[wsfii-discuss] CMU develops Firefox extension to aid wifi network security
Vickram Crishna
v1clist at yahoo.co.uk
Tue Aug 26 14:34:06 UTC 2008
The public wireless networking scenario, still very nascent in India, has been dealt a body blow in recent weeks, with two separate open networks being used (apparently) by terrorists to send anonymous emails announcing attacks (to be quite clear, the first claimed credit for an attack and the second denounced the arrests following the attack as bogus, claiming the perpetrators were at large and would strike again in the near future).
The newspapers have had a field day, blaming the development of WiFi for the police' inability to catch the senders (fyi, public access cybercafes have also had a very tough time generally, and in fact the business of public access has become very difficult, because of police insistence on logging all customers).
The police investigation that followed was characterised by poor knowledge of networking in general, but also revealed that public service providers were going out of their way to disable basic network security, probably to save themselves service loads. (imho, much of the problems are caused by very poor quality authentication software, often used even when supplying 'always-on' DSL 'broadband' services. Disabling the wireless security makes it much easier for user's computers themselves to re-authenticate the connection, because the routines can't be handled by the routers. Mind you, this doesn't really make much sense, but then I don't run an ISP).
Carnegie Mellon has just announced what is said to be a low cost independent authentication service, built as a Firefox extension called Perspectives, that will block MitM attacks on users of open networks, preventing attackers from gaining control of user computers by mimicking genuine web sites that ask for user information. This story, from an Indian ezine, describes the development. Needless to say it also tries to draw the inference that this would prevent such emails from being sent with equal ease as the two mails I described, while of course it does nothing of the sort.
The story also fails to point out that very few Indian computer users actually use Firefox, aided and abetted by Indian banking and other transaction sites that only work with IE.
Vickram
http://communicall.wordpress.com
http://vvcrishna.wordpress.com
http://www.igovernment.in/site/New-system-enhances-security-in-WiFi-networks/
Send instant messages to your online friends http://uk.messenger.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/wsfii-discuss/attachments/20080826/a72a841a/attachment-0001.html>
More information about the wsfii-discuss
mailing list