Search Linux Wireless

Re: RE: iwl3945 problem with 2.6.25-rc9

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2008-04-19 at 15:09 +0200, Johannes Berg wrote:
> > > Does anybody actually *want* that? I personally dislike the behaviour
> > > of scanning for all previously known SSIDs actively when hidden SSIDs
> > > are so uncommon, I see it as an information disclosure vulnerability.
> > 
> > I can't speak for what others may want, but the Payment Card Industry
> > security guidelines include not broadcasting the SSID as one of their
> > requirements, if that is what you mean by "hidden SSIDs." 
> 
> So how would you feel if I told you that, after you have once used that
> hidden network, your laptop will be broadcasting the SSID in probe
> requests every time it scans, no matter where you are, even if you've
> moved across the continent?

I am not going to waste bandwidth debating the correctness of the PCI
guidelines, because right or wrong, they are what they are. I was just
trying to point out that the need to deal with access points which do
not broadcast their SSIDs is real and likely to become more common in
the future, at least for any systems using wireless in a retail or other
credit card dealing environment.

I'll leave it up to you (collective you, not necessarily a personal
you), how to best deal with associating with APs which are not
broadcasting their SSIDs. I agree with you (personal you this time) that
roaming around the country broadcasting those SSIDs does not seem
particularly desirable. So how should the ability to connect to non SSID
broadcasting APs be implemented? 

My hope is that the more you are aware of the constraints on others who
want to take advantage of all your hard work, the more likely you are to
make the correct decisions and trade offs. I am not attacking your
efforts, ability or motivation. I only wanted to point out that the
design assumption in the first quotation that "hidden SSIDs are so
uncommon" may need to be revised.
-- 
Vincent C Jones <v.jones@xxxxxxxxxxxxxxxxxxxxxxx>
Networking Unlimited, Inc.
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux