Re: F12 EEEPC 1000H WLAN with hidden SSID no go

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim wrote:
Tim:
And the lack of a name doesn't prevent anyone from using it.

Robert Moskowitz:
No.  You MUST have the name to associate with the AP.  But all you
have to do is force a current user of the AP to reassociate to get the
name.  There are now attack tools that will do this for you....

Only in the sense that *YOU* (the client) need know which name to use,
but stopping the SSID from broadcasting the name doesn't keep that name
a secret.

Tim, my friend, I wrote the definitative paper on this subject that everyone references. I just about blew my gasket when one "security researcher" published that the SSID was an exposed password and the vendors jumped on a historical artifact of the standard and 'hid' the SSID.

Historical because when the standard was developing, there were a few vendors that did not have the concept of an SSID in their product. Afterall, theirs was the ONLY wireless network that would EVER be in the warehouse or the retail store (that might hint to you who was the leading vendor at the time without an SSID concept). So to move forward the standard allows for no SSID. Of course all those systems are gone and dead but the function lives on in the standard...

IF you only have one AP in your network and your signal is ALWAYS good, you don't suffer too much from hiding your SSID, but as we said it makes no sense.

My recommendation has always been to clearly announce who you are in your SSID. That way if someone near you is having signal problems, they can physically locate you and maybe work out an arrangement to share the airways. So my SSID is my business name. My brother-in-law's is his street address.


Oh, I am officially a security researcher and architect. I study security systems to understand how they work and I design others (I authored HIP, for example). Some colleagues and I are working up some definitions. We take the four nouns:

Researcher
Architect
Pimp
Practioner

With the three modifiers:

Security
Risks
Vulnerablities


And define them. Now pretty much all three modifers for the noun, Pimp, have the same definition. Someone that works in the area for fun and profit. Sound like many of the 'outspoken security advocates'? And every time I read the words, 'Risks Practioner', I think Bungie Jumper. :)


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux