This is a review of the wiki article on Public Wifi: Security and Privacy located at http://ethandlawpubwifi.wikidot.com/
Phishing over the air
Interesting section, but the rhythm is kind of weird - it spends a huge amount of time exploring what email phishing is, its history and estimated social costs, but it then flies over what phishing over the air is (which admittedly has little to do with email phishing) and sprinkles it with technicalities (OpenWRT, PHP, HTTPD) while explaining very little. Special bogus points for "Fig. 1" with no accompanying image ;)
Viruses over the air
More to-the-point than the previous section, but it confused me - if Chameleon doesn't change the router's firmware, how does it infect it? So I Googled Chameleon and ended up on the Malwarebytes blog, where they were perfectly non-informative as well, so maybe those University of Liverpool researchers have some bad publicists. I still don't know what Chameleon does.
Wifi Sniffing
Interesting section with no major flaws but it rubbed me the wrong way - do the authors think public Wi-Fi in intrinsically good or bad? Or do they avoid going the black-and-white route on purpose? My two cents is that people should encrypt any sensitive data anyway, so the fact that the Wi-Fi network they are accessing is unencrypted becomes immaterial. And unencrypted Wi-Fi makes for more universal access so I'm all for it.
Packet Sniffing technology
Very well written albeit overly long section - I'll avoid breaking down every single packet sniffer they've listed because a) there are so many sniffers around so either you cover every single one of them or make a generic post about all of them and they went for a middle ground solution and b) TL;DR
Last but not least, a very interesting section on practical recommendations for a safe Wi-Fi network, though it starts with a bullshit suggestion - setting up a readable set of rules people have to agree to to access the network is a waste of time because TL;DR people won't read it and will do whatever they please so if you don't want people to do something, enforce it with good network configuration (to their credit, they do recommend that anyway). All in all a very sane list of recommendations but it lacked what in my opinion is the sanest of options for a safe work environment over wireless networks - have two separate Wi-Fi networks, one free-for-all open SSID so people can BYOB (Bring Your Own Device, which they'll do anyway) and another, restricted, encrypted, password protected SSID and if possible use a MAC Address Filter so only devices that were previously approved by the IT department can have access to this second network where all sensitive information resides.
My (rather long) two cents, given ;)
No comments:
Post a Comment