From: Vincent C Jones <v.jones@networkingunlimited.com>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: Tomas Winkler <tomasw@gmail.com>,
Brian Morrison <bdm@fenrir.org.uk>,
linux-wireless@vger.kernel.org
Subject: Re: RE: iwl3945 problem with 2.6.25-rc9
Date: Sat, 19 Apr 2008 09:44:01 -0400 [thread overview]
Message-ID: <1208612641.3980.31.camel@X61.NetworkingUnlimited.com> (raw)
In-Reply-To: <1208610565.26186.17.camel@johannes.berg>
On Sat, 2008-04-19 at 15:09 +0200, Johannes Berg wrote:
> > > Does anybody actually *want* that? I personally dislike the behaviour
> > > of scanning for all previously known SSIDs actively when hidden SSIDs
> > > are so uncommon, I see it as an information disclosure vulnerability.
> >
> > I can't speak for what others may want, but the Payment Card Industry
> > security guidelines include not broadcasting the SSID as one of their
> > requirements, if that is what you mean by "hidden SSIDs."
>
> So how would you feel if I told you that, after you have once used that
> hidden network, your laptop will be broadcasting the SSID in probe
> requests every time it scans, no matter where you are, even if you've
> moved across the continent?
I am not going to waste bandwidth debating the correctness of the PCI
guidelines, because right or wrong, they are what they are. I was just
trying to point out that the need to deal with access points which do
not broadcast their SSIDs is real and likely to become more common in
the future, at least for any systems using wireless in a retail or other
credit card dealing environment.
I'll leave it up to you (collective you, not necessarily a personal
you), how to best deal with associating with APs which are not
broadcasting their SSIDs. I agree with you (personal you this time) that
roaming around the country broadcasting those SSIDs does not seem
particularly desirable. So how should the ability to connect to non SSID
broadcasting APs be implemented?
My hope is that the more you are aware of the constraints on others who
want to take advantage of all your hard work, the more likely you are to
make the correct decisions and trade offs. I am not attacking your
efforts, ability or motivation. I only wanted to point out that the
design assumption in the first quotation that "hidden SSIDs are so
uncommon" may need to be revised.
--
Vincent C Jones <v.jones@networkingunlimited.com>
Networking Unlimited, Inc.
next prev parent reply other threads:[~2008-04-19 13:44 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-15 22:24 iwl3945 problem with 2.6.25-rc9 Marcus Furlong
2008-04-16 18:28 ` Chatre, Reinette
2008-04-16 19:01 ` Marcus Furlong
2008-04-16 19:26 ` Dan Williams
2008-04-16 19:48 ` Marcus Furlong
2008-04-16 20:04 ` Dan Williams
2008-04-16 21:22 ` Chatre, Reinette
2008-04-16 22:05 ` Marcus Furlong
2008-04-16 22:55 ` Chatre, Reinette
2008-04-17 0:06 ` Marcus Furlong
2008-04-18 3:03 ` Marcus Furlong
2008-04-18 21:46 ` Chatre, Reinette
2008-04-18 21:57 ` Johannes Berg
2008-04-18 22:12 ` Chatre, Reinette
2008-04-18 22:23 ` Brian Morrison
2008-04-18 22:35 ` Chatre, Reinette
2008-04-18 22:38 ` Brian Morrison
2008-04-18 22:37 ` Johannes Berg
2008-04-18 22:39 ` Johannes Berg
2008-04-19 0:28 ` Tomas Winkler
2008-04-19 8:32 ` Johannes Berg
2008-04-19 12:39 ` Vincent C Jones
2008-04-19 13:09 ` Johannes Berg
2008-04-19 13:44 ` Vincent C Jones [this message]
2008-04-19 13:48 ` Johannes Berg
2008-04-19 13:51 ` Johannes Berg
2008-04-20 15:33 ` Dan Williams
2008-04-20 15:24 ` Dan Williams
2008-04-20 20:39 ` Tomas Winkler
2008-04-21 0:14 ` Dan Williams
2008-04-21 18:39 ` Tomas Winkler
2008-04-21 19:20 ` Dan Williams
2008-04-21 20:47 ` Tomas Winkler
2008-04-20 15:28 ` Dan Williams
2008-04-19 2:32 ` Marcus Furlong
2008-04-22 23:02 ` Chatre, Reinette
2008-04-23 13:23 ` Marcus Furlong
2008-04-16 23:01 ` Marcus Furlong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1208612641.3980.31.camel@X61.NetworkingUnlimited.com \
--to=v.jones@networkingunlimited.com \
--cc=bdm@fenrir.org.uk \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=tomasw@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).