I refuse to run an open wifi network. I prefer to encourage the use of proper encryption.
If you want to run a publicly available wifi network, just use WPA2-PSK and put the short key in the SSID. For example, an SSID of "free_wifi_password_is_SECRET2".
Unlike WEP, which uses the PSK for everything, WPA just uses it for associating. Connection keys are generated and rotated frequently during actual data transmission.
WPA2-PSK-AES with a 64-character passphrase that looks like line noise. Save it to a text file stored on a USB key, so you can just move around to various devices and cut-n-paste it in to set them up. Change it if you ever give it to a guest -- once they leave, or sooner if you want to *prod* them to leave.
Change your SSID to something like "invite_only" or "private_keep_out". This is more for legal support than any actual physical defence.
Turn on and periodically check the logs on your WAP. Become familiar with what normal entries look like and keep an eye out for anomalies. Specifically, look for any duplicate MAC alerts, which is a sign someone is trying to spoof one of your MAC addresses.
Noob tricks like MAC filtering, DHCP client limits, etc. are trivially bypassed by a knowledgeable attacker. Please note, anyone with a few minutes access to Google is now a knowledgeable attacker.
Make sure all your devices support WPA2-PSK-AES. Any that don't, upgrade or replace.
And...you're my #100 for Slashdot. Good luck. Some people seem to be getting an "exceeded capacity" message. You'd think Google would disable the invite function temporarily if they were having issues or wanted to throttle things back.
I seem to have more, though a few people have reported getting "exceeded capacity" messages. I don't that that is due to me, but due to Google+ getting slashdotted.
It seems to be an unending supply. I've sent 85 in response to requests to this article, plus another 40 or so from other sources of requests. All that in the last hour or so and I can still send.
Slashdot Mirror
1985 never happened for you?
I refuse to run an open wifi network. I prefer to encourage the use of proper encryption.
If you want to run a publicly available wifi network, just use WPA2-PSK and put the short key in the SSID. For example, an SSID of "free_wifi_password_is_SECRET2".
Unlike WEP, which uses the PSK for everything, WPA just uses it for associating. Connection keys are generated and rotated frequently during actual data transmission.
WPA2-PSK-AES with a 64-character passphrase that looks like line noise. Save it to a text file stored on a USB key, so you can just move around to various devices and cut-n-paste it in to set them up. Change it if you ever give it to a guest -- once they leave, or sooner if you want to *prod* them to leave.
Change your SSID to something like "invite_only" or "private_keep_out". This is more for legal support than any actual physical defence.
Turn on and periodically check the logs on your WAP. Become familiar with what normal entries look like and keep an eye out for anomalies. Specifically, look for any duplicate MAC alerts, which is a sign someone is trying to spoof one of your MAC addresses.
Noob tricks like MAC filtering, DHCP client limits, etc. are trivially bypassed by a knowledgeable attacker. Please note, anyone with a few minutes access to Google is now a knowledgeable attacker.
Make sure all your devices support WPA2-PSK-AES. Any that don't, upgrade or replace.
I think I deciphered that one correctly. Flip words around AT, right?
And...you're my #100 for Slashdot. Good luck. Some people seem to be getting an "exceeded capacity" message. You'd think Google would disable the invite function temporarily if they were having issues or wanted to throttle things back.
I seem to have more, though a few people have reported getting "exceeded capacity" messages. I don't that that is due to me, but due to Google+ getting slashdotted.
Give it a go.
Man, I hope "thatthingsunwas" translates to "dot". :-)
It seems to be an unending supply. I've sent 85 in response to requests to this article, plus another 40 or so from other sources of requests. All that in the last hour or so and I can still send.
Enjoy.
Interesting. I've sent 75 invites in the last 30 minutes in response to this thread and it never asked me for a name. Just adding e-mail addresses.
It would be an interesting experiment, though.
Really? I've sent invites to people not in my contact list, for whom I just entered the e-mail address and they got it.
For people who have created Google Profiles, it will auto fill in the name, if they have a Gmail address.
What leads you to believe a full name is necessary?
(Curse Slashdot's 1-minute-between-posts filter! It isn't meant for quick replies.)
Done
Coming which way? What e-mail address?
Sent to both.
Kevin Rose controls his own domain. I don't think you have the power to auto-forward your Slashdot journal over.
One is on the way.
So far, I seem to have unlimited invites so the next one is for you.
I figured, but wanted to be sure. Sent.
E-mail address?
That will depend on you posting an e-mail address to send an invite to!
On its way
And done.
Sent one.
Sent.
Even cooler if you link to the correct Wikipedia page!
They're trying to avoid the "Nobody goes there anymore because it's too crowded" problem.
I've been handing out invites to people brave enough to give me their e-mail address.