| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: chris at improbable.org (Chris Adams) Subject: Wireless ISPs On May 11, 2004, at 17:24, Kurt Seifried wrote: > Folks. WEP is POINTLESS for public access points. s/ for.*// WEP/WPA/LEAP/802.1x and anything else which puts trust at the network level are close[1] to snake-oil - even if they actually worked as promised the only thing you get is a false sense of security because there's this assumption that the rest of the network is trustworthy. You get far more real security simply enabling the strong end-to-end crypto in the products you already use and you save a ton of money by not chasing the latest acronyms, too. > Now a technical person can do something like SSH port forwarding and > stuff > all their email traffic and web browsing through a secure system on > the > outside. But someone like my mother is supposed to do what exactly? > Have a > colocated machine somewhere she can VPN off of, or SSH port forward? Check the "Use SSL" box in her email client, optionally switching to a competent ISP if this doesn't work. We recently switch our POP/IMAP services over to a mandatory-SSL config and used the same approach other people in this thread have mentioned: 3 months of warnings and then disabling the insecure versions. The only problems we had were a couple of people with antique Eudora installs who didn't want to upgrade. Other than that there was no grumbling thanks to an ettercap demonstration and the extremely low amount trouble/benefit ratio - we get far more whining each time we suggest that people install the latest Windows / Office security updates. It's just not that hard to deploy SSL any more since almost any network client in common use includes SSL support by now - the biggest exception is file sharing and it's not like people are used to doing Windows networking over the internet - the worms have seen to that. Chris [1] I say close because it may be legally useful to say the network was restricted if you need to sue a spammer or something. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2369 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040511/3eadd944/smime.bin
Powered by blists - more mailing lists