[Air-L] The end is nigh

live human.factor.one at gmail.com
Thu Oct 28 10:40:27 PDT 2010 

Agreed. I'm no network engineer, as Thomas pointed out, but I do think  
that locking down hardware doesn't address the root of the issue.
Especially in this day and age when internet usage is expanding, but  
the costs of home connection has not; this pushes lower incomed people  
to open connections much like a library asset, indeed sometimes they  
actually are. A small town I live near markets their downtown area as  
having 'free wifi coverage', to encourage people to visit. Hence,  
there are a lot of open networks in day to day living for a reason.

I'd love to see a video of your IR demonstration. The tool is easy  
enough even for a social science geek; that's scary.


On Oct 28, 2010, at 3:31 AM, jeremy hunsinger wrote:

> while hardware level encryption would be nice... and it could in  
> theory solve this problem...   using it as a solution is sort of  
> like... 'oh the water is polluted, let's route it through a sealed  
> viaduct'  solution.   Sure, it works, but it doesn't address the  
> cause, which is poor session management in browsers and other  
> tools.  This is a software problem at its base.  you could have the  
> same problem with a multi-link serial network, you could have the  
> same problem on an ethernet network, or basically any broadcast  
> level network with multidimensional routing.  making the network  
> itself stronger so people can't get on it, is one option, but as i  
> said it doesn't address the direct problem which is that two  
> computers which are trusting each other, are not using sufficient  
> credentials to establish and maintain that trust.  a session is  
> basically a system of trust, one computer trusts the other computer  
> to be what it says.  also keep in mind that... you could always  
> watch people'
> s open traffic and insert date into open streams, so the question is  
> whether or not this is new or whether the system is actually broken  
> at all.  some of you may remember i demonstrated logs and insertions  
> back at ir 2.0 as part of my 'scare the living daylights out of you  
> over internet security' talk.  this tool just makes that talk   
> easier it seems.
> _______________________________________________
> The Air-L at listserv.aoir.org mailing list
> is provided by the Association of Internet Researchers http://aoir.org
> Subscribe, change options or unsubscribe at: http://listserv.aoir.org/listinfo.cgi/air-l-aoir.org
>
> Join the Association of Internet Researchers:
> http://www.aoir.org/

More information about the Air-L mailing list