[wsfii-discuss] Fwd: [india-gii] poor WiFi encryption a security risk
Kaplan L. Aaron
aaron at lo-res.org
Mon Sep 22 19:50:47 UTC 2008
On Sep 22, 2008, at 9:13 PM, Ramon Roca wrote:
>
> We don't have to expect that your mom, like any other average user,
> know
> about WPA/IMAP or whatever TLA we do use.
>
> However, be sure that they can distinguish between having to take care
> while doing things like giving credit card information to someone and
> doing something trivial which doesn't require any protection at
> all, so
> to do certain things they have to do in a way which they know is
> trusted, and if they don't know and there is a potential risk,
> don't do it.
>
> Common sense.
>
>
>
Yes, I agree with Ramon.
People even without technical knowledge do understand psychology (*).
And psychology is what is being used most of the time in IT security
incidents.
So they can actually start to defend against that - by being a bit
more aware and a bit more trained.
*However* I can assure you that when a law is passed that APs must be
encrypted, then the effect that you will get is that most people will
use WEP (because that works with every card and causes the least
problems) PSK. So, what would the effect be for city wide WLAN networks?
Well, one key for the whole city???
Great! ;-))
Smart people at funkfeuer and my job really also convinced me - the
currently best way to go is a) train psychology and b) use and offer
end to end encryption when you need encryption (think: SSL - that
would be a much better start. Do I dare to send e-banking over the
unencrypted funkfeuer.at network? Of course I do! :) )
best regards + interesting discussion,
Aaron Kaplan
CERT.at
(*) usually... except for us nerds :)
More information about the wsfii-discuss
mailing list