Sophos Researcher Suggests Password 'Free' to Spur Wi-Fi Encryption

← Back to Stories (view on slashdot.org)

Sophos Researcher Suggests Password 'Free' to Spur Wi-Fi Encryption

Posted by timothy on Tuesday November 9, 2010 @05:30PM from the has-some-drawbacks dept.

An anonymous reader writes "In the wake of concerns about FireSheep sniffing credentials from people using unencrypted public WiFi hotspots, a security researcher has proposed that the problem does not just lie with big websites like Facebook, but also with those who provide free wireless internet access. Chet Wisniewski, a researcher at security firm Sophos, proposes that all free WiFi hotspots should be encrypted — with the password 'free.' ''I propose standard adoption of WPA2 and a default password of "free." Whenever you wish to connect to complimentary WiFi, you select "Courtyard Marriott" or "Starbucks" like you always have, but you are then prompted for a password. Just type "free". It's not hard. In fact, operating system vendors could even program your PC to automatically try the password "free" before prompting you for a password on the assumption that you might be selecting a free service.'"

8 of 332 comments (clear)

Min score:

Reason:

Sort:

Re:'Free' or 'free'? by at_slashdot · 2010-11-09 18:15 · Score: 4, Funny

FreeWiFi (8 characters, combines lower and upper case to make it more secure ;)

--
"It is our choices, Harry, that show what we truly are, far more than our abilities." -- Prof. Dumbledore
Re:WPA2 minimum passphrase length... by wilson_c · 2010-11-09 18:31 · Score: 5, Funny

freeeeee?
I tried it by goombah99 · 2010-11-09 18:39 · Score: 2, Funny

Watch out! I tried typed in "Free" instead of of "free" like the Sophos Dude recommends and it wiped out all my time machine backups.
Well, at least that's what happened after I hard crashed my computer in the middle of a back up. But I'm sure it was sophos to blame.

--
Some drink at the fountain of knowledge. Others just gargle.
1. Re:I tried it by duguk · 2010-11-10 01:35 · Score: 2, Funny
  
  Watch out! I tried typed in "Free" instead of of "free" like the Sophos Dude recommends and it wiped out all my time machine backups.
  Well, at least that's what happened after I hard crashed my computer in the middle of a back up. But I'm sure it was sophos to blame.
  "Free" doesn't seem a very secure password. They should put some numbers and symbols in it.
Free by Alsee · 2010-11-09 19:03 · Score: 3, Funny

That's amazing! I've got the same password on my luggage!
-

--
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Re:Before everyone says that's idiotic... by Nursie · 2010-11-09 20:37 · Score: 3, Funny

Well, given that it takes a tool of some sort to do it in the cleartext situation, and a much more complex tool in the encrypted situation -
I'd say it's more like you used to have a door that could be opened with a crowbar, now the door's reinforced and you need a number 3 lockpick, possibly a number 4 as well.
Actually I'm still not happy. Trying to find a simple analogy to a situation where the information is thrown around in the clear but it requires some knowledge and a special tool to access it... It's like you need a screwdriver to open the already unlocked door, and now you... Hmmm. How about -
Or two people shouting in the street, except they're shouting in french.... no this one isn't going anywhere either. Damn!
Re:WPA2 minimum passphrase length... by selven · 2010-11-09 23:51 · Score: 2, Funny

freeeeee?
...dooommmmmm!!!!!!!
Re:Standards conflate encryption and authenticatio by bberens · 2010-11-10 02:36 · Score: 3, Funny

If only there were some sort of encryption standard that individual websites could implement which would cause the browser and server to encrypt the data between them. Some sort of socket layer which is secured via encryption. That would readily solve these problems. Oh computer gods, why hast thou forsaken us?

--
Check out my lame java blog at www.javachopshop.com