Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Wifi Security

  • From: Jeffrey I. Schiller
  • Date: Mon Nov 21 22:59:14 2005
  • Openpgp: id=F414952B

Steven M. Bellovin wrote:
> I frequently take the train to Washington; I've occasionally noticed 
> other PCs that appear to be looking for an access point.  I've been 
> tempted to put my machine into host AP mode (or use my travel access 
> point -- these trains generally have AC power), run a dhcp server, and 
> see what passwords I get.  But I've never been able to convince myself 
> that it would be legal, let alone ethical.
> 
> 		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb

I have in fact done this (well something similar). On a train from
Boston to New York I turned on my wireless card in ad-hoc mode, setup a
DHCP server and setup my phone for GPRS. Bingo, I had four other people
get addresses from me and presumably "do stuff" I didn't sniff their
traffic though. Good 'ole Windows (which they were presumably running, I
wasn't) was happy to go from infrastructure mode to ad-hoc mode and
associate with me.

There is a fundamental security dilemma here. Years ago the original
designers of Privacy Enhanced Mail (PEM) had the notion that users
couldn't be trusted, so the idea was that there would be one root CA and
it would only issue certificates to people who proved who they were.
Software would only trust this one CA. In this fashion, if the software
said "This came from Jeff Schiller, of MIT" by golly that is where it
came from. No end-user preferences to get wrong, no dialog boxes to
click away unread. I even remember arguments along the lines of if a
signature verification failed, the message would be discarded and the
user not permitted to read the "damaged" message.

The dilemma is that when you build such a system, the guy who is the
root always turns out to be a reptile (or is eaten by a reptile who
takes her place).

			-Jeff

-- 
=============================================================================
Jeffrey I. Schiller
MIT Network Manager
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue  Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
jis@mit.edu
============================================================================




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.