[kwlug-disc] More on Firesheep and encrypted wifi
Khalid Baheyeldin
kb at 2bits.com
Thu Nov 11 19:07:21 EST 2010
On Thu, Nov 11, 2010 at 5:30 PM, L.D. Paniak
<ldpaniak at fourpisolutions.com>wrote:
>
> Here is a short blurb on why having WPA/2-PSK turned on on your wifi
> doesn't help solve the problem of people stealing your cookies.
>
> http://www.boingboing.net/2010/11/10/password-doesnt-shea.html
>
> I find it odd that WPA-PSK does not negotiate per-user keys in a more
> secure way. It is so close to having complete credential isolation not
> only from people outside the network, but inside as well.
>
> Looks like the only options are VPN back to a trusted network
There is no such thing as a back to back VPN. So the maximum we can
hope for is to encrypt the first leg (which is over public WiFi and hope for
the best for the rest of trip to the site. This will normally over wired
communications, hence less likely to have sniffers on.
or only do business with sites that care enough about your credentials
>
to use SSL for the whole transaction.
>
As much as I would like that, there just way too many sites out there,
as well as services that are not encrypted. A regular PC user will have
way too many services and only a fraction of it is encrypted. Think about
various Instant Messaging (Gtalk/Jabber/XMPP, MSN, Yahoo, AIM), IRC,
Skype, streaming audio from a radio station on the net.
Then when it comes to sites, there is RSS (e.g. Google Reader is not
encrypted), and several popular sites that have no encryption (e.g.
Facebook).
The issue here is that there are way too many pieces (sites, services) to
deal with. Waiting for each and every one to implement SSL is just not
practical.
I hope that encryption at a lower level would be the answer, e.g. IPSec.
Will we have to wait till we move to IPV6 for this?
In the meantime ...
Enough complaining: Should we doing something about all this? For
example, pool our resources and setup a VPN that we all can use for
for an at-cost fee?
--
Khalid M. Baheyeldin
2bits.com, Inc.
http://2bits.com
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
Simplicity is the ultimate sophistication. -- Leonardo da Vinci
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20101111/9d1327c8/attachment.htm>
More information about the kwlug-disc
mailing list