Posted on 06/30/2015 7:07:24 PM PDT by dayglored
A Windows 10 feature, Wi-Fi Sense, smells like a security risk: it shares access to password-protected Wi-Fi networks with the user's contacts. So giving a wireless password to one person grants access to everyone who knows them.
That includes their Outlook.com (nee Hotmail) contacts, Skype contacts and, with an opt-in, their Facebook friends. There is method in the Microsoft madness – it saves having to shout across the office or house “what’s the Wi-Fi password?” – but ease of use has to be tamed with security. If you wander close to a wireless network, and your friend knows the password, and you both have Wi-Fi Sense, you can now log into that network.
Wi-Fi Sense doesn’t reveal the plaintext password to your family, friends, acquaintances, and the chap at the takeaway who's an Outlook.com contact, but it does allow them, if they are also running Wi-Fi Sense, to log in to your Wi-Fi. The password must be stored centrally by Microsoft, and is copied to a device for it to work; Microsoft just tries to stop you looking at it...
In theory, someone who wanted access to your company network could befriend an employee or two, and drive into the office car park to be in range, and then gain access to the corporate wireless network.
The feature has been on Windows Phones since version 8.1... Given the meagre installed base of Windows Phones it's not been much of a threat – until now.
With every laptop running Windows 10 in the business radiating access, the security risk is significant. A second issue is that by giving Wi-Fi Sense access to your Facebook contacts, you are giving Microsoft a list of your Facebook friends, as well as your wireless passwords.
(Excerpt) Read more at theregister.co.uk ...
Maybe somebody else can explain to me how this feature is a good idea.
I’ve been waiting for the first hammer to fall regarding Windows 10 (I’m still using Windows 7) ... and mayhap here it is.
Maybe somebody else can explain to me how this feature is a good idea. —
Well, keeps me from having to learn Chinese (for now).
Well, the NSA thought it was a good idea ...
For this "theory" to work, the corporation will have to have already failed to implement so many basic security measures they're probably already compromised to the gills, provided they're still in business.
I don't see this "feature" sticking around for very long, myself.
And of the millions of home router owners, how many know how to do this?
We script it for them. Looks like somebody may have to. And you could, couldn't you? :-)
Run from Microsoft
My point is they shouldn’t have to. At least one thinking mind at Microsoft should have taken this into consideration. Until this “feature” is removed, I will stick with my current version of Windows.
> Maybe somebody else can explain to me how this feature is a good idea.
Well, the NSA thought it was a good idea ...
Youanswered your own question....: )
> Maybe somebody else can explain to me how this feature is a good idea.
Well, the NSA thought it was a good idea ...
You answered your own question....: )
Sorry for the tardy ping, I got called away from the computer just after posting the initial thread.
And no, I was NOT in the shower. :-)
And no, I don't FEEL tardy...
Yeah, it sure is great for Microsoft to arrange this for us. And without us even asking. What a bunch of swell guys!</sarcasm>
I retire in a little over 4 years (God willing). I can’t wait to ditch Microsoft (have to have it on the home PC for work) and go over to either open source or Apple (haven’t decided which yet).
Maybe by that time the government will finally figure out who is to blame for all my security clearance data ending up in the hands of the Chinese. Oh, yeah! The OPM administrator says NO ONE is responsible. Another swell group of guys and gals.
Ctrl-C/Ctrl-V willing, it may show up again -- is it copyrighted?
I have a beta of Win10 at the moment I’m going to have to break out to verify this. If what we’re talking about here is a default that can be opted out of, then it’s one thing. If it’s the only option available, Microsoft is going to have to do some fancy stepping pronto.
Amen!
nononononononononnonononononononono!!
I hear ya, but I'll bet an awful lot of small companies fall into the category of "failed to implement certain basic security measures" these days. With all the BYOD going on and executives who demand convenience over security, we'd all be dismayed to learn how lax security is at most places.
I can certainly understand how my IT colleagues get the reputation for being dictatorial. What else ya gonna do?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.