> > Does anybody actually *want* that? I personally dislike the behaviour > > of scanning for all previously known SSIDs actively when hidden SSIDs > > are so uncommon, I see it as an information disclosure vulnerability. > > I can't speak for what others may want, but the Payment Card Industry > security guidelines include not broadcasting the SSID as one of their > requirements, if that is what you mean by "hidden SSIDs." So how would you feel if I told you that, after you have once used that hiddent network, your laptop will be broadcasting the SSID in probe requests every time it scans, no matter where you are, even if you've moved across the continent? johannes
Attachment:
signature.asc
Description: This is a digitally signed message part
