Fwd: [ PRIVACY Forum ] Windows 10 will share your Wi-Fi key with

• Previous message (by thread): Fwd: [ PRIVACY Forum ] Windows 10 will share your Wi-Fi key with
• Next message (by thread): JANOG36 English info available
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On 7/7/2015 5:39 PM, Joe Greco wrote:
> > Unclear at best. The way it is implemented, the user has the potential 
> > to go either way. A network might not want the user to have the 
> > choice, clearly, but there is certainly a subset of users who will opt 
> > out of the feature and I cannot see how those would be in violation of 
> > any sane network usage policy. It's certainly a mess in any case.
>
> Now that windows mobile and desktop versions are converging, I doubt 
> there is a way to really tell if a device is a PC or a phone or a 
> tablet.  Some network administrators banned mobile phones from wifi 
> connections because of Google's password storage violating their 
> security policy.
> 
> Now administrators don't even get that knob.
> 
> We could fix it in a couple of ways (or, they could fix it.. depending 
> on who pushes around money and if anyone cares enough to bother):
> 
> 1.  Wifi sends password policy during handshaking.  If you save 
> passwords you aren't allowed to connect here (or, you aren't allowed to 
> backup/share this password) but we will allow the user to connect.  This 
> can be transparent to the user and handled by the OS.*
> 2.  The client device sends "I am configured to backup/share passwords" 
> to the wifi.  This allows the AP to either deny the user outright, or 
> redirect them to a page explaining what is wrong or whatever.  This 
> might be accomplished via DHCP option if we want to keep it all in software.
> 
> * The fact that we need an IEEE level fix for a security problem created 
> by Google and then propagated by Microsoft is just pathetic.  These are 
> two companies that should know better than to do this.

Yes, I agree.

It makes me wonder how much of this is new-feature-ism promoted by a
management that is looking at the(ir) big picture, then having people
without sufficient technical depth "do that new feature."

Or are they really drinking their own koolaid and thinking that everything
is in "the cloud" today and so there aren't local security concerns?

I best go before I delve into the truly cynical.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.

• Previous message (by thread): Fwd: [ PRIVACY Forum ] Windows 10 will share your Wi-Fi key with
• Next message (by thread): JANOG36 English info available
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]