We are talking about students. At home you have to worry about your kids.
You may know better than to turn it on, but others that are less
security conscious will turn it on.
Microsoft needs to change this to an opt in option for those that do not
mind their PSKs to be shared.
This idea that everyone should be opted in and those not wanting to be
are required to change SSIDs is ridiculous.
Everyone should be contacting Microsoft about how displeased they are
with this security vulnerability.
Kevin McCormick
Western Illinois University
On 6/22/2015 7:36 AM, Williams, Matthew wrote:
Found this type of information on various sites:
“When connecting to a password protected router you are given an
UNCHECKED BY DEFAULT option to share the password with your friends.
What this means is, the user can deliberately share the password they
know.
This is just as secure as any other system because once you give a
user a password they could share it if they chose. Nothing here is
"automatic" no data is being proliferated without user consent. If
your employees leak your password this way, then it's the same as
leaking passwords otherwise.
Again this not an opt-in-by-default scenario. It requires a user
knowing a password to actively choose to share for each router
independently.”
Ignoring the ridiculousness of the existence of the feature, it
appears to at least require someone to intentionally turn it on.
Respectfully,
Matthew Williams
IT Manager, Wireless
Kent State University
Office: (330) 672-7246
Mobile: (330) 469-0445
*From:*The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Osborne,
Bruce W (Network Services)
*Sent:* Monday, June 22, 2015 7:34 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Wi-Fi Sense (Windows 10)
802.1X can be quite user-friendly if you use an onboarding tool such
as CloudPath XpressConnect Wizard.
802.1X was designed for large enterprise networks. The PSK was never
designed to be used in this manner, hence the name WPA2-Personal.
*Bruce Osborne*
/Wireless Engineer/
*IT Infrastructure & Media Solutions*
*(434) 592-4229*
*LIBERTY UNIVERSITY*
/Training Champions for Christ since 1971/
*From:*Joel Coehoorn [mailto:jcoeho...@york.edu]
*Sent:* Sunday, June 21, 2015 4:48 PM
*Subject:* Re: Wi-Fi Sense (Windows 10)
I don't know. It seems like encryption and authorization are really
two different things that wifi networks have historically conflated.
For our network, I'd really like a better user-friendly (ie, not .1x)
option that provides good encryption, but assumes you are authorized
by default. Any authorization or policy enforcement should take place
at a different level, so it can include wired connections, too.
I haven't looked at the implementation details, but if done correctly,
this has the potential to solve an issue with large PSK networks, such
that I could use a Win10 machine to seed the key, without the normal
weakness that anyone who knows the key can decrypt anyone else's traffic.
Of course, the devil is in the details, and I found it unlikely that
the key sharing mechanism will be adequately secure, or even if it is,
that enough device types will support this fast enough to make it a
reasonable option.
------------------------------------------------------------------------
*From: *Hunter Fuller <mailto:hf0...@uah.edu>
*Sent: *6/21/2015 3:08 PM
*To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
*Subject: *Re: [WIRELESS-LAN] Wi-Fi Sense (Windows 10)
Totally unacceptable.
It's like MS missed one of the main points of PSKs (as opposed to
non-encrypted networks) - to keep people out.
--
Hunter Fuller
Network Engineer
VBRH M-9B
+1 256 824 5331
Office of Information Technology
The University of Alabama in Huntsville
Systems and Infrastructure
I am part of the UAH Safe Zone LGBTQIA support network:
http://www.uah.edu/student-affairs/safe-zone
On Sun, Jun 21, 2015 at 9:45 AM, James Andrewartha
<jandrewar...@ccgs.wa.edu.au <mailto:jandrewar...@ccgs.wa.edu.au>> wrote:
> Has anyone tried out Wi-Fi Sense in Windows 10 yet? It's a feature
that lets
> you share PSKs with your Facebook and Skype friends, although they
don't get
> to see it. The only way to opt-out as a network operator is to include
> "_optout" in the SSID, or use 802.1x.
>
>
> Given you can run netsh wlan show profile name="SSID" key=clear I
wonder how
> it will interact with Aerohive Private PSK and Ruckus Dynamic PSK
which give
> each user their own individual PSKs per-device.
>
>
>
http://www.reddit.com/r/sysadmin/comments/3aam8m/because_i_really_want_my_clients_wpa_keys_shared/
>
>
> --
>
> James Andrewartha
> Network & Projects Engineer
> Christ Church Grammar School
> Claremont, Western Australia
> Ph. (08) 9442 1757
> Mob. 0424 160 877
> ********** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
********** Participation and subscription information for this
EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
