Instant Hotspot Protection from “FireSheep”

What any open hotspot can do to protect its usersSharable Shortlink

Amid all the fury over the release of Firesheep, no one else seems to have noticed, or at least mentioned, that the only thing any WiFi hotspot needs to do to protect its users is activate WPA encryption using any simple publicly-known password.

For example, Starbucks could simply set their password to “starbucks”, Peets Coffee to “peets”, Panera Bread to “panera” … and every user of those free wireless hotspots would be protected from the Firesheep threat … and from much more. Or, by general agreement, all free and open WiFi access points could simply use the password “free”, which would work just as well.

As long as the universally supported WPA encryption protocol is used, each individual user receives their own private “session key” that absolutely prevents eavesdropping between users, even through they are all using the same WiFi password.  It’s just that simple.

Hotspots only need to switch from “no encryption” to WPA and post or publish any static WPA password … and a large part of the problem, and more, is solved.

I have posted a following-up to this blog posting with a detailed look at Firesheep, and why I think it is such a fantastic thing to have happened. But before I wrote that I wanted to quickly publish the idea of simply encrypting with WPA under any simple static password, since that will instantly lock down any public WiFi hotspot.

Steve's Sig

This entry was posted in Uncategorized. Bookmark the permalink.

84 Responses to Instant Hotspot Protection from “FireSheep”

  1. Roberta says:

    I’ve been following your advice for years, and you are the bomb. I’ve never suffered the perils that some of my less-aware friends and family members suffer. Thank you, Steve Gibson, you’re our only hope.

  2. David Witt says:

    If all the WiFi router manufactures got together and updated their router software to force WPA to always be enable (no method to turn it off) with a default password, Steve’s solution could be pushed out automatically.

    • @tma says:

      David- That’s a pretty bad idea for a bunch of reasons. First, routers don’t generally accept push updates- it’s a fetch operation. And second, removing administrative choice from our electronics isn’t a cause we need to further.

      I like Steve’s notion of a universally-agreed free WPA password as a start. It sounds like it’d be a lot of administrative overhead for most places, though- I doubt Starbucks can just flip a switch and have this happen. And then there’s support! Free WiFi just works- but now Baristas will have to help troubleshoot users’ connection problems?

      We as users of open WiFi can also assume responsibility for the security of our own data by using VPNs or tunnels to get out of the “hot spot.”

      My $20/month web host allows me to do a simple SSH proxy by issuing something like the following command in terminal:
      ssh -C -D 127.0.0.1:9090 foo@bar.com
      I then use FoxyProxy to easily switch between when I’m using this proxy and when I just want to use the connection.

      • Si Brindley says:

        @tma Wow, I don’t normally feel so compelled to leave a comment but it seems to me you have totally missed the point when you say “We as users of open WiFi can also assume responsibility for the security of our own data by using VPNs or tunnels…”

        Issuing a (fairly complex) command line and then using additional software to switch proxies? That’s all very clever and geeky of you – but geeks are not the ones at risk here; it’s the regular users who have no idea what that means and no hope of making an open WiFi network secure for themselves. I hope you’re not of the opinion that such mere mortals shouldn’t be using the network in the first place.

        • @tma says:

          You raise a fair point. There’s plenty of room in this space to productize these concepts, though- in a way that’s simple for people to use. I imagine Steve’s own upcoming VPN product will have a mode that falls into this category.

          But you do raise another point- exactly how much knowledge should people be expected to bear in their computer use? People in every day life are expected to know dozens, hundreds of survival skills- don’t stick a fork into the toaster, change the oil in your car, lock your front door, etc.

          That’s a huge discussion for another thread, I think. But I do think we’ll continue to have problems like this until people do start to see personal data security as something that they need to take ownership of. Whether that’s using “Geeky” tricks or just accepting that using open WiFi is like taking candy from strangers is an exercise for the reader, I suppose.

      • Prowse! says:

        Oh come on, silly!

        “@tma says:
        October 28, 2010 at 9:54 am
        David- That’s a pretty bad idea for a bunch of reasons. First, routers don’t generally accept push updates- it’s a fetch operation. And second, removing administrative choice from our electronics isn’t a cause we need to further.”

        Agreed.

        “I like Steve’s notion of a universally-agreed free WPA password as a start. It sounds like it’d be a lot of administrative overhead for most places, though- I doubt Starbucks can just flip a switch and have this happen.”

        In fact, they can, and do. Like the company that administer’s Panera’s website access, the 3rd party company that administer’s Starbuck’s wifi (AT&T), they just run a script to push out anything they need to to every single router in their system.

        ” And then there’s support! Free WiFi just works- but now Baristas will have to help troubleshoot users’ connection problems?”

        Barista’s have been doing that already – this would probably save them time as the most recent spate of Firesheep hijinks have inundated a lot of Starbucks’/Panera/WholeFoods employees to date. If companies like Starbucks and Panera dont start doing their part in fixing this issue, they could very easily find themselves in seperate and class-action lawsuits for NOT handling their Wifi affairs. [That's not from me; I heard that argument on This Week in Law on the TWiT Network]

        “We as users of open WiFi can also assume responsibility for the security of our own data by using VPNs or tunnels to get out of the “hot spot.”

        That only works when hotspots allow such activity and Panera’s doesnt. You have to sign in through an shttp portal before you get to the internet at all. Once on the net, you could do what you suggest below, but you first must go through the portal, and “they” can see anything you do on that portal, until you get your VPN on. Although I might have missed something here on VPNs and how they work behind-the-scenes.

        “My $20/month web host allows me to do a simple SSH proxy by issuing something like the following command in terminal:

        ssh -C -D 127.0.0.1:9090 foo@bar.com

        I then use FoxyProxy to easily switch between when I’m using this proxy and when I just want to use the connection.”

        When you are signing in through a portal you are not using your ISPs service.

      • Guido Combee says:

        With the “new and improved” Linksys routers, push updates appearantly have become the norm for them, and a problem for us ;-)

    • Hayriye says:

      I’m happy I found this blog, I couldnt unvocer any info on this topic matter prior to. I also run a site and if you want to ever serious in a little bit of guest writing for me if feasible feel free to let me know, i’m always look for people to check out my site. Please stop by and leave a comment sometime!

  3. Anders Bandholm says:

    Some people would argue that “hole 196″ will make WPA2 useless for privacy. I do not agree – WPA2 does help, but the only really secure solution is to make the service-providers like Facebook use SSL all over.

    Anders
    (Security Now listener since episode ~50 – my favourite Podcast!)

    • Steve Gibson says:

      Anders…

      Anyone who would argue that “Hole 196″ would make WPA useless for privacy hasn’t done all of their homework. It doesn’t do that at all. All “Hole 196″ allows is the potential for broken network connectivity against specifically targeted users by messing up their ARP table and breaking their access to the access point’s gateway. Under WPA, there is currently no known means for intercepting private session keying info, even after establishing man-in-the-middle status through ARP spoofing through the use of Hole 196′s GTK (groupwise temporal key) access.

      So, as far as anyone knows, WPA really does guarantee inter-user privacy and confidentiality.

      /Steve.

    • Steve Gibson says:

      Anders…

      Whoops! I forgot that the Access Point CAN BE INDUCED to decrypt one user’s traffic under their private key, then re-encrypt it under the attacker’s key and forward it. So, yes, Hole 196 can be used to intercept and sniff traffic even under WPA, though at much greater complexity than the passive sniffing we have without any encryption at all. :)

      /Steve.

      • Jared says:

        I think you’ve hit the nail on the head with the phrase “at much greater complexity”.

        Even if the solution isn’t perfect, at least it raises the bar for the attacker.

        • Steve Gibson says:

          Hi Jared,

          Right. Just like size, complexity does matter. The whole reason “Firesheep” is causing such a stir is that it’s SO simple to use. As we know, its capability has been possible forever … but making it that simple really is a game changer.

    • Steve Gibson says:

      Anders…

      I now also recall mentioning in the original podcast about “Hole 196″ that many wireless access points also have a feature called “Client Isolation” (or something similar) which prohibits any inter-client traffic. Since the “Hole 196″ exploit requires the access point to relay traffic from the victim to the attacker, disallowing any inter-client traffic does completely foreclose any possibility of using the “Hole 196″ attack to breach confidentiality and privacy. :)

      (And thanks for bringing it up. I’m glad to have had those cobwebs shaken a bit!)

      /Steve.

      • Prowse! says:

        Steve, is Client Iso (or whatever it may be branded between WAPs) feature ON by default or would we be looking in the Admin page to turn a setting ON. Havent found a setting for this in the WRT54GS (stop laughing, I know, I know – I did apply Cisco/Linksys’ latest firmware and it is fairly securely mounted out-of-sight/reach) – or I am just blind to the setting if it exists?

  4. Steve,

    Why cant we start a push to eliminate Open Wifi? Push all the hardware manufacturers with Wireless N and future hardware to only support passwords.

  5. Tom Voss says:

    I’ve long wondered why wireless devices haven’t been designed to allow a keyless WEP or passphraseless WPA. By default these devices should ship with all communications encrypted. If they want to allow public access by default then that’s a whole other security problem. But at least point-to-point traffic would be encrypted by default.

  6. Richard says:

    Security Now is on my required listening list each week, and this kind of advice is one of the reasons why. Keep up the excelent work. Now I’m off to post your shareable short link to my Facebook page. Yes, I know Facebook is evil, but my work with youth requires that I occasionally touch evil of one form or another. At least with your help and my own abilities, I’ve been able to keep things under control.

  7. Jim says:

    Does WiFi Direct impact this at all?

  8. Simon Zerafa says:

    Hi Steve,

    In a fairly recent Security Now podcast you discussed a theoritical attack on the isolation of different users on a WPA encrypted network.

    From memory it seemed that it might be possible to somehow obtain the session key for another user on the same WPA encrypted network (with some difficulty I believe).

    Assuming it were possible to obtain the session key for another user in this way would it then be possible to conduct a Firesheep style attack on another user even if the WiFi hotspot were protected by WPA or WPA2?

    Kind Regards

    Simon

    • Steve Gibson says:

      Hi Simon…

      I just added to my comment (above) to Anders when I remembered what I had talked about during that “Hole 196″ episode of the Security Now podcast.

      It’s not that it’s possible to obtain another user’s PTK (pairwise temporal key), but rather that it IS theoretically possible to have the shared access point perform the decryption and re-encryption of a victim’s traffic on behalf of an attacker.

      The more I think about it, though, the more I’m remembering that there was also a simple setting — typically called “Client Isolation” — which is available in many access points that would also completely prevent this, simply by disallowing any client-to-client traffic.

      So there’s hope after all! :)

      /Steve.

  9. Jpt says:

    Could Starbucks or whoever use WPA and have a null password? Or would that not work?

    • Steve Gibson says:

      Unfortunately, not all access points behave the same way with a null WPA password, nor do all clients. Some allow them, some complain. And you can see why that would be the case in the typical “how strong is your password” mode of access point usage!

  10. Glen Kilgore says:

    Does the protection work if the client computer chooses to use WPA protection even if the router does not require it? Would that work?

  11. Brian M says:

    Exactly what I have been telling people. Good to see I’m not the only one who realizes this…

    When I was a TA at college, I was tasked with creating new labs for the students. A “session stealing” lab was, by far, the most popular lab I created. Even the students who just bobbed their head and ground through it instantly perked up when they realized the ramifications of session stealing. I’m glad this has finally made it into the news, as it will raise awareness of this issue to the public.

    • Steve Gibson says:

      Right Brian. That’s exactly why I’m frankly so pleased that this has happened. The change will be painful. Change always is. But it seems clear, and I’m hopeful, that Firesheep will force change that’s long overdue and necessary.

      • Mary says:

        681f7Hi and thanks for your dingrowht post. I have been looking nearby just for this web page right after being referred to them from a colleague and was thrilled when i was able to locate it following searching for lengthy time. Appropriate wished to commentary to show my appreciation for the web site because it is rather inspiring to complete, and numerous writers don’t secure acknowledgment they deserve. I am confident I’ll be back and will send my friends1e

  12. Adam Stasiniewicz says:

    Steve,

    Big flaw with your proposal. If an attacker were to setup their laptop at a Starbucks as a WiFi AP, with the same SSID and WPA key as Starbucks is using (since this would be known) they could then intercept all the traffic of anyone that connects to them. Software like http://connectify.me/ make this very easy to do and transparent to the victim (as the attacker wouldn’t even need dual WiFi NICs or an aircard to relay the traffic, they just retransmit using the same adapter). Software like Airdrop-ng can be used to force victims onto the hacker’s AP.

    The only real solution is that cookies that link to any private information need to be secured with SSL.

    Best regards,
    Adam Stasiniewicz

    • Steve Gibson says:

      Hi Adam,

      The “Evil Twin” problem, as it’s often termed, is always a problem. But it’s a different problem than the issue of encrypted versus non-encrypted wireless communications. All wireless communications should always be encrypted, regardless. And the Evil Twin problem exists whether or not local encryption is being performed.

      That said, I completely agree about the ultimate fully correct solution to the underlying problem. Two very different things must be fixed in order for useful security to prevail: local WiFi needs to be encrypted and end-to-end authenticated encryption must also be enforced.

      As I mentioned above, I’m in the process of writing a second blog posting to fully explore that issue. But this first brief posting was intended just to get the first simple remediation idea out into the public arena. :)

      /Steve.

    • Henrik Ahlgren says:

      And don’t forget that the coffee shop owner might be sitting in the backroom with his laptop sniffing the traffic off the wired network behind the wireless AP.

      Really, most public wi-fi providers should definitely turn on WPA, but in the long run end-to-end SSL is the only way to go. There are some freemium services such as Evernote.com where SSL is a “premium” feature for those willing to pay. I wonder if they will change their policy, or think that this will drive more sales…

      • Prowse! says:

        Don’t get us (OK, maybe just me, at least) on Evernote’s practices! The permissions they recently hiked out on Android Market – Discover Known Accounts – has me reeling! Wow, that is just wrong. They would NEVER need to read ALL of your accounts, and they dont even need that permission for you to Share a file to another account anyway. No app needs that except maybe for gmail – and then it’s just going to be the gmail accounts you sync – Evernote just needs to ask you each time you do want toShare – and how dang hard would that be to do. I probably share my Evernote stuff to 1 person. And when it needs to be more , I just use Drop.i….oh. I mean; I now use dropbox for sharing privately or publicly.

      • Kaylee says:

        At last! Someone who underastdns! Thanks for posting!

  13. Matthew says:

    I think one of the biggest problems is the way I’m which security news is published for the common user. (if you are reading this blog, you are NOT a common user) I was listening to the radio yesterday when a national DJ, Ryan Seacrest, told his listeners to be careful of card skimmers. “those things that bad guys put on the screen to catch your PIN” he told us. That is the kind of info that the common user gets. Until we undertake a fundamental redesign of computing architecture these issues will continue to pop up.

    None the less, thanks Steve for all your hard work. SN is something I look forward to each and every week.

  14. I may be incorrect here, it’s been a while since I’ve poked around with WPA but I was under the impression that if one knew the pre-shared password to a WPA network that it is possible to decrypt the traffic of any clients who connect /after/ you have started sniffing.

    If I recall correctly, it is necessary to capture the four-way handshake between the AP and device to be able to decrypt the traffic. Such a handshake can be forcefully induced by a malicious user by injecting deauth packets, forcing all clients to reconnect allowing the handshake to be captured.

    Indeed, this appears to be supported by the fact that aircrack-ng can decrypt a capture (assuming the handshake is available) without requiring any information other than the pre-shared key/password and SSID (which is used as a salt). If this is correct then the technique you present is not all that helpful: a malicious user just needs to integrate an open source package such as aircrack-ng into FireSheep in order to be back in business.

    • Steve Gibson says:

      Freddie…

      One of the most common mistakes people make is in believing that security must be perfect to be useful. But everything in life shows us that’s just not the case. Homes’ front doors can be locked even though those homes have readily breakable glass windows. And the 400,000 downloads of Firesheep demonstrate this point perfectly: Aircrack-ng, Cain & Able, and their ilk, have been around for a long time, and no one has cared much. But it’s the point-and-click ease of Firesheep that’s got everyone in a froth.

      It is absolutely true that the necessarily weak (nonexistent) endpoint authentication of public-access WiFi will always be its Achilles heel — with or without encryption — since that will allow for the possibility of Evil Twin or man-in-the-middle impersonation. But that doesn’t mean that raising the bar substantially, as adding WPA protocol and encryption can easily do today, isn’t still very much worth doing. It is.

      Is it perfect? No. Does it need to be, to be a useful improvement? No. It should be done anyway, and the sooner the better. My hope is that Firesheep may help to make that happen.

      /Steve.

      • Brian M says:

        But does the success of FireSheep mark the beginning of user-installable exploit applications? FireSheep requires winpcap, which is much like Aircrack-ng, in that it has historically been almost unusable without some time to learn it and the right frontends (also inaccessible for the average joe). Will we see new, firefox based frontends for Aircrack-ng, Cain & Able, etc? One-click exploits that users can use without hassle.

        I agree that doing these few steps will help in the short term, but if FireSheep is any indication of where things are going, I suspect companies like Facebook will need to rethink their security models, and move to more GMail like (full session SSL) models. Then we will really see a takeoff of Strict-Transport-Security.

        At some point, it will be easy enough for anyone to use some of these obtuse exploits around basic protocols.

      • Sam Schinke says:

        Steve,

        Unfortunately attacking WPA-PSK doesn’t require any kind of Evil-Twin or MITM (or any kind of ARP hijinks) if you have the PSK. All you have to do is capture the 4-way handshake for a session, and with the PSK in hand, derive the same PTK to decrypt traffic.

        The PTK is derived from the PMK (basically a derivation of the PSK) and a pair of nonces generated by the client station and the access point. These nonces are exchanged in the clear.

        And with that same lack of authentication you mention, an attacker can issue a deassociation packet forcing any arbitrary client to perform a 4-way handshake at will.

        To be completely clear: The PSK is the *only* secret in WPA-PSK, and anyone who has the PSK and is monitoring traffic can decrypt all of the traffic.

        I’m not completely sure why WPA-PSK doesn’t use a DH key exchange for the PTK. Probably because the protocol isn’t designed to be secure against people possessing the keying material. But it just doesn’t.

        Regards,
        Sam

  15. bigdave says:

    Something I’ve done when setting up temporary wifi is name the network, for example, “Starbucks is the password”

    • Jim says:

      Rather than make up a rule that says that the name of the establishment or “free” is the password, using the SSID as the password would seem to be more straightforward.

  16. John Baxter says:

    Just a note that Firesheep has been used (non-maliciously) to allow Twitter tweet spoofing of Ed Bott and perhaps others at the ongoing PDC at Microsoft today.

  17. mark ellis says:

    great idea, but I use Anonymizer Universal to encript my connection when using a open or any wifi connection as well as ethernet.

  18. Thank you, Steve. This is a valuable hint and gives another reason for encrypted WiFi hotspots at home where disreputable coevals have plenty of time to collect data.

  19. Matt Giuca says:

    Why is there not some provision in WPA to select “no password” when setting up the server, where the clients would automatically connect without asking the user for a password? It seems in WiFi technology there is a conflation of “encrypted” and “password-protected” where the two really serve completely different purposes. (For example, we see a padlock icon to represent both.)

    I like Steve’s suggestion, but it is a nasty hack. It makes a respectable business like Starbucks seem “dodgy” if their password is “Starbucks”. “Everybody knows” that your password should not be the same as your username, so having an SSID “Starbucks” password “Starbucks” will “seem” to the ordinary user to be insecure, even though they are missing the point: Starbucks has no intention of preventing arbitrary users from accessing the network, they just want to isolate users from each other via encryption.

    If there was a concept of a “secure open” WiFi network, represented by some new icon (say, a padlock with a tick on it instead of a keyhole), then users could be trained to know that that means their connection is secure even though they don’t need a password.

  20. Michael says:

    Anyone know if Firesheep works on an ethernet only LAN?
    If every computer were directly connected to the router, my guess would be no. But, if a switch/hub were connected to the router and a group of computers were connected to the hub/switch, then, I ‘m not sure. Thanks in advance.

    • Con says:

      Hi Michael,

      The Firesheep add-on provides you with the option to select which adapter to use for sniffing traffic. It would be conceivable then that this add-on would also work for wired LANs. (I haven’t confirmed this yet).You would however, need to device a method for intercepting user traffic which becomes a little more trivial than that of wireless LANs. Strategies may include man-in-the-middle attacks, use of network taps and perhaps the placement of a hub (layer 1 device) on the wired LAN.

      The beauty of Firesheep is its absolute simplicity and ease of use. This issue has been the Elephant in the room that nobody wanted to acknowledge. Firesheep has changed all that.

    • @tma says:

      Switches and routers on a LAN should provide segmentation, so there wouldn’t be anything to worry about there.

      Hubs are different though. I think Steve or Leo told an anecdote once about how someone they knew went to hotels with hub-based networks back in the day and sniffed other peoples’ packets- so I don’t see why Firebug wouldn’t work on computers sharing an Ethernet hub. It’s certainly possible, if not implemented in this particular proof-of-concept.

    • Brian M says:

      No, firesheep does not work on a switch. A switch isolates each port so unicast traffic is only seen on its destination ports. That is to say, unicast traffic is not broadcast like it is on an open wifi.

      However, it will work just fine on a hub. That is, if you can find a hub, as they are getting very rare, with the exception of geeks who have a legitimate use for them.

      You can use other techniques, but then you may as well be using a full hacker tool and not a simple addon like firesheep.

    • Michael says:

      Thanks to everyone for the responses.

  21. Pingback: Top Posts — WordPress.com

  22. Mark H says:

    I’m running a hotspot on an Engenius ECB3500 which offers something called “Station Separation”, also known as “Layer 2 Isolation”, which (it claims) will “prevent access point clients from communicating with each other”.

    Will this defeat firesheep?

  23. Steve, this is a temporary solution. With pre-shared keys (PSK) under WPA/WPA2, Firesheep currently wouldn’t work. But it’s a simple matter on a shared-key network to use a tool like aircrack-ng to use the passphrase for WPA/WPA2 Personal to derive (not crack) the necessary transient keys for each station. All someone needs to do is update Firesheep or bundle it with aircrack in a simple package.

    802.1X (WPA/WPA2 Enterprise flavor) provides unique master key material to every station, making cracks currently impossible. This is why Firesheep cannot work on corporate networks. (Hole196 is a risk, but it’s a very particular and minimal risk that involves physical proximity, legitimate access to get on the network, and other factors.)

  24. Pingback: Aerohive Blog » Aerohive plugs Firesheep Wi-Fi security hole

  25. fred says:

    we need a list of the sites that have responded a nd turned on ssl protection all the time…

  26. Doug says:

    Hi Steve,

    Here’s a thought experiment for you – you check into a hotel that has only Wi-Fi (unencrypted) access. You’ve brought two wi-fi NAT routers with you – one connects to the hotel wi-fi as a client in bridge mode, then you run an ethernet cable to the other one router, which creates your own, encrypted, hot spot that you then connect your computer to.

    Are you protected?

  27. Pingback: Lewis' Blog » Blog Archive » Firesheep? Not on a Hautspot network

  28. fred says:

    wow, it is amazing how many sites are so slow to adopt ssl all the time even with this released, i guess it had to be done. so many forums and such aren’t bothering at all.

  29. Jeremy Turner says:

    This article is false and will lead people to assume security which is even worse than having none.

    Giving away the PSK offers no security to people using the connection.

    The unique key assigned during authentication can be sniffed by anyone already authenticated and used to decrypt other sessions. It’s pretty hard to find information on how to do this exactly; but I was able to find it here:
    http://lmgtfy.com/?q=wireshark+wpa

    Protection against firesheep? More like “make it slightly annoying for people to sniff your traffic and also give away the fact that you don’t know how to secure things.”

    This is as secure as writing your pin number on the back of your ATM card and leaving it at a bar.

  30. Jeremy Turner says:

    @Doug no this is not secure. One could still ARP poison the host network and MITM you.

  31. 監視器 says:

    Simply, one of the best article l have come across on this precious subject. I quite agree with your suppositions and will eagerly look forward to your forthcoming updates.

  32. Ziffel says:

    I’m wondering how effective Fireshepard really IS on Firesheep? I used to think there were honest people still left in the world. But can see now there are way more juvenile, destructive nuts out there. The 500,000k plus Firesheep downloads aren’t just for “curiosity” They mean to do malicious harm. I’d rather stand with the honest, white hats that won’t exploit you even IF they could. Like Doctor House says… everyone lies, but the truth is..we don’t HAVE to. Lets hope HTTPS is everywhere someday soon. :0)

  33. Keeflookeem says:

    Sorry, but WPA will only protect you from people that don’t have the encryption key. WPA is great for keeping unwanted people off your home network, but once a client is authenticated, WPA will not prevent traffic between other authenticated clients.

  34. wlan_expert says:

    Try http://wlancontroller.com to turn windows 7 into hotspot

  35. jon says:

    As usual, Gibson opines about shit he doesn’t understand. http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access#Security_.26_Insecurity_in_pre-shared_key_mode. “free”? Bit too short a WPA password there, stevey boy!

    • Adam Stasiniewicz says:

      Jon,

      For the purposes of this proposal, the length of the shared key, and the uniqueness of the SSID, is irrelevant. The key is being freely provided by the network operator; there is no reason for an attacker to attempt to brute force it. Instead, an attacker simply has to ask the barista / read a sign / read the SSID to determine the WPA-PSK.

  36. michael says:

    “that absolutely prevents eavesdropping between users, even through they are all using the same WiFi password. It’s just that simple”

    Its just that untrue. If you are on the same network as other users it is a very simple process to sniff all traffic. Switching to WPA does not prevent arp poisoning and the ability to sniff passwords. Do you always post things you obviously know nothing about?

  37. michael says:

    Please don’t post things you know nothing about. You are misleading people that everything is safe once WPA is enabled. WPA will only keep unwanted users off of the network, and it doesn’t even do that very well, it will not keep users that are authenticated from eavesdropping on other users. You may want to retract this post and learn a little something before you post another.

  38. dieta says:

    Danke für die Design-Tipps. Kann ich gut gebrauchen.

  39. Robert says:

    Hello Steve,
    I’ve been trying to use BLACKSHEEP to protect family and friends from FIRESHEEP but have found a problem.

    Under Blacksheep prefs, the wifi connection only appears on about 50% of the laptops I’ve encountered. From my research it appears that this is due to WinPcap not working with all wifi chipsets. I’ve written to the WinPcap team and to the author of BLACKSHEEP but none have responded.

    Any thoughts on this?
    Thanks,
    Robert

  40. Terabyteman says:

    On a similar note, I do like the fact that Belkin and Linksys with the E-series/Valet wireless routers now offer a router that offers two separate wireless networks, your private network, and a guest wireless access, and keeps the two networks separate from your personal secure network. I like this option very much, any hope this guest network features gets better future product releases. The link below explains the E-series. I too wish these wireless would ship with WPA enabled by default.
    http://fixhomenetwork.com/blog/guest-network-access-for-linksys-e1000-e2000-e3000-routers/

  41. Hey, Awesome post,i really like the way you write,just bookmarked your website and i”ll be sure to visit the item at rent once a week,At the same time free to mail me when you have some exclusive information on this particular topic

  42. pomoc prawna says:

    Vielen Dank für dieses Blog-es ist toll! Ich mag diese Art von Menschen, die Wissen mit anderen zu teilen.

  43. Pingback: Kentucky WiFi,Electronics, Robotics Projects

  44. Iuvare Xango says:

    Stuff You Need To Know About Multi-level Marketing

    Look at the tips in the following paragraphs and
    understand how you can be successful at website marketing.

    You need to carry standard conferences for your personal team.
    It can be helpful for the whole crew once you all gathering frequently.

    Setup your multi-level marketing site as a tutorial is set up.

    Offering crystal clear, which can raise the likelihood
    of making the most of your marketing and advertising features.

    These each increase your group registration along with your promoting income.

    If you’ve decided to start out a Multilevel marketing effort, it is very important consider the all round payment deal that may be available and whom possibly you might have partnered or teamed on top of. When you are sure of the amount and consistency of your own payments and then any other advantages you might have visiting you, you will know whether you are expending time smartly or should be ready to accept other available choices.

    Keep your events restricted to an hour long. In the event the multi-level marketing conference takes a long time, it is going to appear to be more complex and time-eating on the possibility.

    Examine the things you unsuccessful and use the information and facts learned to center.

    Should you discovered an ad that says it is possible to “make many on a monthly basis with your leisure time!!!, you will not be successful. You have got to job incredibly challenging at MLM if you want to be successful. Make yourself a assurance that you just will obtain the most work everyday, which will pave the way to get a firm foundation in multi-stage advertising and marketing.

    You must create detailed targets for each element of your own marketing strategy. This may motivate you something to strive for and push you to definitely keep going.

    One way to review your multi-level advertising and marketing is as a mad dash to sponsor by far the most members.

    You need to know as much as you may concerning your product or service.

    Take a look at independent suppliers to discover the way to version your self when working with multi-level marketing professionals are accomplishing and gain knowledge from their accomplishments.

    You can never make sure that is considering what you must sell.

    When you need to create a site for network marketing, using social networks can easily get you started.A fascinating and effectively composed website, often updated blog site is a great technique to add, upon having a site and therefore are on social networking sites. Your system will increase along with your on the internet presence inside a sociable placing.

    Everybody loves to get something ideal for simply a great deal!Search for network marketing company including coupon codes to share along with your customers. Individuals are often more prone to take a desire for your product or service in case they have a lower selling price.

    Prior to investing money into a marketing organization ensure that you research them with the BBB. There are numerous reputable companies around, but there are lots of less than great versions too. You have to make certain that this investment remains safe and secure.

    The guidelines in the following paragraphs will help you to increase your success rate. Ultimately, your ultimate goal is to bring in just as much income as you can. Ensure that you utilize each of the information and facts you may have been provided in this post, and force yourself to become successful.

  45. Pingback: Sports Betting Champ Maximizer

  46. Hiya! I simply want to give an enormous thumbs
    up for the great info you have right here on this post. I
    can be coming back to your blog for more soon.

  47. Pilar says:

    Its like you read my mind! You seem to know a lot about
    this, like you wrote the book in it or something. I think that you could do with some pics to drive the message home
    a little bit, but other than that, this is great blog.
    An excellent read. I’ll certainly be back.

  48. Howdy I am so thrilled I found your webpage, I really found you by accident, while I was searching on Askjeeve for something else,
    Regardless I am here now and would just like to
    say thanks a lot for a marvelous post and a all round exciting blog (I also love
    the theme/design), I don’t have time to read through it all at the minute but I have book-marked it and also included your RSS feeds, so when I have time I will be
    back to read more, Please do keep up the superb b.

  49. I know this website gives quality dependent posts and other information, is there any other web page which
    provides these kinds of things in quality?

  50. Kraig says:

    It’s difficult to find experienced people in this particular subject,
    but you sound like you know what you’re talking about!
    Thanks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s