[OpenWireless Tech] Securing Open Wireless
Christopher Byrd
chris at riosec.com
Fri Jul 29 13:00:54 PDT 2011
On Fri, Jul 29, 2011 at 2:32 PM, Michael Blizek
<michi1 at michaelblizek.twilightparadox.com> wrote:
> After it is secured, the attack will probably not work. But what about systems
> running *now* which do this kind of web based "authentication"?
Isn't that the point of this list, to make things better? I believe
the purpose of the list is to discuss how to secure open wireless, not
how to use open wireless securely. The distinction is important. We
can create a secure open wireless networks by making a one /bit/
change (changing to the source of hostapd and a few simple code
changes to wireless supplicants that would cause them to support the
EAP-TLS protocol as written (for wpa_supplicant this is as simple as
commenting out a single if statement). Other simple changes are
necessary for usability, but I personally think it's worth exploring.
Christopher
More information about the Tech
mailing list