Tag Archives: Wireless access point

‘Push Button to Connect’

One of the big holes in Wi-Fi setup has been security. In a lot of cases it’s not on by default and many folk have no idea how to set it up or even that their network is not secure.

Linksys reckon they have the answer with something called SecureEasySetup (SES) technology:

The SES technology enables users to create their wireless security protocols and set up their Wi-Fi networks by pushing just one button on the router and another on the wireless device being networked, the company said. The button enables the unit’s Wi-Fi Protected Access security and configures the network’s Service Set Identifier (SSID), eliminating the need for the user to manually create a passphrase to enable WPA protection.

Just push the button on each device and you’ve set up a secure connection between the two.

I like the idea of having a physical button, which removes the need for lots of fiddling about in design-challenged menus (most of the software that comes with routers seems to be have been designed by three year olds with premature acne.)

There is a downside to this, of course: It locks the user into buying both access point and Wi-Fi card from Linksys, otherwise it’s not going to work. And how would it work with more than one device? Could you add a non Linksys, SES-enabled device to a SES network?

But the button thing is good. People will like that. Could this kind of thing extend to other areas where technology runs up against usability? Could buttons make Bluetooth pairing easier, say? Press a button on each device simultaneously and hook them up?

Certainly the whole ‘button vs software’ thing has taken an interesting route. For a long time we thought it was better to have no buttons, or at least designers did. Macs have very few buttons, which looks great but isn’t always a good thing, especially if you can’t eject a bum CD, or the computer hangs. iPods are great examples of what to do with buttons, and later models cut down the number of buttons without cutting down the intuitiveness.

But elsewhere things have started reversing themselves. Laptops and external keyboards have toyed with the idea of dedicated buttons, but with mixed results. I’ve never really got excited about them. Some Logitech keyboards have lots of dedicated keys and even reassigned function keys (which are on by default, a rare example of Logitech silliness.) My ThinkPad has an ‘AccessIBM’ button and to be honest I’ve never figured out what it is. But the physical sound mute and volume buttons are necessary, because you may need to get at them quickly, especially if you’re in a meeting.

I certainly think there’s room, as we move more and more to wireless, for a standard button that creates a secure connection between two devices. It could even be protocol-agnostic: press it and the device does its best to connect securely to whatever other device is having its button pressed, so to speak, with whatever protocol it has at its disposal, whether it’s Bluetooth, ZigBee, Wi-Fi, InfraRed or whatever. Could that break the remaining logjams in user acceptance of these technologies?

WiPhishing: Threat Or Hype?

Is Wi-Fi being used by phishers and other identity thieves? Some folk reckon so, pointing to tricks such as the Evil Twin threat and something called ‘WiPhishing’, which, according to Information Week, goes like this:

“We call WiPhishing the act of covertly setting up a wireless-enabled laptop or access point for the purpose of getting wireless laptops to associate with it,” Cirond CEO Nicholas Miller said in a statement. “Hackers who are on a ‘WiFishing expedition’ may set the name of their rogue wireless access point (or laptop) to an SSID that is commonly used by wireless laptop users.”

For example, a WiPhisher could set the SSID of an access point or laptop to be the same as the default settings for widely-sold access points or hotspot services offered by vendors such as T-Mobile and Wayport, Miller said.

“Hackers are also likely to increasingly post common SSID names on their Web sites as this practice gains momentum,” Miller said.

I’m not trying to be cynical here, because I think Wi-Fi security is a real issue, but these kind of statements are more often than not made by folk who stand to gain the more afraid people are, because they sell ‘solutions’. The Cirond statement, issued on the PR businesswire on Feb 4, was quickly picked up by four or five industry websites including Information Week, SYSCON, Internet Telephony Magazine and InternetWeek (and now, of course, Loose Wire Blog).

So, threat, or hype? Probably both. So we should probably call it a Thrype.

Going Public With Sensitive Data

Forget phishing for your passwords via dodgy emails. Just use Wi-Fi.

Internet security company Secure Computing Corporation have today released a report prepared by security consultants Canola/Jones Internet Investigations which “documents the serious risks of password theft that business travelers encounter when using the Internet in hotels, cafes, airports, and trade show kiosks.”  The full report is available (in PDF format) here.

Posing as a business traveler, the author “found multiple methods available to cyber-criminals that could be used to steal passwords and corporate information”. Wireless access points are especially vulnerable: “Tests conducted at an airport Internet cafe and at a popular chain of coffee shops showed that unencrypted streams of data from the laptops of patrons could easily be seen in many instances by another patron sitting nearby with wireless ‘sniffer’ software.”

Even hotel broadband is risky. Canola/Jones shows “how a hotel guest can use widely available snooping software with a laptop logged onto the hotel network. The guest can successfully snoop on the hard drives of fellow guests who have file sharing” enabled on their PCs. Corporate data and passwords can easily be stolen.” Gulp. Other holes: keyboard logging software secretly installed on public terminals, and the hardy perennial, shoulder surfing, where a ne’er-do-well passes your terminal just as you happen to be entering a banking password.

Needless to say, this is all pretty scary. And Secure Computing would like to offer you a solution: their “two-factor authentication SafeWord line of tokens” which generate one-time-only passcodes for each user session. But there are other ways of foiling most of these exploits: Firewalls on your computer, common sense (don’t go to important websites like Internet banking on a public computer), and only using public Wi-Fi when you a) know it’s encrypted and b) you’re not dealing in sensitive data. Have I forgotten anything?