Home » Digital Insight, Wireless

The secure anonymous hotspot I proposed in 2007

By 10 November 2010 No Comment

Sophos security’s Chester Wisniewski offered a “solution” for securing Hotspots.  The only problem is that it isn’t secure.  Chris’ solution calls for the use of WPA-PSK which is not secure when everyone knows the PSK.  That’s because anyone can sniff the initial connection and derive the unique session key which makes the solution insecure.

I proposed a more secure solution for a secure anonymous hotspot back in 2007.  In fact we don’t even need to bother with any specific username and password.  I even discussed this with Microsoft engineers and we talked about how it could even be a blank username/password or any username/password combination so that just about anyone can connect.  It’s secure and easy to implement and it’s long overdue given the massive security problems with unencrypted hotspots.

Comments are closed.