure be a hellofa lot better than in the clear."
Except it's not, because there are attacks that allow you to see the data if you capture the handshake, regardless of whether the traffic once you've set up the session is encrypted or not. And there are ways to force the handshake
Re:Before everyone says that's idiotic... (Score:4, Funny)
Well, given that it takes a tool of some sort to do it in the cleartext situation, and a much more complex tool in the encrypted situation -
I'd say it's more like you used to have a door that could be opened with a crowbar, now the door's reinforced and you need a number 3 lockpick, possibly a number 4 as well.
Actually I'm still not happy. Trying to find a simple analogy to a situation where the information is thrown around in the clear but it requires some knowledge and a special tool to access it... It's like you need a screwdriver to open the already unlocked door, and now you... Hmmm. How about -
Or two people shouting in the street, except they're shouting in french.... no this one isn't going anywhere either. Damn!
Re: (Score:2)
No, a better analogy is that it's like placing a lock on the door and giving everyone the key, while encryption with trust is like placing a lock on the door and ensuring that only the correct person has the key.
Or, to give a more Slashdot analogy, it's like DRM: encryption doesn't work when the attacker has the key, and if you don't have some mechanism for ensuring trust then you can't tell the recipient and attacker apart.
Re: (Score:2)
It would seem that you are tired of it before you have even understood it. Encryption without trust does not provide privacy - just the appearance of privacy, which is worse than useless.
Your example is wrong because without trust encrypting that first hop doesn't even stop other people on the router listening in - it just makes you think that it does. So it is not even the first in a complete solution.
Re: (Score:2)
How is encryption without authentication better than no encryption?
Two reasons. First the obvious: most would-be attackers are clueless, even little increase in the complexity of attack will stop lots of them. The second you already note:
(For completeness sake: There are scenarios where encryption without authentication can force an attacker to use an active attack (MITM) instead of a passive attack (sniffing). In that case, even encryption without authentication can be useful
That is *the* reason I'd want to be able to use https without expensive certificates without scaring the user (but also without showing the lock symbol or otherwise advertising security, just make it look like unencrypted http to the user).
Let's says that this is really idiotic! (Score:3, Informative)
There are so many ways this suggestion is wrong, it is not even funny.
TFA says WPA2 negotiates unique encryption keys with every computer that connects to it. This means you and I cannot spy on one another's traffic even when sharing access on the same access point. That's true, but anyone who can listen to the exchange and know the shared key will be able to learn the key. Plus, there is a very neat man in the middle attack.
Suppose that I am an evil sheep herder near a Starbuck cafe. Nothing prevents
Ridiculous And Totally Not Helpful (Score:5, Interesting)
Maybe he hasn't noticed that wireshark can decrypt WPA2 traffic so long as the network is being sniffed when the client originally connects.
Re:Ridiculous And Totally Not Helpful (Score:5, Insightful)
Yep. And then we'll have a new version of Firesheep with WPA2 decryption. And then another version that'll ARP-spoof the gateway machine so every connected device then routes through your PC.
It'll end up being that a Firesheep user will just have a fast DHCP server and acting as a gateway for the WiFi so all traffic goes through your PC, forwarding packets to the real gateway.
No, the ONLY way to defeat Firesheep is to properly encrypt sessions. Otherwise we're just doing an arms race. The ARP spoofing and fake DHCP is basically endgame short of access points going and isolating users from each other. Which would then end up being someone sets up a fake access point that routes to the real one.
The endgame is, Firesheep can always win. Or anyone with a packet sniffer. Unless the site goes completely SSL.
Re:Ridiculous And Totally Not Helpful (Score:4, Interesting)
The endgame is, Firesheep can always win. Or anyone with a packet sniffer. Unless the site goes completely SSL.
Indeed, this is the most obvious end result.
And now, for the most ridiculous question ever: Why isn't this being done? It isn't 1995 anymore: SSL is (at worst) easy and well-understood for these purposes.
Why does this continue to be an uphill battle?
Re: (Score:2)
It sucks for load balancers unless you're offloading the SSL to the load balancer itself, then you have issues with embedded server URL's needing to be rewritten to not only use the load balancer IP's but also all HTTP:// references into HTTPS:// references, which in turn may blow up some random poorly written apps that depend on specific file sizes... plus all the overhead of possibly decompressing a compressed result, scanning for the offending URI and re-compressing the fixed the results, etc...
This is a
Re: (Score:3, Insightful)
Ugh. Replies about SSL's being expensive. Please.
SSL is overhead. Let's say that you're facebook, and let's say that the actual cost overhead is 1/1,000,000 of a penny per page served up.
What is facebook's throughput? I have no idea.
http://techcrunch.com/2010/04/21/facebook-like-button/ [techcrunch.com]
So it's a lot. So much that even if SSL overhead is just one one millionth of a cent per page served up, it is clearly at least hundreds of dollars a month. From the article, I'd guess that it's at least thousands of do
Re: (Score:2)
So what if we had an authenticated wireless system (similar to SSL or SSH) using signed certificates? It pushes the processor requirements in a WAP up a little, but isolates users from each other.
I think there are ways to do this sort of thing but at present they're complex and enterprisey...
tcpcrypt (Score:2)
Re: (Score:2)
how about updating to IP6 and get ipsec as part of it?
Re: (Score:2)
Even a $300 / yr EV cert [wikipedia.org] is cheap for the top 100 internet properties.
Re: (Score:2)
I got a PositiveSSL (trusted by every major browser) cert for free when I bought my $8 domain.
Re: (Score:2)
> Because certs from "trusted by default" organizations are ridiculously expensive.
Aside from the money, the "trusted by default" organizations will not only be 'trusted' with the actually intended SSL-site, but equally 'trusted' for the 'officially' signed TLA MITM certificate. It's 2am...do you know where your Gmail certificate comes from?
Re: (Score:2)
Because certs from "trusted by default" organizations are ridiculously expensive.
Some are free:
http://www.startssl.com/?app=1 [startssl.com]
http://www.startssl.com/?app=39 [startssl.com]
The Startcom CA cert appears to be installed in current versions of Firefox, Google Chrome and IE.
Re: (Score:2)
"It's taught people to think that insecure browsing is safer than SSL with self-signed certificates."
Look at it this way - someone sees the 'https' and thinks it's secure, so they do their internet stuff over it, potentially with sensitive personal or financial data.
Is it secure? Is it bollocks. MITM is perfectly possible. To the extent that in our arms-race-at-starbucks scenario where the hacker has done his ARP spoofind and DHCP, you just add an MITM proxy for SSL connections. Done, your self-signed certs
Re:Ridiculous And Totally Not Helpful (Score:5, Insightful)
> Is it secure? Is it bollocks. MITM is perfectly possible. To the extent that in our arms-race-at-starbucks scenario where the hacker has done his ARP spoofind and DHCP,
> you just add an MITM proxy for SSL connections. Done, your self-signed certs are now useless.
You're right. And yet this "It's gotta be perfect or it's gotta be nothing at all!" attitude is IMHO what has held crypto back a lot more than necessary. Regardless of crypto and its setup, it's still just one part of a security chain...a chain, which even in the best of circumstances will NEVER achieve 100% security! So let's cut the scare-mongering and focus on not black or white, but lovely hues of security degrees. Something people already know (traffic lights):
Browser location bar is:
Red: unencrypted plain-text HTTP
Yellow: encrypted, unauthenticated HTTPS
Green: encrypted and authenticated HTTPS
Just a suggestion.
Re: (Score:2)
I'll leave you in charge of the communication and education campaign so that John Q Public gets the message reliably then!
'cos some of them are only just figuring out that seeing https in the url bar is a good thing, let alone any of the other indicators their browsers show them...
It's true, unless you personally vet and keep track of the authorities your browser allows, it's not perfect. But I don't think I really see much benefit from allowing self-signed stuff more easily, particularly when an unauthenti
Re: (Score:2)
> I'll leave you in charge of the communication and > education campaign so that John Q Public gets the > message reliably then!
John Q Public isn't getting the message now! All s/he usually knows is click Next until the page displays. We assume, that there is some inherent or trained "sense-of-security" with users. Fact is, there isn't. Especially not with the multiple innocuous SSL-Errors, like expired certs, misconfigured (shared) domains etc.pp.. I fully believe, SSL, while nice in concept, to b
Re: (Score:2)
With self-signed certs, you are vulnerable just once. With VeriSign's protection racket, you are vulnerable every single time.
Especially if your first connection is from home rather than some suspicious cafe, an active hijack would require subverting one of routers on the way or your/your ISP's DNS server. There's typically only around ten or so routers on the way, so the attacker would need to either break into one of those few boxes or bribe an ISP employee (small crooks -- an admin, gov crooks -- the C
Struck out HTTPS (Score:3, Insightful)
someone sees the 'https' and thinks it's secure
Chrome does it right, with three different indicators in the URL bar: nothing for HTTP, a struck-out HTTPS for a self-signed certificate, or a plain HTTPS for a commercial certificate. But you still need an IPv4 address because downlevel clients won't send the SNI.
Re: (Score:2)
> Until something changes with either the browsers or the signing process, we'll never see 100% SSL use
It'd be great to use PGP/GPG's Web-of-Trust also for SSL sites. So if you have a trust path in your e-mail to the CEO of a company, that company's SSL site would also be accepted on the same terms. After all, people make/run web sites and people use them!
Combine with DNSSEC at your leisure.
Self-signed certs are vulnerable to MITM'ing (Score:2)
that doesn't mean they're not useful for encrypting traffic
That certainly depends on where you want your encrypted traffic to go.
Suppose you have (you'll never guess the names) Alice connected to Eve who is connected to Bob. Alice would like to send Bob a secret message.
She asks Eve for Bob's key. She gets back a self-signed key. She encrypts her message with this key and gives it to Eve.
Bob sees this: I'm asked for my self-signed key, so I give it out. Then I receive an encrypted message.
Eve does this: when Alice asks her for Bob's key, she asks Bob for his ke
Re: (Score:2)
You cannot trust all CAs for everything.
You can trust some CAs for some things (you don't have much choice if you want to use https with your bank anyway).
So certificate patrol warns you if your bank cert one day appears to be signed by a different authority.
My bank changed their cert and CA one day, and certificate patrol warned me when that happened.
Re: (Score:2)
Yeah I've suggested this before him, but at least I got that part right[1] :).
http://slashdot.org/comments.pl?sid=1578784&cid=31437480 [slashdot.org]
http://it.slashdot.org/comments.pl?sid=457132&cid=22455074 [slashdot.org]
It's quite sad "Sophos Researcher" doesn't seem to know how broken WiFi security is.
[1] Somewhat right anyway - seems like the "secure" mode I mentioned in those posts might not be that secure: http://wifinetnews.com/archives/2010/07/researchers_hints_8021x_wpa2_flaw.html [wifinetnews.com]
Blame the WiFi standards bunch, they can
Standard Default Password? (Score:2)
Re: (Score:3, Interesting)
Re: (Score:2)
Unencrypted access points already use a standard password
No, they don't. Unencrypted access points don't use a password at all. The password in WPA et al is used to generate a key; unencrypted networks don't have a key.
Re: (Score:2)
Whoops! Got me there! It isn't that they all use the same blank password, they actually don't use a password at all! Unencrypted networks don't have a key, nor do they (generally) have a password.
Whatever... My point was that there is no difference between a passwordless network and one that has a standard (empty) password which you never need to enter. Furthermore, as far as authentication is concerned, there is no difference between an open, passwordless network and a WPA2-encrypted network with a
WPA2 minimum passphrase length... (Score:5, Insightful)
... is 8 characters.
Re: (Score:2)
Re: (Score:2)
I have the distinct impression that he is getting at using a word that makes people think "hangon, maybe I should change this" rather than just going "oh my wireless works now". We're still going to have issues with codes generated on phone numbers or serials or whatever, but making it a little more obvious to the end user that what they are connecting to is available to anyone should help (hahahahaha)
Re: (Score:2)
Re:WPA2 minimum passphrase length... (Score:5, Funny)
freeeeee?
Re: (Score:3, Funny)
freeeeee?
...dooommmmmm!!!!!!!
'Free' or 'free'? (Score:4, Informative)
Re:'Free' or 'free'? (Score:5, Funny)
FreeWiFi (8 characters, combines lower and upper case to make it more secure ;)
I find it sad... (Score:2, Informative)
That a security research doesn't know better than this. Encryption with a PSK is useless as far as sidejacking is concerned. There is no decent client to client encryption unless you use WPA/2 Enterprise.
To suggest otherwise is bullshit, and he should be blaming the websites who are the problem.
That says a lot about the 'researcher' (Score:5, Insightful)
He's not a researcher, he's a salesman (Score:5, Informative)
Uhmm, maybe Sophos should invest in security training of their staff before they start selling supposed security products.
He's neither a researcher (someone who works in the virus labs) nor an engineer (someone involved in development of our endpoint or management products). He's in sales. Nothing to see here people, move along.
Posting anonymously because I work there.
Paid wifi (Score:2)
The logical extension of this is that for paid wifi, we can always use the password "paid" right?
Re: (Score:2)
Exactly. This was the first thought in my mind when reading the article... businesses that sell (or rent) wifi access are not exactly going to be thrilled to give out the password "free" and then turn around and ask for money for said access. Not exactly a good way to start a business transaction... sounds too much like bait-and-switch. "the password is "free", but please enter your credit card details..."
Free (Score:4, Funny)
That's amazing! I've got the same password on my luggage!
-
Here's how I'd do it. (Score:4, Insightful)
1. Bring laptop with extra WiFi dongle into a public area.
2. Connect to Free WiFi spot using internal nic.
3. Act as an Access Point on second nic with a cooler sounding SSID.
4. NAT traffic to first WiFi net and grab everything of interest.
5. ???
6. Profit!!!1!!ONE!
Re: (Score:2)
You could always do that even if every 'open' access point was encrypted. If you want to start mandating legal licensing of access points than I think you're going to find some resistance from this crowd. If else, how can you assure that anything I'm connected to is legitimately what I think it is? That, or we start creating a registry of 'official' access points in the wild, and start issuing certificates like SSL currently works. Both require bureaucracy, and expense, and both are pretty much the only sol
localization (Score:2)
Now anyone who travels abroad frequently will have to learn the local equivalent of 'free' in every location. Horrible for people who airport-hop internationally :)
(It's bad enough to try to figure out Google's language settings)
Automatic login attempts... (Score:2)
will still get you arrested for illegal breach into a seemingly closed system. The attempt (even if performed by the system) is still your legal responsibility. The only possible caveat being that this workaround somehow becomes part of the next wireless standard, in which case its assumed that you are offering your services for all to consume. Having an automatic attempt to connect using 'free' as a colloquial solution to WPA2's flaws are the wrong approach.
A smarter research would suggest SSL (Score:2)
How the heck do you even know you are connecting to starbucks hotspot and not my credential-grabbing Linux laptop? If you need security, you need it all the way to your destination, as in https://www.facebook.com/ [facebook.com]. If SSL doesn't scale, let's develop a lightweight replacement that may be susceptible to pattern analysis or stream corruption but not theft of data transmitted in regular use. Even HTTP digest authentication would do more good than known password sent to an unknown wireless service for many site
Here's a proposition (Score:2)
I suggest the keyword "Sophos" to mark advertisements for snake oil sold as computer expertise disguised as interesting article submissions.
One problem with WPA2 (Score:2)
It's computationally heavy.
A friend got Skype on his smartphone. WPA2 works. Skype works. Skype over WPA2 doesn't work - hiccups, pauses - the ~400MHz CPU is too weak to perform voice encoding and WPA2 encryption together. WEP is fine though.
A simple modification to EAP-TLS (Score:5, Interesting)
Christopher Byrd has a simple modification to EAP-TLS that disables client certificate validation to provide more secure open wi-fi:
http://riosec.com/open-secure-wireless [riosec.com]
This would require modifying only the Authenticator and the Supplicant, and it would be a simple modification to both.
Re: (Score:2)
And some Supplicants would be able to connect unmodified by using a dummy certificate.
Brain damage detected. (Score:2)
An attacker doesn't need to sniff anything. Why bother? Just fire up your own hotspot, name it "Courtyard Marriott" or "Starbucks", and trawl away.
Think about it every time you connect to a free public hotspot.
Re: (Score:2)
My old laptop had an RTL Mini-PCI chip in it that let it serve as a wireless access point even under Windows. You just run the utility, switched to AP mode and filled in the details. You could even then forward it onto another wireless network using a wireless dongle, or do fancy things along the lines of "range-extending" an existing network.
Setting up a hotspot for friends on a 3G dongle took about 5 minutes, and I would't have to have anything "suspicious" looking on my desktop to be inside the cafe an
Not good. (Score:2)
It's better to just accept any password.
Free... (Score:2)
Re: (Score:2)
Re: (Score:3, Informative)
The client has the keys only to decrypt traffic targeted to the client, not to other clients.
Re: (Score:2)
Firesheep works by stealing cookies. When you connect to www.whatever.com your browser sends all the cookies it has for that domain as part of the HTTP header (that's how cookies work).
Sites like facebook keep you logged in via a cookie. If somebody can grab that cookie they can log onto facebook as you without even knowing your password. A packet sniffer can steal cookies.
Moral: Set your bookmark to "https://www.facebook.com" so that the cookie is sent via a secure connection.
Re:This will not work. (Score:4, Informative)
It is easy to bypass though by capturing a four-way handshake. A fake authentication can be used in order to have a client go though it again.
Re: (Score:2, Insightful)
No.
Re: (Score:2)
And the 'Free' in the title as well.
Re: (Score:2)
Computer programmer, are you?
Re: (Score:3, Interesting)
Except when you're signifying an explicit string that will need to be readable by a computer. I would tend to err on the side of caution lest someone mistake my correct English punctuation for some sort of design intent.
Re:Careful with those quotation marks (Score:5, Informative)
I'm afraid it is not that simple. You should always be wary of assuming that the rules used in your locality are universal. There are two styles in general use regarding punctuation and quotation marks. See the wikipedia entry [wikipedia.org] on the subject:
In the U.S., the standard style is called American style, typesetters' rules, printers' rules, typographical usage, or traditional punctuation, whereby commas and periods are almost always placed inside closing quotation marks. This style of punctuation is common in the U.S., Canada, and in the U.K. in fiction and journalism.
The other standard style--called British style or logical punctuation--is to include within quotation marks only those punctuation marks that appeared in the quoted material, but otherwise to place punctuation outside the closing quotation marks.
Using the British style is less ambiguous in this case.
"British" style is indeed logical (Score:5, Interesting)
It's also perhaps worth noting that punctuation style is nothing at all to do with correct English. Punctuation is there to help understand the text, not to be part of it, and anyone who has ever trained as a copy editor knows that there are endless arguments over its proper use. If putting a full stop inside a quote means someone would naturally consider it part of the quoted material, it is clearly wrong.
Re: (Score:2)
Mind you, you say that the "American style" is used in UK fiction and journalism and I'd argue that they comprise the vast majority of UK literature anyway, so could be argued to be the "British style" too.
Still, I guess that Wikipedia must know best. It's not like it can just be edited by a
Re: (Score:2)
Still, I guess that Wikipedia must know best. It's not like it can just be edited by anyone...
It has sources cited. What's your source besides your 30 year old education? I just looked at an online UK newspaper and saw the following [telegraph.co.uk]:
Last November, he was arrested by the police and then charged in March with "creating a disturbance".
Re: (Score:2)
Still, I guess that Wikipedia must know best. It's not like it can just be edited by anyone...
What is it about lazy people who can't believe that they're wrong.
Can't dispute the fact, well lets just attack wikipedia because you've got a stick firmly up your ass.
Follow the fucking citation.
Hyde, Grant Milnor. Handbook for Newspaper Workers. D. Appleton and company, 1921, p. 38
http://www.amazon.com/Newspaper-Punctuation-Journalistic-Structure-Typographical/dp/1150066504 [amazon.com]
Re: (Score:2)
I tried it (Score:2, Funny)
Watch out! I tried typed in "Free" instead of of "free" like the Sophos Dude recommends and it wiped out all my time machine backups.
Well, at least that's what happened after I hard crashed my computer in the middle of a back up. But I'm sure it was sophos to blame.
Re: (Score:3, Funny)
Watch out! I tried typed in "Free" instead of of "free" like the Sophos Dude recommends and it wiped out all my time machine backups.
Well, at least that's what happened after I hard crashed my computer in the middle of a back up. But I'm sure it was sophos to blame.
"Free" doesn't seem a very secure password. They should put some numbers and symbols in it.
Re:I tried it (Score:4, Informative)
Because WPA2 generated per session keys.
Although everyone connecting would use same password (in this instance free).
Each session key would be unique and thus would prevent snooping.
Theoretically one could redesign WPA (WPA3) to have a passwordless mode where traffic is still encrypted however no password is needed. This is simply a "could work today" modification of existing protocol.
Re:I tried it (Score:4, Insightful)
... educate people ...
I think I see a problem with your scheme ...
Re:I like this. (Score:5, Interesting)
I've suggested this before a few times: http://it.slashdot.org/comments.pl?sid=457132&cid=22455074 [slashdot.org]
Thing is he left out the part where there are two different modes of WPA2.
One (WPA2 PSK) where if everyone has the same password, it's still not secure (know the same key, sniff a session's 4 way handshake, and you can decrypt that session's traffic).
And one (the other WPA2) where it's supposedly more secure, but apparently still has problems: http://wifinetnews.com/archives/2010/07/researchers_hints_8021x_wpa2_flaw.html [wifinetnews.com]
Yeah, not so simple for Starbucks to get right...
Basically the WiFi standards bunch screwed up. So I actually blame them for a lot of the problems. So many years and they still haven't got WiFi to the level of TLS/HTTPS.
HTTPS doesn't solve the "stupid user problem", or the "browsers not warning users of changed CAs", but at least the tech/standard isn't that crap, it's more a people problem.
Re:I like this. (Score:5, Insightful)
Basically the WiFi standards bunch screwed up. So I actually blame them for a lot of the problems. So many years and they still haven't got WiFi to the level of TLS/HTTPS.
So use TLS/HTTPS over wifi. Why should the Wifi standard solve a problem that's already been solved? Wifi only has to be as secure as a wired network, at which point we can use all the protocols we use to keep our systems secure on the public internet.
Re:I like this. (Score:4, Insightful)
So use TLS/HTTPS over wifi. Why should the Wifi standard solve a problem that's already been solved
Solved already? Really? The last I checked "zillions" of sites don't support https. Slashdot for instance.
Some people can tunnel or VPN everything to a trusted gateway, but how many cafe users can do that? So the problem is NOT solved.
I hope you can figure out for yourself the difference between someone sniffing/exploiting traffic at a cafe, and someone doing it at the ISP or peering level.
Wifi only has to be as secure as a wired network
Yes, but it's _far_ from as secure at the moment. So they have failed.
1) It's harder to "sniff" a wired network that a wireless one. You need a free port for the former and you need to do stuff like mac-flooding (which can be detected). Or you need super duper Tempest stuff.
2) It's easier to set up a wired network where devices plugged into one port cannot snoop traffic from devices in another port. You could do this by either using what Cisco calls "port security" (other vendors have their own terms for it), or do "per port VLANs".
I was in the "hotel internet" line for a while, and we configured our switches so that guests plugged into a port could only talk to our gateway server. So guests using the wired connections were protected from other guests. They might not be protected from the NSA/CIA/KGB/FBI once their traffic leaves our control, but that's arguably beyond our responsibility.
Whereas wireless connections didn't allow us to protect guests from each other (at least while making it easy for guests to still use the system).
I am well aware that wireless connections can be DoSed more easily than wired connections, so no matter how much crypto you have, it's still jammable, but that would be a different threat level. Guests could still plug in to the wired port, lose the convenience, but still do their stuff.
FWIW: if a guest plugs into a wired port and intentionally/unintentionally tries to mess with the system we can usually figure out where that guest is, call the guest up and usually resolve things, even if we are in a different continent.
Re: (Score:3, Informative)
Because they screwed up: http://wiki.wireshark.org/HowToDecrypt802.11 [wireshark.org]
"WPA and WPA2 use keys derived from an EAPOL handshake to encrypt traffic. Unless all four handshake packets are present for the session you're trying to decrypt, Wireshark won't be able to decrypt the traffic. You can use the display filter eapol to locate EAPOL packets in your capture. "
So if all four handshake packets are there (there are ways to help ensure you see them ;) ), you can crack WPA2 PSK, today with wireshark.
And both the PS
I don't see the point (Score:2)
In what way is using a key that everybody knows any more secure than using no encryption at all?
A better idea is to have open wifi still negotiate a password with everybody who uses it, and use that just to encrypt the communication. No hassle at all, yet your communication is as secure as the wifi-owner wants.
Standards conflate encryption and authentication (Score:5, Informative)
Most of the Wifi systems are negotiating a random session key and using the password to authenticate it, so that's doing pretty much what you want.
However, they were mostly designed with the assumption that the objective is to prevent unauthorized access, not to protect the contents of the communications from eavesdropping, so the only way you can get encrypted sessions is to have password control, which is too bad.
Re:Standards conflate encryption and authenticatio (Score:4, Funny)
Re: (Score:3, Interesting)
Set SSID to "password = free" etc. (Score:5, Interesting)
If you put the password in the SSID so it's obvious, people won't have to guess if you're following that convention, or the convention that the password is "guest" or whatever.
Re:I like this. (Score:5, Informative)
On a WPA2 network, a user cannot eavesdrop on another user despite having the same key, because a unique handshake is performed when each user connects. Without the data that was passed in the handshake, an eavesdropper has no way of decrypting your traffic.
They can, however, force your connection to be reset, and when you reconnect they can capture the handshake. With the data that was passed in the handshake, they can decrypt all of your traffic.
Re: (Score:3, Interesting)
You can capture the handshake w/ WPA but not WPA2.
Or more technically sniffing the WPA2 handshake will not allow you to decrypt the traffic.
Of course TKIP is flawed and was only really included to allow backwards comptibility. WPA2 AES should be the only option.
Re: (Score:3, Insightful)
Two guys, Diffie and Hellmann thought up a protocol that allows someone to listen to a "key exchange" without being able to determine the key that the two parties decide on.
One party decides on a base (g) and a modulus (p) and sends it to the other side. Our attacker will of course grab this info. Next each party will think up a number. Alice choses a, Bob choses b. Alice sends g^a mod p to Bob. Bob sends g^b mod p back to A. They key is then easy to calculate for Alice and bob. Alice does K = (g^b)^a = g^a
Re: (Score:2)
Re: (Score:2)
It's not at the game level, it is at the device level. The Nintendo DS only supports WEP.
Nope, apparently it is at the game level. The DSi supports WPA but only on DSi games. DS games don't support it because the network drivers are bundled with the game or something equally daft.
Re: (Score:2)
Yep, having a VPN at home also allows you to access your home computers from anywhere you have Internet access. It can be combined with Windows's Remote Desktop, for example.
Re: (Score:2)
IMO most security experts who spout garbage like this suggestion from Sophos should be taken outside, placed against a wall and subjected to a fire power demonstration using a range of handguns.
Idiots like this give the IT security field a bad name as being made up of charlatans and snake-oil sales men. More cowboys in this field now than the Wild West used to boast... and more bullshit generated than all the bulls in the wildwest used to ;)