Slashdot Mirror
Windows 10 Shares Your Wi-Fi Password With Contacts
gsslay writes: The Register reports that Windows 10 will include, defaulted on, "Wi-Fi Sense" which shares wifi passwords with Outlook.com contacts, Skype contacts and, with an opt-in, Facebook friends. This involves Microsoft storing the wifi passwords entered into your laptop which can then be used by any other person suitably connected to you. If you don't want someone's Windows 10 passing on your password, Microsoft has two solutions; only share passwords using their Wi-Fi Sense service, or by adding "_optout" to your SSID.
no guests with windows laptops on my wifi - i'm not going to change my ssid, microsoft style. ugh. i guess this issue will resolve itself after a short shitstorm.
I can't wait
ahhhh no, for networks you have SELECTED to share it can do it. Wifi sense being on doesn't suddenly expose all your wifi passwords. extremely inflammatory summary. still seems a stupid risky feature, just not as dumb as those writing the Slashdot summaries.
This is so moronic on so many levels.
Great minds think alike; fools seldom differ.
..ck came up with THAT idea...?
I hope this isn't a representation of Windows 10 as a whole.
FBI Surveillance Van #1_optout just looks dreadful.
Finding God in a Dog
Are they f#cking stupid or something ? Why would I want to that ? And instead of opt-in, you have to OPT-OUT ? WTF ?!!?!
no fucking way. Somebody needs to be fired at Microsoft.
We all know how to handle this "feature", but most people won't have a clue.
This is right up there with their leaving file extensions hidden by default.
First, we're only talking Windows 10 PHONE Secondly, it's only available on networks you choose to allow this on. Third, yes, your wifi passwords are being backed up to make it easier when you migrate devices - Apple, Google and Microsoft all do this on your mobile devices. This isn't new! I can't imagine that this won't be opt in only by the time it RTMs (or whatever the equivalent is).
1. Offer tender proposal to target - request being added to contacts to avoid the spam.
2. Drive by targets office with Yagi.
3. ???
4. Profit!
No worries here. I always disable the WiFi on my routers. I prefer hardwired connections that don't give the router fits trying to perform encryption with their underpowered chips.
I do not fail; I succeed at finding out what does not work.
That feature will have a half life time in the range of days.
MS is so focussed to make 10 a winner they will flip the default faster than we can get really upset about it.
605413? Yes, it's a prime.
I will download the upgrade but im not going to install it until I see a patch that disables this idiotic feature. I really don't fancy having to redo my wireless network because I do not want to share my wpa key.
And we have now identified the NSA operative.
If you don't want someone's Windows 10 passing on your password, Microsoft has two solutions;
Not a problem for me, they missed the obvious third solution. Never ever use Outlook, Don't use Skype and don't use Facebook. Problem solved without having to change my SSID. And, of course, there is a fourth solution but that involves using Linux.
I'm an American. I love this country and the freedoms that we used to have.
I'm now revising my opinion of Outlook - especially in light of the recently passed Oz laws about pirating. In fact I'm about to order an external antennae for a laptop (trivial) hardware hack shortly.
There are times when M$'s drive to put stupid in the sysadmin seat make me very happy - this may be one of them.
No - I don't run Windows as my OS of choice. It's fine for some, in some situations (seriously). But rarely do I celebrate M$ stupid - and this "sounds" like both M$ stupid (I know - they really are catering to many of their "users" needs), and cause for celebration. I've always wondered whether Dallas Buyers Club was worth watching...
in the contest for the most braindead security 'feature' for the year.
Sadly you have serious competition, especially in the US govt.
Or, just don't use windows 10. I think I may have found the answer there.
Do you have ESP?
I think the default sharing of Confederate flag icons with your contacts will be more controversial. But if you add _trump to your ssid, the flags will only be shared to the dirty mexicans in your contacts.
Including the one at my jobs ? University ? My City subscription ?
I can't change the name of the SSD where I paid for the service ???!!!!
Ceci n'est pas une Signature !
And if you give your wifi credentials to a guest who needs access to your network, they can opt you in without your permission or even your knowledge.
The only way then to prevent unknown people from having your wifi password is to forbid Windows 10 mobile users from accessing your network.
i suspect that this is just another attempt by the TLAs to get corporations to do their bidding.... this time by compiling wireless network passwords in a central database that they, no doubt, will have full and unfettered access to
Hahaha this is so stupid it's kind of awesome. Now if you want to opt out of Google Maps and Wi-Fi Sense at the same time, you must change your SSID of, say, myhouse to myhouse_optout_nomap. I hope other vendors add further wifi based functions that required SSID opt-outs until we have at least 255 characters of crap on the end of all our SSIDs.
...how will anyone know you even exist?
And if you give your wifi credentials to a guest who needs access to your network, they can opt you in without your permission or even your knowledge.
They could also shout it from a mountaintop. There's no _optout option for that.
I've been running pretty much every build of Win10 since the preview first came out, and this isn't accurate at all....Yes, the Wi-Fi sense option is there, but when you connect to a new network, there's a "share with my contacts" checkbox that you have to turn ON for this network to be shared. The Wi-Fi Sense "master switch" may be on by default, but you have to specifically allow each individual network to be shared.
How many of those people will ever be in close enough physical proximity to your access point to actually need your WiFi password? Seriously? Unless I'm missing something, this has to win "Stupidest Idea of the Year".
It must have been something you assimilated. . . .
Is this a good reason to wait for Win 11?
If you don't want someone's Windows 10 passing on your password, Microsoft has two solutions; only share passwords using their Wi-Fi Sense service, or by adding "_optout" to your SSID.
Does adding this also prevent Microsoft from storing said WiFi password on their servers, or just instruct them to not share it out?
It must have been something you assimilated. . . .
Dont use the craptastic poorly designed outlook for email.
Do not look at laser with remaining good eye.
stop_stealing_my_shit_kents_optout_nomap
I've always assumed your WiFi information is stored on your phone. As such, it's available to anyone who has access to that stored data including backups.
I don't trust my phone at all. I use no apps on it, nor do I log into any website that requires a login / password through it. I assume all data passing through it is available to anyone who flashes a badge or has the skills to hack it.
My wireless network is a private vlan. The devices on it are allowed out on the net and that's it. No talking to other devices on the local networks of any kind. Ever.
So other than possibly free WiFi, nothing would be gained by compromising my WiFi credentials and that's how it should be.
..that no-one in your contact lists is a secret pedophile or selling stuff on silknet....
Is there now a Fools' Day every three months?
I refuse to believe this.
And how do I or the average Joe do this with my ATT gateway? First _nomap for Goggle horrors. Now, optout. I wonder if the NSA will provide something or will the SSID simply get too long to be able to enter it?
although since I run open APs, I don't think that it's going to matter.
Bryan
ERROR: INCORRECT
First: This is in Windows 10 desktop, as detailed here, complete with screenshots: http://www.howtogeek.com/21970...
Second: Even if this were only confined to Windows Phone 10, it would still be monumentally stupid.
Editor, A1-AAA AmeriCaptions
More bogus and inaccurate clickbait bullshit.
If you're going to troll and bash Microsoft, at least do it accurately.
This will stick it up to the Movie Companies. Now how are they going to do you for downloading there movies. Everyone (with 6 Deg of separation) will have your key and can use your link. Imagine them trying to blame you with this on by default. Thanks Microsoft. I never thought i would ever say that. Anyone could be using your wifi to download and you will never know.
Apple backs up my passwords with an encryption key which is also protected by a separate password.
Apple CAN NOT read my passwords, so they can not share them.
Not sure about Google, but I hope it does the same.
Microsoft is uploading passwords clear text or in some other equally dangerous form thats decryptable so they can be shared.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
So then don't enable it. You have explicitly grant access, it's not enabled by default.
It's like you're whining that there is piss in your beer when you're the one who pissed in it.
Apple does not back up passwords, only SSIDs
Secondly, it's only available on networks you choose to allow this on.
I don't have any choice. If I give my friend my WiFi password, and he happens to be running a Windows 10 phone, suddenly my WiFi password is shared with all of his contacts. So now every time someone is over my house and asks for the WiFi I'll have to ask them if they currently own, or ever intend to own a windows phone. And then, assuming they understand the question, I have to sound like a paranoid asshole and say "no" if they answer in the affirmative. My other option is to rename mySSID to end in _optout and update all of my devices because Microsoft chose to implement a ludicrous, criminally insecure, "feature"?
Third, yes, your wifi passwords are being backed up to make it easier when you migrate devices - Apple, Google and Microsoft all do this on your mobile devices. This isn't new!
Apple's encryption is end-to-end. They do not hold the encryption keys and thus can't share your passwords with anyone: Even if some brain dead middle manager had the idea to clone this feature, it would be impossible for them to implement without totally changing their security model.
Explanation: Microsoft is widely misunderstood. People think that Microsoft is a software company that does evil. That's not true. Microsoft's main purpose is delivering evil. The software is just a means of doing that. (My opinion, shared with others.)
So Microsoft has taken it upon themselves to share the network credentials with anybody it sees fit?
Fuck you, Microsoft. How about you help us make networks more secure and not less?
Not only will I stick with my Windows 8.1 install, but no Windows 10 device will ever get my network credentials.
This has to be one of the stupidest things I've heard of. And, of course, since Microsoft will centrally store your passwords, law enforcement can subpoena them.
Microsoft are too fucking incompetent at security to be trusted with this. And then to have the nerve to suggest we have to change our network names to opt out of their shit?
Fuck you, Microsoft. Fuck you very much.
Lost at C:>. Found at C.
Which explains why I don't have to re-enter passwords after restoring from backup. You moron.
Google stores passwords in the clear on your android phone. If it's rooted you'll find them in a file on your device. It also uploads them to your active Google account. Has been this way for years.
I wish these companies were held to account.
....that's just stupid, Microsoft.
Fix it.
Ferret
Oh, you might want to downgrade(upgrade) to Windows 7 if you want a proper "Computer OS" anyways, Windows 8.1 is pretty much Windows 10 already with a few less customisations and options.
Seems to me that MS is opening themselves up to potential federal prosecution for deliberately circumventing a copy protection device. I.e. I don't want my friend's uncle's cousin's daughter's Facebook "friend" being able to copy the contents of my network folders just because MS decided to give them access to my network. If *I* want to give them access *I* will give the password.
This whole scheme looks ripe for abuse. The most troublesome aspect is MS is going to store EVERY windows network access password centrally. I give this about an day before there is a friendly NSA agent knocking at the corporate headquarters's door with a warrant demanding a tap be put in place for government use (along with a gag order preventing disclosure). About a month later the FBI will clue in and do the same, and sometime between the two Chinese/Russian/British/French/Australian/etc. government backed hackers just break in and install a rootkit (giving free access to all).
if you are giving guests your wifi password then you have already opted in to whatever that guest decides to do with it, they could publish it on facebook, email all their other friends. once you hand out access you have already lost control regardless of the device they are using.
And if they're doing it in public, you'll probably be aware enough to change your password.
Not only that, but I don't want my passwords being stored on Microsoft's servers.
Oh wait a minute, you're that moron who thinks layer 3 switches are merely "bad routers." Go back to whatever high school you dropped out of, and for the good of the world NEVER go into IT or anything else besides janitorial work.
Mad cuz bad? Yeah, mad cuz bad.
Fuck off retard.
OPTOUT of Windows 10.
You can also opt out by appending _fuckoff to your SSID.
You miss the point. It's not about people deliberately sharing your WiFi credentials (which, let's face it, you can't do anything about short of (a) not giving the credentials out, or (b) changing the credentials on a regular basis.) It's about people inadvertently, without realising it, sharing your WiFi credentials to a bunch of people you probably don't know.
Combine that with the fun of explaining to prosecutors that, yes, the illegal traffic came from your network, but you don't know who was responsible for it, and you're left with a gaping chasm of "well, it seemed like a good idea at the time.."
IANAL but this sounds to me like a violation of the federal Computer Fraud and Abuse Act which prohibits unauthorized access to a computer and the "trafficking in
computer passwords and any other information which can be used to gain access to a protected computer".
I keep seeing attempts - but so far, not a single connection that wasn't authorized in 15 years.
Microsoft should never code a password sharing feature. This creates infinitely more problems than it solves.
Either Microsoft will have a database of all users and all Wifi passwords.
Or some automatic process will slurp it from your machine when needed.
I can't quite figure out which is worse.
Which explains why I don't have to re-enter passwords after restoring from backup. You moron.
You do have to re-enter your passwords after restoring from a backup with Apple devices.
I just had to go through it earlier this week.
If Microsoft are stupid enough to ship this "feature" - and have it turned on by default - what are the chances that they will be hit with a massive lawsuit?
No doubt there will at least be group policies - if not it disabled entirely - on professional editions of Windows, because corporate customers are going to run a mile from having external guests authenticating on to protected networks with confidential material, just because they happen to be a contact of the person they are visiting.
1. set up an offline account by not connecting to a network while setting up Windows
That's actually the only step. It avoids all that Outlook.com bullshit.
Why would I be mad? I'm not the one of us who has to wake up every morning to a brain dead existence.
I have the problem solved, I am not running Windows 10 on my gaming PC.
Be seeing you...
If you backup to a specific computer instead of iCloud and choose to encrypt the backup, then and only then will iTunes backup your passwords and other keychain data.
You can also use the iCloud Keychain to store/share keychain data without using iCloud: don't set a password, and sharing works only among devices that belong to the circle of devices that you authorize, without storing anything on iCloud servers. Apple actually got that right, although it's an option hidden in the iCloud keychain dialog boxes.
Even if you add _optout its still shared with Microsoft, its just not passed on automatically.
Sounds like a certain out of control agency has paid them to harvest all your Wifi passwords.
For the love of all that is unholy can we stop pretending that WiFi encryption keys are 'passwords.'
Each serves a very different purpose; just because a side effect of a WiFi encryption key resembles the purpose of password doesn't mean that they are one in the same...
The primary function of a password is to provide access control. You add passwords to your accounts in an attempt to restrict access to your accounts. No password - no access.
The primary function of an encryption key is to encrypt information in an attempt to keep third parties from snooping on the information being transmitted. No key - no snooping.
Not surprisingly, when you are transmitting information over a wireless connection, it is vitally important to have the information sent over that connection encrypted, either at the transmission level or the application level.
By giving out your encryption key (either for primary or guest access) you are allowing that person to snoop on *any traffic* flowing over that connection as if it were unencrypted; not to mention that the owner can also snoop on any information sent over the connection.
Just remember that the next time you access the internet over your local coffee shop's WiFi that everyone else using that connection can see everything you send and vice versa. Make damn sure that you have application level encryption for everything you do over a wireless connection.
Now rethink the article and decide if default sharing of *Encryption Keys* which allow anyone with the key to snoop on the connection traffic is as good or as bad as you thought when you read it as being *Password* sharing.
Kinda disappointed, but expected on the internet.
This service only shares OPEN WIFI -- i.e. routers that had no passwords on them to begin with.
I seriously don't see the big deal here. You could have logged in yourself anyway by hitting your wifi settings and connected by clicking on the AP and nothing else...
if you are giving guests your wifi password then you have already opted in to whatever that guest decides to do with it, they could publish it on facebook, email all their other friends. once you hand out access you have already lost control regardless of the device they are using.
Yes because having it stored in reversible crypto on Microsoft's publi facing servers is so much better.
It just means that the only safe and sane thing to do is to forbid Windows 10 devices from joining your network.
The problem is, if I let any of my friends near my beer, they could easily end up inviting all their Facebook friends to whizz in my ale. And the only way to scare them off is to write "_OPTOUT" in large letters on my favourite beer mug.
Why would anyone engrave "Elbereth"?
Look at it this way: At least when Windows 10 is finally released, they won't be able to say "It's the most secure windows ever".
I'm covered regardless, no one I know is stupid enough to ever run anything past Windows 7 or even consider using Windows Mobile of any version.
Another reason to stay with Windows 7...
Even if this were only confined to Windows Phone 10, it would still be monumentally stupid.
But we would be statistically unlikely to ever be affected by it.
First, we're only talking Windows 10 PHONE Secondly, it's only available on networks you choose to allow this on.
Quoting TFA:
", and access to password-protected networks are shared with contacts unless the user remembers to uncheck a box when they first connect."
Is this saying that choosing to allow requires users to take a non-default action to uncheck a box or is there something missing or being intentionally distorted?
If you have to uncheck a box to prevent sharing as TFA implies then that's crap.
Third, yes, your wifi passwords are being backed up to make it easier when you migrate devices - Apple, Google and Microsoft all do this on your mobile devices. This isn't new!
So? What does it matter who else is doing it or how long it has been done?
Last time I checked the calendar, today isn't the April's fools day...
Do I understand this `feature` correctly? If I enable it then all of my contacts now have access to my wifi credentials. I can imagine that I might want this feature for my wife and kids but there is no way in hell I would want to do this for every contact in my list. My wife I trust but the friend of a friend that I just added to my contact list - not so much (although thinking about it maybe that should be reversed).
If that is truly the way this thing works then this is one of the more brain dead ideas some clueless program manager came up with (ranks right up there with the idiot that decided that email messages should be HTML formatted and should contain active content).
Don Dugger
"Censeo Toto nos in Kansa esse decisse." - D. Gale
The problem is, if I let any of my friends near my beer, they could easily end up inviting all their Facebook friends to whizz in my ale.
Considering you've already pissed in your beer, additional piss isn't going to make it worse. It's already as bad as it can be.
And the only way to scare them off is to write "_OPTOUT" in large letters on my favourite beer mug.
Or by simply not enabling WiFi Sense in the first place.
I'm sorry but my paranoia level long ago prevented any device without a whitelisted MAC from accessing my personal fortress of solitude. If Windows 10 wants to share WiFi access I've gained at other, non-home locations with my contacts then M$ can deal with the related collateral damage in court. I may not be wealthy but that doesn't mean I won't lawyer up in a heartbeat if my financial prosperity has wrongly been put into jeopardy.
Have you been in a coma for 15 years? Let me give ypu a short history lesson:
Some idiots flew into the twin towers on purpose. Afganistan was invaded to kill the terrorrists.
Irak was invaded to kill the same terrorists, but it was really about weapons of mass distruction, but actually about oil.
We have always been at war with Terrorism.
For our own safety; subpoenas do not excist anymore.
War is peace, freedom is slavery, ignorance is strength.
Don't fight for your country, if your country does not fight for you.
I wonder if there is a way that this would run afoul of federal wiretapping laws. We already know with the recent google map cars that WiFi is not considered "easily/ readily available to the public" even if there is no password. This meant Google did run afoul of federal wiretapping laws, even for things without a password. Just makes one wonder. It seems, from my little knowledge of computer security, to be fundamentally insecure.
I think this might even facilitate wardriving on a huge scale. And M$ to blame for it. Storing a password via outlook on a M$ server? Even hashed it's just a matter of time and GCPU power before its cracked. Using cheap 2n hand Titan cards and some nifty written piece of cuda software ...
Or is this the new NSA backdoor?
Bach says it all.
And making sure nobody who has access to your wifi ever enables it either. Best of luck!
Why would anyone engrave "Elbereth"?
Or you could just not enable the feature or disable it if you already did. No WiFi Sense running, no connections being made.
Why would that matter? If you don't have WiFi Sense enabled, nobody can connect through it. What don't you understand about that?
Exaggerate much?
It isn't selling your mother into sex slavery.
It's a piece of software. Buy it, don't buy it.
You were that kid that ate glu in grade school, right?
The problem is that your regular semi-computer-illiterate friends come over with their Windows 10 laptops and ask to use your wifi for ten minutes, you give them the passphrase and their laptop now shares it with everyone they know.
So available options include:
* Per the Wifi-sence FAQs, 802.1x networks will not be included. So we can enable WPA2-Enterprise security, for which a Radius auth server is required. Evidently easy enough to do with dd-wrt or the like but much more work to allow guests in.
* MAC address filtering? Won't prevent the password hash from being stored on servers and passed around to contacts, but will prevent non-registered devices from authenticating. More work than previous option.
* Use the _optout thing. Not a lot of work but sort of offensive.
* Not give out password to any guests, because even if they're using their Android phone one day, they might pass on the password to their Windows-phone-using buddy.
I guess option #1 it is. At least it lends some nerd cred? This is annoying.
...is to rotate your key daily or maybe hourly using a key generator and some scripting to push it. At least openWRT would allow this programmatically but no way off the shelfs would unless you want to automate a browser AND take into account the constantly changing interfaces for all the different brands.
Does anyone know if there's a way to fingerprint a win10 device from their broadcast? Because that needs to happen
So when I invite a Win10 user and give him/her the password, that password may be shared to anybody that Win10 user is connected to - without that Win10 user knowing or realizing it.
And of course a lot of people use the same password for their WIFI as for other stuff, so Win10 seems to be a quite nice password sniffer.
That is the problem. People screaming passwords from mountaintops isn't.
So when I invite Win10-users I have to debug and reconfigure their devices on the doorstep? Are you serious?
Some Intel laptops have this ability for some time. In fact sharing a wifi connection was originally created for times when only a LAN was available and rather then connect every PC to a cable you could use just one and share that connection via WiFi. Now of course in a wireless world Microsoft has decided to make this a on all the time default. You can turn it off and public connections are off by default like the Xfinity hotspot connections. So don't worry if your using a public wifi. This is for known private connections not public. Still I understand the concern and how this feature is kind of buried and many users will not even know its there. Again, Microsoft is getting like Apple and Google making choices for the end user that may not be always correct for everyone. This is similar to Bluetooth allowing a connection all the time form other devices. PC makers might offer some sort of value added software to be able to turn this off and on, or may even distribute their PC's with it disabled? Still early yet, to know how Microsoft and its partners will use it. Beta versions tend to default everything on to test the OS fully. So just because Preview is on, means very little.
Make sure you don't have any contacts in your Outlook address book.
- Dan
You're friends (acquaintances) with someone who uses Windows PHONE?
The sync my Password to Microsoft has been part of Windows 8 and newer from day one. It's just this poorly implemented guest access that's stupid.
Eh? I didn't. I demo mobile device management and nuke my demo iPad daily. I've never had to re-enter my corp wifi. Way back both Google and Apple had breaches about some users' wifi passwords being lost, but I think it was only a tiny subset of users. Maybe they have changed practices.
Why thanks! It's always nice to be recognized... No, just a MS consultant that works in the systems management space. I'm paid to clean up MS's mess, so I'm usually pretty busy :)
Thanks for the correction! Seems the product teams weren't talking internally, I got bad intel from Redmond. It's still opt-in though, so I don't see the controversy. The save to server isn't new, only applies to MS accounts - not local only, and I had to be stupid enough to click a checkbox to share it before this works.
Not saying it's not used for that, but the users I support complain constantly about having to re-enter wifi credentials. When I spot to MS over Win 8, the idea was to make it easier to support wiping devices and device migration. MS was in the middle of moving to the whole user model where my data is the same on phone, laptop, desktop regardless of where I go - isn't entirely there yet, but that's the framework they want to have in place. Still, it only applies if you bothered to link your account to a MS account.
Didn't Google already claim ownership of my SSID in case i wanted to opt out of google maps WIFI scanning ?
Looks like I was wrong about this being PHONE only, that said, I think changing the checkbox to default unchecked would be sufficent. How about letting MS know your thoughts: http://windows.microsoft.com/e...
I wonder, though, if you give your pass to a guest who is using win10 (unbeknownst to you) and your router is set to not allow win10 devices (is this possible? I'm not techie enough), would their win10 machine still save the pass and share it?
If so, you would need to do the banning personally. If your guest asks for your pass, you will need to personally check that they're not going to use it with a win10 device before you hand it over.
This Microsoft Wi-Fi Sense thing is a joke, right?
Step 1. Make Encryption Obsolete by getting all the keys to all the locks.
Step 2. NSA Secretly imposes requirement on Microsoft.
Step 3. Get Microsoft to give away windows 10 to every one on he planet
Step 4. Get Microsoft to set up a server that every Windows 10 install reports your access credentials to.
Step 5. All your privacy belong to us.
Step 6. World Screwed.
Step 6. A. Server malfunctions shares everyone's credentials with everyone, World Screwed.
Step 6. B. Server shares with your contacts, then cascades sharing from your contacts their contacts and so on and so on until everything shared with everyone, World Screwed.
Step 6. C. Server hacked by China, World Screwed.
Step 6. D. Server hacked ransom-ware installed every ware, World Screwed.
Step 6. E. Because on an "Over-Site" everything just a Google search away, World Screwed
I'm looking at current window 10 build: Manage Wi-Fi Settings shows checkboxes to share or not with outlook.com contacts, skype contacts, facebook friends.
Additionally you MANUALLY select networks to share. None are automatically selected on my laptop.
WHAT ??? Sign up with "insider", which must know your phone number? So share my phone number with the idiots who thought sharing passwords is a great idea?
You must be a moron.
Bingo Dictionary - Pragmatist, n. A myopic idealist.
Or you just look at the post it note on my wall by the door with the guest logon Wi-Fi password. You can connect to the internet, but you still have no access to my network..
It is The Register so take it lightly. Seen a bunch of stuff on The Register that been reported wrong or miss reported.
So if I turn on MAC Address checking on my wifi router I'm assuming it will stop this nonsense as relatively
annoying as it might be.
I could change my WPA-PSK WiFi password now on my Linksys router and on all the PCs and smart phones in my house and keep track that no one brings in a Windows phone and then after anytime I give someone else the current password go through all the bother of changing the password again on the Linkys and all the house's devices. Yuck.
Ahh, I know, I can use Tomato or DDWRT on my Linksys router and have two SSIDs can't I? I could change just the password on the guest SSID and not have to change the password on all of the house's devices. What about having the guest SSID have the _optout on it and never changing its password? Naw, if that's okay might as well just put _optout on the main SSID.
I'd rather Microsoft not have my password - or even a hash of it. Do you think an SSID with _optout keeps my password safe from Microsoft (or their partners).
This is poorly thought out and criminally stupid. What about contacts you are required to maintain by court decree (my ex for example) which I certainly don't want to have access to my wireless. Actual friends are OK, but what about friends of friends of friends? I don't know them, so why would I want Microsoft to give them access to my network?
This is good news for Apple!
I knows for certain that there won't we any windows 10 devices on my home network.
My wifi has chlamidia :)
This is an old sentiment, but I am SO sick of software companies having the arrogance to think that because I've installed their software I want them to mess with my environment. They try to change my default browser, add tool bars or other software, change my settings, and now, I guess, share my wi-fi. HOW ABOUT YOU JUST DO THE THING I AM INSTALLING YOU TO DO?! Not more, not less.
Any changes to my environment beyond "your software is now on my computer" should require clear and explicit OPT-IN from me. It should not be hidden in a EULA, nor sneaked through as an opt-out in a dialog box. All that garbage does is tell me I should not trust you as a software company, and I should immediately research alternatives.
It's OK to ask if I want to do it, if you explain in plain English what exactly you want permission to do, how it may benefit me, and what the potential risks are. I can see how some of these things may be beneficial, but it should be my (informed) decision.
This is one of the most lame-brained ideas I have ever heard. Even the two solutions offered by Microsoft are unacceptable. It needs to either default to "OFF" or be removed from Windows. This is an epic privacy and security failure in the making. I cannot believe a sane engineer came up with this it had to be a marketing drone with zero clues.
Microsoft also adds that Wi-Fi Sense will only provide internet access, and block connections to other things on the wireless LAN
So I'm reasonably certain all this will do is block access to your subnet and only allow traffic to your gateway. Which in any corporate environment is a massive security risk because if they're doing it right, employees are sitting on different subnets (RFC1918 or otherwise). So, yes, random guy who happens to be a contact in Outlook.com (which literally BEGS to let you make every you ever emailed a contact) now has access to every normally permissible network node as long as he's not interested in the wifi subnet.
Yes, most corporations should be using per-employ authentication, and hopefully Sense engineers are dumb enough to share out AD/LDAP credentials (well, maybe they're not smart or interested enough to go into *nix authentication). But that's not always the case.
Can't wait until this is called "Wifigate"
This sig isn't original enough, it's time to come up with something witty...
All new routers will allow users to connect without a password... but it won't grant any access and the first port 80 request will redirect to a page where you type in the password. Voila! The password isn't shared, it's stored on your web browser instead of the desktop environment, and everyone has a huge pain in the ass whenever they want to do something that isn't browsing web pages.
Doesn't EVERYONE know that version X.0 of any software is a bug-ridden mess?
Why anyone, anywhere, ever, agrees to beta test, or use an early version of software, is beyond me.
It's like volenteering to test home made explosives, before they have figured out how to make fuses with dependable burn times.
So, look, the 10.0 version of windows has a mind-bogglingly dumb setting for password security. Everyone will freak, MS will fix it. And in 2-3 years, when the non-insane people switch from windows 7 or 8, up to Windows 10.1, it won't be a problem anymore.
except this involves the NSA. How far removed are you from the NSA knowing your password?
Hmmm ... Microsoft does not own my wireless access point, nor my router, nor pay my ISP bill. Sounds like this will eventually be resolved with criminal charges for theft and/or tresspass. I wonder whether it will be a class action suite or some lucky plaintiff is able to set it in motion and keep all the money.
Clearly MAC address blocking can prevent most unwanted access but is a pain to setup every time you have a guest. Wonder how this "feature" handles hidden SSIDs? normally you need to check an extra box to connect to a hidden network. That wouldn't prevent those determined to get acces but might stop the random casual use by neighbors.
Set up your router so any unauthorized MACs are monitored via MITM. Strip away SSL, kill any SSH pipe or VPNs, log all traffic. Be sure to put up a warning in the middle saying what is happening and why. Something along the lines of "One of you rbuddies gave you my password. Therefore, I am going to record and save all data transmitted across this connection. If you do not consent to this, please opt-out by disconnecting." To be honest, someone's going to find a clever way to prevent this.
Plausible Deniability
LOOOOOOOOOOOOL
You're SO MAD!
HEI NARDELLA ARE YOU AWARE YOU WILL ! BE SUED FOR BILLIONS AND BILLIONS OF DOLLARS OF DAMAGES FOR AIDING AND ABETTING FEDERAL FELONIES ? THEFT !? WIRE FRAUD !? WORSE CRIMES ?
are YOU MISGUIDED Microsoft manager awareyou WILL ! Be sued for wilfully allowing federal and national security crimes ?
Maybe not ....but read the fine print in a bunch of documents you Microsoft signed before the NSA starts knocking at Nardella's door at midnight.....
They can have that password all day long. It won't put them on my whitelist.
Because if your friends can connect to your network, and they have WiFi Sense enabled, then access to your network is shared with all of their Facebook friends.
So you have no control over who now get access to your network. Is that clear enough yet?
Why would anyone engrave "Elbereth"?
> Apple CAN NOT read my passwords, so they can not share them. Do you honestly believe this? You probably also believe it when Apple says that Macs can't get viruses.
Nononono.
See, mad is what happened to you after you saw a Google bus, because you believe that it was responsible for you having to take out a second mortgage on your cardboard box, even though in reality it's because you're so dumb that nobody will pay you more than minimum wage to clean the scum off of the bottom of a McDonald's fryer.
If I can successfully connect to a hotspot, this doesn't mean I own that hotspot or have any right to grant access to it to third parties. Someone's being an idiot, and this time, for a change, I suspect it's not Microsoft.
I wonder, though, if you give your pass to a guest who is using win10 (unbeknownst to you) and your router is set to not allow win10 devices (is this possible? I'm not techie enough), would their win10 machine still save the pass and share it?
I don't know of any AP's that support this feature, but I'm sure you could have the router issue deauth packets to any MAC address that you've identified as belonging to a windows 10 device, that way it isn't able to communicate with any other devices on the node (e.g. for hacking purposes.) I suspect such an AP would exist, because I know that Marriot was using the same attack to prevent people from using their own private APs near their hotel.
As for how you might identify a windows 10 device to begin with, I wouldn't be at all surprised if any of its 802.11 frames included any bits that could be uniquely linked to that OS version. One way I could think of would be to look for MAC OUIs that are used on Lumia devices. It seems this feature is only for Windows 10 mobile devices, so that alone would keep out at least 90% of them.
From the MS Windows Phone Wi-Fi Sense FAQ:
"You share with your contacts, but not their contacts. The networks you share aren't shared with your contacts' contacts. If your contacts want to share one of your networks with their contacts, they'd need to know your actual password and type it in to share the network."
Microsoft only centrally store your credentials if you let it.
Not using a Microsoft account (don't give in to them nagging you to enjoy the 'full Windows experience'), and avoiding anything Microsoft for mobile (tablets and phones) will do the trick.
It seems like even a fresh install of Windows 10 on a desktop PC needs to be kept on a tight leash: Installing Classic Shell, disabling Quick Access on File Explorer, get rid of all preinstalled Metro crap with "Get-AppXProvisionedPackage | Remove-AppxProvisionedPackage", and settling this wifi thing.
Learn online & practice Russian by Skype lessons provided by tutors available on preply.com....
Very easy and a much effective for improving and learning the language from some very experienced tutors....
Also one can learn any international language from the tutors available on it....
Must join this here... http://preply.com/en/russian-by-skype