Some major points against your solution (I'm the AC you've responded to)
Proposed solution: not broadcasting SSID
Verdict: a. anyone with entry level IT knowledge will be able to detect and connect to non-SSID-broadcasting APs. I don't want anyone to connect to my AP unauthorized. If everyone would be fair and could be trusted to not upload illegal material or download oodles of torrents, that would be fine, but in our current world, no.
b. anyone with mid to high level IT knowledge will be able to eavesdrop on any cleartext going over the air. I don't want anyone to listen to my connection, no matter I look for cookie recipes or make stock trade orders. There are several housemates on my WLAN with less than entry-level IT knowledge and it's my responsibility to protect them.
Proposed solution 2: restrict MAC entries. Verdict:
a. I don't have enough time to actively administer my AP, so every housemate and their guest can use the net. SSID and password are pinned on the fridge, everyone who is trustworthy enough to enter our apartment is considered trustworthy enough to access our network until proven otherwise. With 5 roommates and several guests a month, everything else would be like a second job.
b. MACs can be spoofed. This may require mid-high-level IT knowledge, but I don't want anyone unauthorized on my net. See above entries: IT-un-savvy roommates, friends and guests need protection.
Conclusion: proposed solutions would be unworkable given my time constraints and requirements ("You can access my net IF you are able to access my apartment AND you don't bother me").
Personal opinion: redesigning network policies because of a single misbehaving or incompatible device is a waste of time.
Developers usually concentrate on, well, developing. It may happen that they find themselves in a binding contract of which they don't like each and every letter.
Breaching a contract is against the law, so it could be said that carefully exploiting a contract is lawful.
We're not talking about a stream cipher that encrypts megabytes of data per second but phone number, a string with a maximum of about 15 digits, maybe more.
And then the contents of SMS, again 160 half-bytes at max. I mean, these phone CPUs can decrypt tiny videos at 15fps and not break a sweat, come on, they CAN encrypt less than a dozen kilobytes without killing the battery.
Then again, I'd rather recharge the phone every fourth day instead of every fifth when I can be sure that no one can clone its contents when I look away for a second.
I understand your point concerning the Swedish eavesdropping - BUT, you don't achieve anything when you're using self-signed certs.
Why? Because your trusty Swedish authorities can generate a self-signed cert to simply impersonate each and every site you're visiting, including TPB. Now, how do you know it is TPB you're encrypting to and not the Swedish equivalent to the 4chan Party Van? Right: no chance.
With the Swedish authorities, the MITM could very well already be present when you first login to the net and therefore present you a valid looking, but patently forged cert looking like it belongs to the local pirates, while the officers are snooping. Thanks, but that's useless.
If you honestly think that introducing a self-signed root cert into customer computers to save a measly 30 bucks a year is a good style of security, please stay away from my computer, my business or my customers.
Compromised root certs are a major attack vector on SSL connections and I don't trust you or your business enough to keep your root cert safe. I barely trust Verisign, for that matter.
The worst part of you cert-hating folks is the point, that many try to perpetuate the belief that they are not the target of crackers, that their smallish site is too unimportant or too obscure to be of interest.
That is wrong on so many levels and if you think about it, you'll remember that automated attacks can hit anyone on the net at anytime.
Firefox gained significant traction because it was better, faster and much more secure than IE. Emulating the general carelessness of IE is not going to gain further mindshare.
Ignorant and careless people never download Firefox in the first place but keep using IE6 indefinitely. We all know some friends who are like that, using one password for everything, who have fifteen toolbars in IE because they never bothered to uncheck the checkboxes for all the "free" crap they install.
No, warning users about being careless is not a strong-armed tactic. Come on, it's probably much less annoying than the seatbelt warning of your car.
If you add your own root CA and you know what you're doing, you'll be fine. That doesn't work for all users and importing self-made root CA certs is a generally a very sensitive area that should not be taught as a general measure to non-technical users, because it can have disastrous effects.
But it will work for small sites with technical users who'll be able to spot MITMs instantly.
The difference between a self signed cerat and a $10 official one is that ANYONE or ANYTHING could generate a self-signed, but fake certificate in microseconds and it would take you, the user, more than 20 seconds and much dilligence to double check on those key fingerprints.
Heck, automated attack tools do this routinely.
Do you check the key fingerprints regularly? If not, you need a signed cert. Even if you know the IP of your server by heart, the only chance you have to know that "123.123.223.223" really IS "123.123.223.223" and not some redirected bogus host, then you better check on those fingerprints.
If you think that knowing the IP adress of your server is a guarantee that you reach this exact physical machine, please rethink or hand in your geek card on the way out.
Yeah and in a corporate environment that $10 certificate means the practical difference between knowing that your password is sent to your server and NOT to the multi-function printer trojaned by a disgruntled employee or corporate spy.
How do you procure your servers and software without paperwork anyway?
There are automated man-in-the-middle attacks that generate a self-signed bogus certificate ON THE FLY.
That's why proper certificates need to be registered and checked against a known authority.
If your communication is re-routed somehow to an eavesdropper's site and you use self-signed certificates, you better doublecheck those key fingerprints any and all times you access this site because you might be encrypting through a trojaned router somewhere that just presented you a self-made cert.
If the transit line of one of your users is compromised, even temporarily, that user will never know what happened and happily deliver his password to the man in the middle.
Dare to tell us how this could be *more* secure than a using signed cert?
How do you know it is YOUR wireless broadband router admin site, then? It could be anyone who just managed to re-route your connection.
Why should you use encryption (securing transit lines) when you don't need authentication (securing transit endpoints)? When you're not sure if the endpoint you're talking to is the one you want, you could as well transmit everything in cleartext, because your receiving endpoint might as well be the eavesdropper himself.
Better yet: expect the non-technical crowd, the users, to put up with errors of the pro-technical crowd, the site maintainers.
Excellent shift of responsibility towards, right?
I think this is an issue of whiny webmasters, really. A proper certificate is around 10 bucks per year and although they issue it to anyone, it is security at a much higher level than using a self-signed crutch.
If you're a website owner, put up those 10 dollars and stop complaining. Keep your house clean and your certificates valid.
EVERYTHING you do by that is better than to accustom millions of non-technical users to click away any and all error messages when surfing. If all browsers would show these drastic certificiate errors AND all SSL-loving webmasters would keep their certs updated, we would have less issues in phising and scamming, much less.
Either you have security or you don't. Encrypting to someone is useless or even dangerous when you mistake the identity of the receiver.
Then they send a hundred interns to many stores to physically pick up a dozen boxes each. Every day.
You can't expect Apple to demand registration prior to a brick and mortar shop sale (papers please!) - and an online registration for an operating system doesn't sound like a wise idea either.
Even then you have a hundred interns that can register, fake and forge all day long - as long as first sale still stands for software, Apple can do nothing against it.
If they refuse to sell to your interns and you have an axe to grind and no remorse, well, recruit several hundred interns from very obvious minorities and then cry racism, like in "Oh, Apple is endangering the jobs of a hundred high school dropouts that were doing absolutely fine before that".
In short: the current legislative environment is unable to uphold the forced combination of two products if they are sold separately anywhere in the country.
It's real tough to prevent people from putting YOUR butter on THEIR bread, so to speak.
Yep, exactly. No anti-gun person I've ever met managed to come up with *any* argument why Police should have guns and reasonable when mentally sane civilians should not.
The only arguments revolve around "guns are unsafe for the handler", "guns do not prevent all crimes anyway" and "the Police must have more rights" which could be answered by a 9-year old kid as soon as they found out that there's just a human under that Police uniform. After that, most anti-gun advocates start to get ad-hominem...
No, I'm not blaming France. On the contrary, I'm saying that France had no chance to avoid the conflict either way, with or without the Maginot Line.
That was the whole point of my post: demonstrating that against a strong and determined aggressor, personal preferences for disarmament or defense are not able to prevent an attack, in fact, being defenseless only emboldens the aggressor.
I'm sorry that this came out ambigously. Nevertheless, diplomacy in my opinion is only useful, when one can credibly demonstrate an available, physical force.
Reason, laws and self-limitation of participants in whatever issue only work when continued failure to comply to any social rules CAN be overruled physically.
When one has all options and a superior physical strength, then kindness, reason and even mercy suddenly become very optional qualities. That's one of the reasons for the 2nd Amendment, the federal structure of many Western states and the balance of power that Western nations maintain in their judicial, executive and legislative branch.
Power corrupts, absolute power corrupts absolutely. That's what we're seeing in Georgia right now.
France didn't leave the door open but fortified their borders to the extreme. Even after 60 years no one knows why they didn't anticipated the Germans coming through Belgium like they did EVERY time before, but that's a different story.
Anyway, the Germans would've come through with France arming *or* disarming. It would have made little difference. Just like diplomacy made no difference, as UK's Chamberlain found out soon enough.
Being a sheep doesn't protect you from anything but other sheep - and you can't help your woolly friends, either.
But now people in Europe are beginning to re-discover the fundamentals of power: diplomacy is refraining from using your power, not an excuse for having none.
The Georgian soldiers were flown home in specially designated cargo planes. Each flight was meticulously announced to the Russians to make sure any attack couldn't mean an error but would surely be a voluntary call for nukes on Moscow.
most Georgian troops are back in Georgia now, but they can't really do anything against several hundred modern Russian tanks.
Slashdot Mirror
Some major points against your solution (I'm the AC you've responded to)
Proposed solution: not broadcasting SSID
Verdict:
a. anyone with entry level IT knowledge will be able to detect and connect to non-SSID-broadcasting APs. I don't want anyone to connect to my AP unauthorized. If everyone would be fair and could be trusted to not upload illegal material or download oodles of torrents, that would be fine, but in our current world, no.
b. anyone with mid to high level IT knowledge will be able to eavesdrop on any cleartext going over the air. I don't want anyone to listen to my connection, no matter I look for cookie recipes or make stock trade orders. There are several housemates on my WLAN with less than entry-level IT knowledge and it's my responsibility to protect them.
Proposed solution 2: restrict MAC entries.
Verdict:
a. I don't have enough time to actively administer my AP, so every housemate and their guest can use the net. SSID and password are pinned on the fridge, everyone who is trustworthy enough to enter our apartment is considered trustworthy enough to access our network until proven otherwise. With 5 roommates and several guests a month, everything else would be like a second job.
b. MACs can be spoofed. This may require mid-high-level IT knowledge, but I don't want anyone unauthorized on my net. See above entries: IT-un-savvy roommates, friends and guests need protection.
Conclusion: proposed solutions would be unworkable given my time constraints and requirements ("You can access my net IF you are able to access my apartment AND you don't bother me").
Personal opinion: redesigning network policies because of a single misbehaving or incompatible device is a waste of time.
Contracts and contract law.
Developers usually concentrate on, well, developing. It may happen that they find themselves in a binding contract of which they don't like each and every letter.
Breaching a contract is against the law, so it could be said that carefully exploiting a contract is lawful.
We're not talking about a stream cipher that encrypts megabytes of data per second but phone number, a string with a maximum of about 15 digits, maybe more.
And then the contents of SMS, again 160 half-bytes at max. I mean, these phone CPUs can decrypt tiny videos at 15fps and not break a sweat, come on, they CAN encrypt less than a dozen kilobytes without killing the battery.
Then again, I'd rather recharge the phone every fourth day instead of every fifth when I can be sure that no one can clone its contents when I look away for a second.
I understand your point concerning the Swedish eavesdropping - BUT, you don't achieve anything when you're using self-signed certs.
Why? Because your trusty Swedish authorities can generate a self-signed cert to simply impersonate each and every site you're visiting, including TPB. Now, how do you know it is TPB you're encrypting to and not the Swedish equivalent to the 4chan Party Van? Right: no chance.
With the Swedish authorities, the MITM could very well already be present when you first login to the net and therefore present you a valid looking, but patently forged cert looking like it belongs to the local pirates, while the officers are snooping. Thanks, but that's useless.
If you honestly think that introducing a self-signed root cert into customer computers to save a measly 30 bucks a year is a good style of security, please stay away from my computer, my business or my customers.
Compromised root certs are a major attack vector on SSL connections and I don't trust you or your business enough to keep your root cert safe. I barely trust Verisign, for that matter.
The worst part of you cert-hating folks is the point, that many try to perpetuate the belief that they are not the target of crackers, that their smallish site is too unimportant or too obscure to be of interest.
That is wrong on so many levels and if you think about it, you'll remember that automated attacks can hit anyone on the net at anytime.
Firefox gained significant traction because it was better, faster and much more secure than IE. Emulating the general carelessness of IE is not going to gain further mindshare.
Ignorant and careless people never download Firefox in the first place but keep using IE6 indefinitely. We all know some friends who are like that, using one password for everything, who have fifteen toolbars in IE because they never bothered to uncheck the checkboxes for all the "free" crap they install.
No, warning users about being careless is not a strong-armed tactic. Come on, it's probably much less annoying than the seatbelt warning of your car.
Fingerprint checks are fine, too. But do you have the time to check them every time?
If you add your own root CA and you know what you're doing, you'll be fine. That doesn't work for all users and importing self-made root CA certs is a generally a very sensitive area that should not be taught as a general measure to non-technical users, because it can have disastrous effects.
But it will work for small sites with technical users who'll be able to spot MITMs instantly.
The difference between a self signed cerat and a $10 official one is that ANYONE or ANYTHING could generate a self-signed, but fake certificate in microseconds and it would take you, the user, more than 20 seconds and much dilligence to double check on those key fingerprints.
Heck, automated attack tools do this routinely.
Do you check the key fingerprints regularly? If not, you need a signed cert. Even if you know the IP of your server by heart, the only chance you have to know that "123.123.223.223" really IS "123.123.223.223" and not some redirected bogus host, then you better check on those fingerprints.
If you think that knowing the IP adress of your server is a guarantee that you reach this exact physical machine, please rethink or hand in your geek card on the way out.
Yeah and in a corporate environment that $10 certificate means the practical difference between knowing that your password is sent to your server and NOT to the multi-function printer trojaned by a disgruntled employee or corporate spy.
How do you procure your servers and software without paperwork anyway?
There are automated man-in-the-middle attacks that generate a self-signed bogus certificate ON THE FLY.
That's why proper certificates need to be registered and checked against a known authority.
If your communication is re-routed somehow to an eavesdropper's site and you use self-signed certificates, you better doublecheck those key fingerprints any and all times you access this site because you might be encrypting through a trojaned router somewhere that just presented you a self-made cert.
If the transit line of one of your users is compromised, even temporarily, that user will never know what happened and happily deliver his password to the man in the middle.
Dare to tell us how this could be *more* secure than a using signed cert?
How do you know it is YOUR wireless broadband router admin site, then? It could be anyone who just managed to re-route your connection.
Why should you use encryption (securing transit lines) when you don't need authentication (securing transit endpoints)? When you're not sure if the endpoint you're talking to is the one you want, you could as well transmit everything in cleartext, because your receiving endpoint might as well be the eavesdropper himself.
Better yet: expect the non-technical crowd, the users, to put up with errors of the pro-technical crowd, the site maintainers.
Excellent shift of responsibility towards, right?
I think this is an issue of whiny webmasters, really. A proper certificate is around 10 bucks per year and although they issue it to anyone, it is security at a much higher level than using a self-signed crutch.
If you're a website owner, put up those 10 dollars and stop complaining. Keep your house clean and your certificates valid.
EVERYTHING you do by that is better than to accustom millions of non-technical users to click away any and all error messages when surfing. If all browsers would show these drastic certificiate errors AND all SSL-loving webmasters would keep their certs updated, we would have less issues in phising and scamming, much less.
Either you have security or you don't. Encrypting to someone is useless or even dangerous when you mistake the identity of the receiver.
I don't know - but there's DOSBOX and several free virtual machine hosts available to just simulate your old pentium1 with Dos 6.22
Then everything should work as it did in the past :)
Then they send a hundred interns to many stores to physically pick up a dozen boxes each. Every day.
You can't expect Apple to demand registration prior to a brick and mortar shop sale (papers please!) - and an online registration for an operating system doesn't sound like a wise idea either.
Even then you have a hundred interns that can register, fake and forge all day long - as long as first sale still stands for software, Apple can do nothing against it.
If they refuse to sell to your interns and you have an axe to grind and no remorse, well, recruit several hundred interns from very obvious minorities and then cry racism, like in "Oh, Apple is endangering the jobs of a hundred high school dropouts that were doing absolutely fine before that".
In short: the current legislative environment is unable to uphold the forced combination of two products if they are sold separately anywhere in the country.
It's real tough to prevent people from putting YOUR butter on THEIR bread, so to speak.
Then Psystar buys them in the Apple store and tries on the "first sale principle".
Yep, exactly. No anti-gun person I've ever met managed to come up with *any* argument why Police should have guns and reasonable when mentally sane civilians should not.
The only arguments revolve around "guns are unsafe for the handler", "guns do not prevent all crimes anyway" and "the Police must have more rights" which could be answered by a 9-year old kid as soon as they found out that there's just a human under that Police uniform. After that, most anti-gun advocates start to get ad-hominem...
That would give him a Pile Driver Bonus as well. Played Carmageddon too much, I know :)
No, I'm not blaming France. On the contrary, I'm saying that France had no chance to avoid the conflict either way, with or without the Maginot Line.
That was the whole point of my post: demonstrating that against a strong and determined aggressor, personal preferences for disarmament or defense are not able to prevent an attack, in fact, being defenseless only emboldens the aggressor.
I'm sorry that this came out ambigously. Nevertheless, diplomacy in my opinion is only useful, when one can credibly demonstrate an available, physical force.
Reason, laws and self-limitation of participants in whatever issue only work when continued failure to comply to any social rules CAN be overruled physically.
When one has all options and a superior physical strength, then kindness, reason and even mercy suddenly become very optional qualities. That's one of the reasons for the 2nd Amendment, the federal structure of many Western states and the balance of power that Western nations maintain in their judicial, executive and legislative branch.
Power corrupts, absolute power corrupts absolutely. That's what we're seeing in Georgia right now.
France didn't leave the door open but fortified their borders to the extreme. Even after 60 years no one knows why they didn't anticipated the Germans coming through Belgium like they did EVERY time before, but that's a different story.
Anyway, the Germans would've come through with France arming *or* disarming. It would have made little difference. Just like diplomacy made no difference, as UK's Chamberlain found out soon enough.
Being a sheep doesn't protect you from anything but other sheep - and you can't help your woolly friends, either.
But now people in Europe are beginning to re-discover the fundamentals of power: diplomacy is refraining from using your power, not an excuse for having none.
The Georgian soldiers were flown home in specially designated cargo planes. Each flight was meticulously announced to the Russians to make sure any attack couldn't mean an error but would surely be a voluntary call for nukes on Moscow.
most Georgian troops are back in Georgia now, but they can't really do anything against several hundred modern Russian tanks.
Are you absolutely sure on this?
Really?
Then complete disarm yourself unilaterally and leave your door open. We'll see how that works out..
I like your ideas and would like to subscribe to your newsletter.
Or we could stuff our new blackhole in one of our nuclear waste disposals. They are certified to be safe for 4 billion years, aren't they?
On a plus side, we may get rid of that pesky nuclear waste that way...
Rick Berman called, he wants this idea for the final episode of Star Trek TNG a decade ago.
Will Patrick Stewart save us again?