★ THE BLOG ★ Ramblings on WiFi & stuff.

Hotspot 2.0 in the wild →

So, it seems public Wi-Fi may finally be coming of age big time. LinkNYCs blog has a write up of their "Secure" public WiFi:

 via Medium:

LinkNYC has two free Wi-Fi networks, ‘LinkNYC Free Wi-Fi’ and ‘LinkNYC Private.’...
 
The ‘LinkNYC Private’ network goes a step further, offering state-of-the-art encryption via HotSpot 2.0 and WPA to secure all wireless communications between devices and the Link, regardless of whether a website uses SSL security. This means that even casual browsing is protected from snooping. The network is one of the first in the country to offer an encrypted public network at this scale.

 

Hotspot 2.0, or 802.11u, OR "Wi-Fi Certified Passpoint" (Blerg.) is an amendment that specifies internetowrking between external networks. Per the amendment:
 

support for external authentication, authorization and accounting, together with network selection, encryption, policy enforcement and resource management.


At launch it will only support Apple mobile devices (of course), but will add other device support over time.

Hotspot 2.0 has been a thing for a while, and this is not the first network to provide it, but with all the attention this project is getting, I have the feeling Hotspot 2.0 may actually have it's day - like legit.

But, there's more! Fierce Wireless is reporting "AT&T in process of upgrading Wi-Fi in NYC parks with Passpoint". "Passpoint" is the Wi-Fi Alliance's marketed name for Hotspot 2.0. That's pretty huge. Two major wireless initiatives in the largest city in the U.S. rolling out secure public wireless.

For those unfamiliar with Hotspot 2.0 I refer you to this blog post by Ruckus Wireless' Dave Wright.


ZDNet: "These were the worst passwords of 2015, and they're only getting worse"

The most common password of last year is “123456,” which sadly probably isn’t a surprise considering statistically there’s a good chance that’s your password.

Following that, it’s “password” and “12345678,” which just shows that you aren’t even trying anymore.

And it gets stupider:

Perhaps the most telling detail is how far some of the previously most-common passwords are rising up the ranks year-over-year.

If you're using a password like this you get want you deserve.

I suppose the only thing worse is posting your passwords on a sticky note on your monitor? You could get the of these like my Mee-Maw uses!

I mean, Geez, we have PASSWORD MANAGERS now!


Cellular Exploitation on a Global Scale

Wow, this is probably one of the worst security exploits in a series of recent massive security exploits. Matt Solnik at Accuvant Labs broke the news on this OTA exploit. This was a few months ago, but I’ve only really recently heard of it.

It’s possible to exploit bad carrier management client software and remotely compromise most smartphones on the planet. Seriously, scary stuff.

Here is the pdf of his slides


Listen to the Risky Business podcast where he talks about the exploit
(The interview starts at 29:15)