Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
- Subject: Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
- From: "Henry B. Hotz" <email@hidden>
- Date: Thu, 23 Feb 2012 14:22:27 -0800
If you're writing a WiFi standard, why would you worry about securely proving the identity of a network to a client before they connect? Anyone setting up a WiFi network would find it a lot easier to just change the SSID than to configure the necessary keys.
:-P
On Feb 23, 2012, at 4:46 AM, Silberberg, David wrote:
> I don't think this problem is specific to Apple devices/OSes. If I connect my Windows laptop to an unsecured wireless network called Linksys (or whatever) at one location, it's going to automatically connect to a similarly named network at another. The first time I connect to a common-named network, I'm going to get prompted; after that there's no other check other than the SSID name.
>
> Seems to me there's been all kinds of discussion on the web about NOT using default or common SSID names. For my two cents, it's up to the "service provider" to ensure that the SSID is unique. That would "force" a user to recognize the fact that a device was trying to connect, and give them the opportunity to allow or kill the connection.
>
>
>
> David Silberberg
> Don't anthropomorphize computers, they hate it
>
> -----Original Message-----
> From: fed-talk-bounces+david.silberberg=email@hidden [mailto:fed-talk-bounces+david.silberberg=email@hidden] On Behalf Of Henry B. Hotz
> Sent: Wednesday, February 22, 2012 11:16 PM
> To: Fed Talk
> Subject: Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
>
> I believe that attwifi works as described partly because it's not a protected/encrypted network. Doesn't mean it's not a problem of course.
>
> If you read the explanation below the "ask to join" switch, it clearly says that known networks will be joined automatically regardless of the position of the switch. Another consequence is that any access point which mimics the security configuration of a known network will be trusted. Same for a MacOS laptop.
>
> Hey, guys, we all knew that the security of WiFi was c*&($ anyway, right? It's not entirely Apple's fault.
> ------------------------------------------------------
> The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government.
> email@hidden, or email@hidden
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
email@hidden, or email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden