Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Wifi Security

  • From: Ross Hosman
  • Date: Mon Nov 21 10:03:17 2005
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=bwL2v3Olm7pyAsEcB+f6SwPGAuOqCgZ64z+Jlb0Wqg0zZHJC8QYbSWKrDc48dWw6L4WsROwCmO2i76s5iDwee+1NQvaSjafLyzeftQHiY4fmT///xk7O9XE9NiAyxTCMpL9bTJBNdVpM4ST7DmhV/bIRdukabjbIBhok/E9GuPI= ;



--- "Patrick W. Gilmore" <patrick@ianai.net> wrote:

> 
> On Nov 21, 2005, at 9:42 AM, Ross Hosman wrote:
> 
> > So my question is pretty simple. You have all
> these major companies  
> > such
> > as google/earthlink/sprint/etc. building wifi
> networks. Lets say I  
> > want
> > to collect peoples information so I setup an AP
> with the same ssid as
> > google's ap so people connect to it and I log all
> of their traffic.  
> > Most
> > people won't check beyond the ssid to look at the
> mac address but even
> > that could be spoofed. Is there anyway to verify a
> certain ap beyond
> > mac/ssid, will there be in the future? How do
> these companies plan to
> > mitigate this threat or are they just going to
> hope consumers are  
> > smart
> > enough to figure it out?
> 
> Why would you even need to set up an AP?  Why not
> just sit and sniff  
> traffic?  Gets you the _exact_ same information.
> 
> And why worry about Google, etc., when Starbucks and
> airports have  
> been doing this for _years_?
> 
> Lastly, most consumers are smart enough to know to
> use encryption  
> (the little pad-lock in their browser).  Some
> aren't.  Changing the  
> WiFi architecture is not going to save those who
> aren't.
> 

> -- 
> TTFN,
> patrick

I have to disagree that most consumers are smart
enough to use encryption. Most consumers are dumb as a
brick when it comes to the internet and especially
security. Take a look at the average AOL user and
you'll see what I'm saying.

Starbucks and t-mobile is a little bit different as
these networks aren't concentrated. As we companies
start covering entire cities I believe you could start
seeing this as becoming a regular problem.





		
__________________________________ 
Start your day with Yahoo! - Make it your home page! 
http://www.yahoo.com/r/hs




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.