Firesheep? Not on a Hautspot network
Many of you know that I am the Chief Network Architect for Hautspot. LLC, a little Wi-Fi company which, among other things, is a CLEAR Local Master Platinum Distributor in the Washington, DC metro market. Hautspot's main focus prior to entering into the distributorship agreement with Clearwire, was (and still is) managed Wi-Fi networks built on technology from Sputnik, Inc.
I stumbled upon this article on The Register this evening, describing an engineer at his local coffee shop (the establishment shall remain unnamed on my blog, because I truly despise their idea of java - and I'm a real coffee drinker) using Firesheep - a Firefox extension which allows one to pick off other users' authentication cookies over open networks - and easily hacking other people's social networking accounts (no surprise there, huh?), among other things.
Fortunately, most of our hotspots employ SSID Client Isolation, which is a technology which prevents neighboring users from snooping on other patrons' connections. No client-side configuration is necessary. No crackable VPN passphrases (Steve Gibson, for whom I have the utmost respect, is dead wrong with his suggestion of simply enabling WPA encryption on public WLANs and using a commonly used term, such as the venue name or even "free," as these can be so easily cracked and the system made vulnerable to MITM attack). It simply makes it impossible to route traffic from, say, 192.168.1.55 to 192.168.1.56 on the same LAN; the router won't pass the packets. Period.
Venue owners: for a few $$ per day, you could be enjoying secure, advertising-supported (i.e., you sell ad space on your very own portal page, thus offsetting the cost of the managed service) hotspots, with your own branding for all to see. Authentication is handled on our server. All that's needed on your end is a router/AP, which we provide, and a broadband connection (and if you don't happen to have one of those, we can usually fix that for you, too). Contact us for more info and a FREE site survey.
Related posts:
- Why social networking sites are evil…E-V-I-L (part 3) More examples of people opening themselves up to strangers on...
- Scammers target travelers using hotel Wi-Fi | Fox News Video As usual, media pieces for the consumption of the masses...
- Why social networking sites are evil… E-V-I-L (part 2) The folks at ProtectMyID.com seem to understand the risks of...
- Why must people carbon copy (cc) all the time? With the ease of 21st century communications comes the added...
- Forget those long tweets! Now you can chirp! Indeed, it was bound to happen sometime. The ability to...
Maybe the whole social networking fad is winding down?
And in the good news department, The Register is citing an All Things Digital article from 3 November, 2010 which mentions the overall decline of MySpace revenues and the possibility of NewsCorp shutting down the beast...er...monster...er...spy haven...er...social networking site.
Related posts:
- Scammers target travelers using hotel Wi-Fi | Fox News Video As usual, media pieces for the consumption of the masses...
- Why social networking sites are evil… E-V-I-L (part 1) Social networking sites are evil. They encourage an unguarded atmosphere,...
- Why social networking sites are evil…E-V-I-L (part 3) More examples of people opening themselves up to strangers on...
- Firesheep? Not on a Hautspot network Security at a public hotspot? No such thing. However, there...
- Ramdom thoughts on the 2011 (and beyond?) Firefox release schedule Why is it that all major design decisions seem to...
Why social networking sites are evil…E-V-I-L (part 3)
No news to me that this has happened. The question is, of course, how many other times has this happened that we haven't heard, and when will people learn?
Facebook developers exiled for selling user IDs to brokers
and... how about this one?
Law & Order actress Kathryn Erbe's brother testifies at stalker trial
This whole "friending" thing is about as annoying as the "follow me" nonsense. Remember when the verb form of the noun "friend" was "befriend?" Now, we have to have a whole new word for it (for some reason), unless the ignoramuses really don't know that there already is a verb for making friends... Yikes! It's even listed with a definition on Google Dictionary.
My friends, we're losing the war...
Related posts:
- Forget those long tweets! Now you can chirp! Indeed, it was bound to happen sometime. The ability to...
- Why social networking sites are evil… E-V-I-L (part 1) Social networking sites are evil. They encourage an unguarded atmosphere,...
- Why social networking sites are evil… E-V-I-L (part 2) The folks at ProtectMyID.com seem to understand the risks of...
- Firesheep? Not on a Hautspot network Security at a public hotspot? No such thing. However, there...
- Maybe the whole social networking fad is winding down? I guess I shouldn't be happy about people having to...
Why social networking sites are evil… E-V-I-L (part 2)
No long oratory this time, just a link, further proving my point concerning the risk of identity theft.
Related posts:
- Why social networking sites are evil… E-V-I-L (part 1) Social networking sites are evil. They encourage an unguarded atmosphere,...
- Why social networking sites are evil…E-V-I-L (part 3) More examples of people opening themselves up to strangers on...
- Forget those long tweets! Now you can chirp! Indeed, it was bound to happen sometime. The ability to...
- Maybe the whole social networking fad is winding down? I guess I shouldn't be happy about people having to...
- Firesheep? Not on a Hautspot network Security at a public hotspot? No such thing. However, there...
Why social networking sites are evil… E-V-I-L (part 1)
I don't visit social networking sites. Like many others, I get regular invitations to "join my {fill-in-the-blank} page" and am bombarded with that inane "follow me on {whatever}." I can't stand it. I get invitations to join sites which are supposedly business-related, helping consultants to "network." (And for the life of me, I can't figure out the "follow me" terminology... What, like the Pied Piper of Hamelin?)
Ugh. Disgusting. People might as well ask me to come clean the scum off of their swimming pools.
As an IT consultant, I've been preaching for ages about the possible security concerns these sites pose, let alone the blackhole of lost productivity when employees spend hours during the workday blogging instead of doing the work for which they are supposedly being paid.
We recently had an incident at our office where a client sent a note to my brother via one of these sites, containing some rather specific information regarding her financial matters... As always, the uninformed populace is its own worst enemy. We are the ultimate guardians of our own privacy; if we don't pay attention to such things, breaches in security are our own fault.
There's an interesting write-up here concerning the ever growing spam problem as it relates to just one of these sites, and further info may be gleaned here and here (and the latter link dates to 2007).
Related posts:
- Why social networking sites are evil… E-V-I-L (part 2) The folks at ProtectMyID.com seem to understand the risks of...
- Why social networking sites are evil…E-V-I-L (part 3) More examples of people opening themselves up to strangers on...
- Forget those long tweets! Now you can chirp! Indeed, it was bound to happen sometime. The ability to...
- Maybe the whole social networking fad is winding down? I guess I shouldn't be happy about people having to...
- Firesheep? Not on a Hautspot network Security at a public hotspot? No such thing. However, there...
Recent Posts
- Novell Client for Windows (32-bit) Internal Error 0x00008993
- Noisy utility company email
- The importance of Common User Access design guidelines in 2018
- Navigating Coinbase’s customer support
- Configuring the IOGEAR GWU627 wireless ethernet bridge device under ArcaOS (and OS/2)
Categories
Support Pages
Posts by Date
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
| « Jun | ||||||
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | 31 | |||||
Log In
Email Notifications
RSS Feeds
Recent Comments
- LewisR on Installing Windows Server 2008 R2 x64 on the HP Proliant DL380 G4
- LewisR on Installing Windows Server 2008 R2 x64 on the HP Proliant DL380 G4
- justintd on Installing Windows Server 2008 R2 x64 on the HP Proliant DL380 G4
- LewisR on WP Post to PDF Enhanced
- pdfsc on WP Post to PDF Enhanced