Slashdot Mirror
Why You See 'Free Public WiFi' In So Many Places
An anonymous reader writes "Almost anywhere you go these days (particularly at airports), if you check for available WiFi settings, you have a pretty good chance of seeing an ad hoc network for 'Free Public WiFi.' Of course, since it's ad hoc (computer to computer) it's not actually access to the internet. So why is this in so many places? Turns out it's due to a bug in Windows XP. Apparently, the way XP works is that if it can't find a 'favorite' WiFi hotspot, it automatically sets up the computer to broadcast itself as an ad hoc network point, using the name of the last connection the computer attempted. So... people see 'Free Public WiFi' and they try to log on. Then their own computer starts broadcasting the same thing, because it can't find a network it knows. And, like a virus, the 'Free Public WiFi' that doesn't work lives on and on and on."
http://hardware.slashdot.org/article.pl?sid=07/01/26/1420202, among others.
Best Slashdot Co
Steve Gibson covered this over 3 years ago. https://www.grc.com/sn/sn-082.htm
The "hpsetup" ESSID is from HP bloatware. It is used to connect the computer to wireless peripherals, namely HP wifi-enable printers.
I researched this myself, and it ended up that there were a bunch of better ways to implement it, but HP flat out didn't care.
Almost anywhere you go these days (particularly at airports), if you check for available WiFi settings, you have a pretty good chance of seeing an ad hoc network for 'Free Public WiFi.'
Doesn't match my experience. I have done a fair bit of flying lately - and always needing at least one connection each time because my closest airport sucks - and haven't seen it at the airports I've been to. I have checked for WiFi at coffee shops and restaurants and haven't seen that SSID there either. Lately I have been connecting through some of the busiest airports in the country (O'Hare and Newark Liberty in particular) and haven't seen this.
In fact, I can't think of the last time I did see it. I often use my blackberry to access open WiFi spots, and I don't have a record of a network that I have connected to called 'Free Public WiFi'.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Cue the picture featuring a pair of laughing girls.
to be affected. This was fixed in XP SP3. Love lines like "When a computer running an older version of XP ...." without further explanation. Haters gonna hate!
While that is certainly true, if you're trying to mimic a known network, you should probably name it appropriately.
After all, if you go to the trouble of setting up a fake walled garden page, you should name the network similar.
It's actually a very easy attack to run at places like hotels where travelers might be unwary and quite willing to fork over CC info for internet access.
Someone flopped a steamer in the gene pool.
Seeing that SSID in your client list is just Microsoft's subtle way of telling you to INSTALL XP SP3.
zeroconf and those "Quick Connect" buttons that routers and Windows have these days, for two.
Sadly Google Chrome doesn't support TLS (no friggin idea why) so server will negotitate down to the less secure SSL v2 or SSL v1 standard.
IE 8 or later, Firefox 2.0 or later. and Safari (no idea what version) all support TLS but obviously google thinks security is over-rated.
You are wrong but I can see why you would think that by looking at the Options section in chrome
Per Google employee lan Ian Ian
We explicitly disable SSLv2 (along with MD2 and MD4 certificate signatures). SSL3/TLS1 are enabled by default. It is automatic and hidden.
So basically what you're saying is that my WiFi is perfectly secure since I do not use a password that is easy to bruteforce. Which defeats your whole argument above. It's not easy to hijack WPA2 unless someone has a terrible password.