| Thread Links | Date Links | ||||
|---|---|---|---|---|---|
| Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
|
There is a good discussion about the relationship between privacy and security threats in
http://tools.ietf.org/html/rfc6973#section-5
Regards, Juan Carlos From: Phillip Barber [mailto:pbarber@xxxxxxxxxxxxxxxxxxxxxxx]
It is a common problem in wireless networks that permit non-authenticated state change messaging (for stateful technologies). Most modern wireless networking
technologies overcome this problem by requiring either ciphering of state change messaging or at the very least authenticated signatures on state change messaging (hash of CMAC or HMAC digest, for instance). I would consider this more of a security issue than a privacy issue. The attacker may have no interest in the specific identity of a true user, only the need
to sniff traffic out of the air and be able to identify a consistent identity of the true user such that the attacker can create a bogus state change message. I am not sure that privacy could or should attempt to address this problem. Security, certainly. Thanks, From: Dan Harkins [mailto:dharkins@xxxxxxxxxxxxxxxxx]
I used to work at a wireless mesh company that was putting up a free mesh network in Mountain View, CA. We received complaints about trouble getting on the network when people were in a certain public park. After much investigation it turned out that a company across the street from the park did not want their employees to connect to the free mesh network and set their APs to disassociate anyone that tried to associate to it— it was the "attack rogue AP" option. They apparently thought this would only affect people in their building but it actually affected a large portion of the park itself. Sounds like what Marriott was doing. And I'm sure Marriott thought it was a feature. Dan. On 10/3/14 10:35 AM, "Zuniga, Juan Carlos" <JuanCarlos.Zuniga@xxxxxxxxxxxxxxxx> wrote:
|