Full Disclosure mailing list archives

Re: Wireless ISPs

From: Chris Adams <chris () improbable org>
Date: Tue, 11 May 2004 20:52:35 -0700


On May 11, 2004, at 17:24, Kurt Seifried wrote:

Folks. WEP is POINTLESS for public access points.


s/ for.*//

WEP/WPA/LEAP/802.1x and anything else which puts trust at the networklevel are close[1] to snake-oil - even if they actually worked aspromised the only thing you get is a false sense of security becausethere's this assumption that the rest of the network is trustworthy.You get far more real security simply enabling the strong end-to-endcrypto in the products you already use and you save a ton of money bynot chasing the latest acronyms, too.

Now a technical person can do something like SSH port forwarding andstuffall their email traffic and web browsing through a secure system ontheoutside. But someone like my mother is supposed to do what exactly?Have a
 colocated machine somewhere she can VPN off of, or SSH port forward?

Check the "Use SSL" box in her email client, optionally switching to acompetent ISP if this doesn't work.

We recently switch our POP/IMAP services over to a mandatory-SSL configand used the same approach other people in this thread have mentioned:3 months of warnings and then disabling the insecure versions. The onlyproblems we had were a couple of people with antique Eudora installswho didn't want to upgrade. Other than that there was no grumblingthanks to an ettercap demonstration and the extremely low amounttrouble/benefit ratio - we get far more whining each time we suggestthat people install the latest Windows / Office security updates.

It's just not that hard to deploy SSL any more since almost any networkclient in common use includes SSL support by now - the biggestexception is file sharing and it's not like people are used to doingWindows networking over the internet - the worms have seen to that.


Chris

[1] I say close because it may be legally useful to say the network wasrestricted if you need to sue a spammer or something.

Attachment: smime.p7s
Description:

Current thread:

Re: Wireless ISPs, (continued)
- - Re: Wireless ISPs Sean Milheim (May 11)
    - Re: Wireless ISPs Jeff Workman (May 11)
    - Re: Wireless ISPs Maarten (May 11)
    - Re: Wireless ISPs Valdis . Kletnieks (May 11)
    - Re: Wireless ISPs Ron DuFresne (May 12)
    - Re: Wireless ISPs KUIJPERS Jimmy (May 12)
  - Re: Wireless ISPs Frank Knobbe (May 11)
    - Re: Wireless ISPs D B (May 11)
    - Re: Wireless ISPs Kurt Seifried (May 11)
    - Re: Wireless ISPs D B (May 11)
    - Re: Wireless ISPs Chris Adams (May 11)
    - Re: Wireless ISPs Sean Milheim (May 11)
    - Re: Wireless ISPs Valdis . Kletnieks (May 11)
  - Re: Wireless ISPs Maarten (May 11)
  - Re: Wireless ISPs Xavier Beaudouin (May 12)
- Re: Wireless ISPs D B (May 11)
  - Re: Wireless ISPs Scott Taylor (May 11)
    - RE: Wireless ISPs Aditya, ALD [Aditya Lalit Deshmukh] (May 12)
    - Re: Wireless ISPs Valdis . Kletnieks (May 12)
  - Re: Wireless ISPs Konstantin Gavrilenko (May 11)
  - RE: Wireless ISPs amilabs (May 11)

(Thread continues...)