There are many examples of buildings with doors that have auto-close or even auto-lock. Perhaps our networking and computer systems should do the same.
I wouldn't mind a world where WiFi APs won't work unless both an SSID iy and a crypto-key are supplied. And if you don't pick a crypto-key, it autogenerates one using noise from its environment and shows it to you so you can write it down for your clients. Then there isn't even the concept of an unencrypted wireless communication, just how things are.
For example, does anyone use rlogin, rsh, or telnet for remote shell access? Or have an computer account without a password? It's almost inconceivable now.
-=tod
On Jun 15, 2004, at 4:20 PM, Shawn Rogers wrote:
I think the analogy is wrong. It's not that the padlock is preset to 0-0-0. The problem is that users don't even bother to use the padlock.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Outmesguine Sent: Tuesday, June 15, 2004 11:19 AM To: [EMAIL PROTECTED] Subject: [SOCALWUG] Forbes Goes Warwalking in New York
http://wireless.weblogsinc.com/entry/9039361947182348/
Wi-Fi Security Needs to be Easy Posted Jun 15, 2004, 12:34 PM ET by Mike Outmesguine
Forbes goes warwalking with a security consultant in New York. Gary Morse appears to be using a Linux-powered PDA with Kismet Wireless software to scan the airwaves. The results showing unsecured Wi-Fi networks are nothing new to readers of The Wireless Weblog. However, the padlock analogy used to describe user apathy hits the problem dead on:
"Consider for a minute what the world would be like if all padlocks were sold with the default combination "0-0-0" to unlock them, and that if you wanted a different combination you would have to set it yourself. Since people are lazy, wouldn't lots of padlocks in use still have the 0-0-0 combination? Consider the implications of using such a lock on the box that contains all of the company's trade secrets. That's essentially what many novice Wi-Fi users do when they buy their first wireless router, and Morse has the proof right on the screen of his PDA. [...]"
User apathy is a constant battle in the computer industry. The growing number of security problems appearing from constantly connected home computers shows that there is a systemic problem. By creating technology hurdles common for tech-literate people, we run into problems when it's not user-centric simplicity. The wireless industry needs to make security a Yes or No question. Users need to have something as simple as, "Do you want fries with that?"
