[Air-L] The end is nigh

live human.factor.one at gmail.com
Wed Oct 27 20:06:57 PDT 2010


Thanks for the response Thomas!

I still believe that it's not a hardware network issue, but rather a  
site specific issue - especially, as many tend to share wifi networks  
in public spaces (think coffeeshop, airport.) I think this is  
something the Amazons, Googles, and Facebooks of the world must close  
on themselves and serve sites that are fully encrypted https.

The futures I see, as we grow in data encryption this year (especially  
with cloud computing becoming so big) makes me feel like I'm in  
Bladerunner.

-Sharon

On Oct 27, 2010, at 7:56 PM, Thomas Jones wrote:

>
> To resolve this security issue, youd need to use an 802.1x solution  
> which unfortunately is overkill, and quite honestly too complicated  
> for an average home user to use on their home wifi routers. This of  
> course isnt about home users, but rather anyone who chooses to  
> implement a "standard" setup of a home router. The problem is that  
> our "standards" are quite lax, and to be frank, are too low.
>
> I have skimmed over some blog posts about using TLS to resolve the  
> issue, but I have not had a chance to dive into this further.
>
> It is our responsibility as educated and fluent industry  
> professionals, ethically and otherwise, to not only educate but  
> simplify the complexities of IT security to our laymen counterparts.
>
> It is also the due diligence of major hardware vendors such as  
> Netgear, Linksys (Cisco) et al to make the complexities of their  
> software simple enough for novice users to secure devices (or i  
> nternet access) in such a manner that protects the users whom are  
> unable to protect themselves. It by no means is a legal obligation,  
> but I dare anyone to contest that its not the right thing to do.
>
> Some corporations use dot1x, some do not. It requires some type of  
> intermediaty authentication mechanism such as RADIUS or TACAS. In  
> short its an identity based security solution which secures your  
> connection to the internet.
>
> I will investigate further but my schedule is absolutely slammed  
> this week.
>
>
> HTH,
>
> -- 
> Thomas Jones
> http://www.ThomasAllenJones.com
> http://twitter.com/OtherTomJones
> http://www.linkedin.com/in/TheOtherTomJones
>
> One should guard against preaching to young people success in the  
> customary form as the main aim in life. The most important motive  
> for work in school and in life is pleasure in work, pleasure in its  
> result, and the knowledge of the value of the result to the community.
> -- Albert Einstein, On Education --
>
>
> Sent with Sparrow
>
> On Wednesday, October 27, 2010 at 10:31 PM, live wrote:
>
>> I'm slightly tongue in cheek with that subject line, however  
>> something
>> has come to pass this week which may change everything.
>> So for many years, security for typical online users has only been a
>> passing thought, if a thought at all - so many users use the web via
>> non end-to-end encrypted http.
>>
>> This week at Toorcon 12 (hacker conference), a developer Eric Butler
>> release a Firefox add-on called Firesheep that has put many major  
>> site
>> engineers in a tizzy.
>> Using this quick, easy add-on a user can easily hijack the
>> authenticated Facebook sessions of people sharing the same wi-fi
>> network. Or any site's session, not just Facebook, if it's
>> unencrypted. Basically, you can control another users Facebook  
>> account
>> if they are logged into Facebook on the same wifi network as  
>> yourself.
>> Or you can Twitter as them. Or be on Amazon or Google. All by
>> downloading this little plug-in. Think your information's safe at the
>> airport, using their wifi network? Think again.
>> I've downloaded the plug-in and know that it works.
>>
>> So, my interest leads to these kinds of questions: how is this going
>> to change our society's view on security? It only takes one incident
>> in the news - say a tragic event befalls someone who had a stalker -
>> before the lawsuits begin flying and no amount of tight legal EULA
>> will stop this digital economy from slowing way down. Will Mom and  
>> Pop
>> Wilson get to understand what an encrypted http is? Are we growing up
>> in our society's education & understanding of technology?
>>
>> Would love some feedback on these thoughts.
>> Firesheep can be found here: http://codebutler.com/firesheep
>>
>> Cheers,
>> @SharonG
>>
>>
>>
>> [Non-traditional undergraduate student still looking for an
>> Anthropology or Experimental, Applied, or Social Psychology graduate
>> program to call home. Suggestions welcome.]
>> _______________________________________________
>> The Air-L at listserv.aoir.org mailing list
>> is provided by the Association of Internet Researchers http:// 
>> aoir.org
>> Subscribe, change options or unsubscribe at: http://listserv.aoir.org/listinfo.cgi/air-l-aoir.org
>>
>> Join the Association of Internet Researchers:
>> http://www.aoir.org/
>




More information about the Air-L mailing list