Tim wrote:
Tim:
And the lack of a name doesn't prevent anyone from using it.
Robert Moskowitz:
No. You MUST have the name to associate with the AP. But all you
have to do is force a current user of the AP to reassociate to get the
name. There are now attack tools that will do this for you....
Only in the sense that *YOU* (the client) need know which name to use,
but stopping the SSID from broadcasting the name doesn't keep that name
a secret.
Tim, my friend, I wrote the definitative paper on this subject that
everyone references. I just about blew my gasket when one "security
researcher" published that the SSID was an exposed password and the
vendors jumped on a historical artifact of the standard and 'hid' the SSID.
Historical because when the standard was developing, there were a few
vendors that did not have the concept of an SSID in their product.
Afterall, theirs was the ONLY wireless network that would EVER be in the
warehouse or the retail store (that might hint to you who was the
leading vendor at the time without an SSID concept). So to move forward
the standard allows for no SSID. Of course all those systems are gone
and dead but the function lives on in the standard...
IF you only have one AP in your network and your signal is ALWAYS good,
you don't suffer too much from hiding your SSID, but as we said it makes
no sense.
My recommendation has always been to clearly announce who you are in
your SSID. That way if someone near you is having signal problems, they
can physically locate you and maybe work out an arrangement to share the
airways. So my SSID is my business name. My brother-in-law's is his
street address.
Oh, I am officially a security researcher and architect. I study
security systems to understand how they work and I design others (I
authored HIP, for example). Some colleagues and I are working up some
definitions. We take the four nouns:
Researcher
Architect
Pimp
Practioner
With the three modifiers:
Security
Risks
Vulnerablities
And define them. Now pretty much all three modifers for the noun, Pimp,
have the same definition. Someone that works in the area for fun and
profit. Sound like many of the 'outspoken security advocates'? And
every time I read the words, 'Risks Practioner', I think Bungie Jumper. :)
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines