Thanks for the response Thomas! I still believe that it's not a hardware network issue, but rather a site specific issue - especially, as many tend to share wifi networks in public spaces (think coffeeshop, airport.) I think this is something the Amazons, Googles, and Facebooks of the world must close on themselves and serve sites that are fully encrypted https. The futures I see, as we grow in data encryption this year (especially with cloud computing becoming so big) makes me feel like I'm in Bladerunner. -Sharon On Oct 27, 2010, at 7:56 PM, Thomas Jones wrote:
To resolve this security issue, youd need to use an 802.1x solution which unfortunately is overkill, and quite honestly too complicated for an average home user to use on their home wifi routers. This of course isnt about home users, but rather anyone who chooses to implement a "standard" setup of a home router. The problem is that our "standards" are quite lax, and to be frank, are too low.
I have skimmed over some blog posts about using TLS to resolve the issue, but I have not had a chance to dive into this further.
It is our responsibility as educated and fluent industry professionals, ethically and otherwise, to not only educate but simplify the complexities of IT security to our laymen counterparts.
It is also the due diligence of major hardware vendors such as Netgear, Linksys (Cisco) et al to make the complexities of their software simple enough for novice users to secure devices (or i nternet access) in such a manner that protects the users whom are unable to protect themselves. It by no means is a legal obligation, but I dare anyone to contest that its not the right thing to do.
Some corporations use dot1x, some do not. It requires some type of intermediaty authentication mechanism such as RADIUS or TACAS. In short its an identity based security solution which secures your connection to the internet.
I will investigate further but my schedule is absolutely slammed this week.
HTH,
-- Thomas Jones http://www.ThomasAllenJones.com http://twitter.com/OtherTomJones http://www.linkedin.com/in/TheOtherTomJones
One should guard against preaching to young people success in the customary form as the main aim in life. The most important motive for work in school and in life is pleasure in work, pleasure in its result, and the knowledge of the value of the result to the community. -- Albert Einstein, On Education --
Sent with Sparrow
On Wednesday, October 27, 2010 at 10:31 PM, live wrote:
I'm slightly tongue in cheek with that subject line, however something has come to pass this week which may change everything. So for many years, security for typical online users has only been a passing thought, if a thought at all - so many users use the web via non end-to-end encrypted http.
This week at Toorcon 12 (hacker conference), a developer Eric Butler release a Firefox add-on called Firesheep that has put many major site engineers in a tizzy. Using this quick, easy add-on a user can easily hijack the authenticated Facebook sessions of people sharing the same wi-fi network. Or any site's session, not just Facebook, if it's unencrypted. Basically, you can control another users Facebook account if they are logged into Facebook on the same wifi network as yourself. Or you can Twitter as them. Or be on Amazon or Google. All by downloading this little plug-in. Think your information's safe at the airport, using their wifi network? Think again. I've downloaded the plug-in and know that it works.
So, my interest leads to these kinds of questions: how is this going to change our society's view on security? It only takes one incident in the news - say a tragic event befalls someone who had a stalker - before the lawsuits begin flying and no amount of tight legal EULA will stop this digital economy from slowing way down. Will Mom and Pop Wilson get to understand what an encrypted http is? Are we growing up in our society's education & understanding of technology?
Would love some feedback on these thoughts. Firesheep can be found here: http://codebutler.com/firesheep
Cheers, @SharonG
[Non-traditional undergraduate student still looking for an Anthropology or Experimental, Applied, or Social Psychology graduate program to call home. Suggestions welcome.] _______________________________________________ The Air-L@listserv.aoir.org mailing list is provided by the Association of Internet Researchers http:// aoir.org Subscribe, change options or unsubscribe at: http://listserv.aoir.org/listinfo.cgi/air-l-aoir.org
Join the Association of Internet Researchers: http://www.aoir.org/