Home » Digital Insight, Wireless

The secure anonymous hotspot I proposed in 2007

By 10 November 2010 No Comment

Sophos security’s Chester Wisniewski offered a “solution” for securing Hotspots.  The only problem is that it isn’t secure.  Chris’ solution calls for the use of WPA-PSK which is not secure when everyone knows the PSK.  That’s because anyone can sniff the initial connection and derive the unique session key which makes the solution insecure.

I proposed a more secure solution for a secure anonymous hotspot back in 2007.  In fact we don’t even need to bother with any specific username and password.  I even discussed this with Microsoft engineers and we talked about how it could even be a blank username/password or any username/password combination so that just about anyone can connect.  It’s secure and easy to implement and it’s long overdue given the massive security problems with unencrypted hotspots.

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.