Agreed. I'm no network engineer, as Thomas pointed out, but I do think that locking down hardware doesn't address the root of the issue. Especially in this day and age when internet usage is expanding, but the costs of home connection has not; this pushes lower incomed people to open connections much like a library asset, indeed sometimes they actually are. A small town I live near markets their downtown area as having 'free wifi coverage', to encourage people to visit. Hence, there are a lot of open networks in day to day living for a reason. I'd love to see a video of your IR demonstration. The tool is easy enough even for a social science geek; that's scary. On Oct 28, 2010, at 3:31 AM, jeremy hunsinger wrote:
while hardware level encryption would be nice... and it could in theory solve this problem... using it as a solution is sort of like... 'oh the water is polluted, let's route it through a sealed viaduct' solution. Sure, it works, but it doesn't address the cause, which is poor session management in browsers and other tools. This is a software problem at its base. you could have the same problem with a multi-link serial network, you could have the same problem on an ethernet network, or basically any broadcast level network with multidimensional routing. making the network itself stronger so people can't get on it, is one option, but as i said it doesn't address the direct problem which is that two computers which are trusting each other, are not using sufficient credentials to establish and maintain that trust. a session is basically a system of trust, one computer trusts the other computer to be what it says. also keep in mind that... you could always watch people' s open traffic and insert date into open streams, so the question is whether or not this is new or whether the system is actually broken at all. some of you may remember i demonstrated logs and insertions back at ir 2.0 as part of my 'scare the living daylights out of you over internet security' talk. this tool just makes that talk easier it seems. _______________________________________________ The Air-L@listserv.aoir.org mailing list is provided by the Association of Internet Researchers http://aoir.org Subscribe, change options or unsubscribe at: http://listserv.aoir.org/listinfo.cgi/air-l-aoir.org
Join the Association of Internet Researchers: http://www.aoir.org/