Linked by Thom Holwerda on Thu 13th Aug 2015 13:20 UTC, submitted by birdie
Windows

This article was not created to say that Linux is better (it's definitely not). It was created to stop Microsoft fans roaring in regard to Windows 10 and how it's better than Windows 7 in every regard - it's actually worse in most regards aside from DirectX 12 (which is actually hidden from the user and it's only exposed in games).

Some points are more reasonable than others, but they all have at least a decent grain of truth to them. Sometimes, I don't want carefully crafted, PR-whispered, politically correct reviews that you can interpret either way.

Sometimes, you just want a sucker punch.

Permalink for comment 616020
To read all comments associated with this story, please click here.
WiFi sense
by Alfman on Thu 13th Aug 2015 17:13 UTC
Alfman
Member since:
2011-01-28

Article should have mentioned this too.

http://www.tomsguide.com/us/windows-10-wifi-sense,news-21409.html

When Wi-Fi Sense is enabled, anyone you have in your Skype, Outlook or Hotmail contacts lists — and any of your Facebook friends — can be granted access to your Wi-Fi network as long as they're within range. Microsoft added this feature to save users time and hassle, but as independent security blogger Brian Krebs put it, some security experts see it as "a disaster waiting to happen."


I think it's a terrible idea, social networks are not intended to be security gatekeepers. It's fine that MS wants to make WiFi login's easier, but it should be designed to securely let you specifically choose who to let in. Just because someone is in your social network doesn't mean they should have the network passwords like the rest of your family.

Some in the media are making up excuses for it:
http://arstechnica.com/gadgets/2015/07/wi-fi-sense-in-windows-10-ye...

One of the perceived issues of Wi-Fi Sense is that it shares your passwords with other people—people that you may not know very well, in the case of your Skype or Outlook contacts.

For a start, when a Wi-Fi passkey is shared with your PC via Wi-Fi Sense, you never actually see the password: it comes down from a Microsoft server in encrypted form, and is decrypted behind the scenes. There might be a way to see the decrypted passkeys if you go hunting through the registry, or something along those lines, but it's certainly not something that most people are likely to do.


This is just laughable. It is precisely those with a malicious intent who we have to worry about extracting the keys.


Perhaps more importantly, though, just how sacred is your Wi-Fi password anyway? Corporate networks notwithstanding (and you shouldn't share those networks with Wi-Fi Sense anyway), most people give out their Wi-Fi keys freely.


Normal people may not be the most tech savvy group, but they generally only give out WiFi keys on a need to know basis. WiFi sense, on the other hand shares the keys with people who, despite being connected in a social network, have no need to know whatsoever. Even if they aren't malicious, now the network keys are vulnerable to malware on their machine - when they had absolutely no reason to have them in the first place.


The author here justifies bad security policy by saying it shouldn't be used with corporate networks, but it doesn't make it any less of a bad security policy. And now corporations need to be concerned about this anyways because any windows 10 machine or window 8 phone may share the keys upon joining the network - small businesses don't have dedicated IT staff to audit these things, just typical employees using the network. Even if it's technically an employee's fault for selecting the wrong options, it's an absolutely needless risk microsoft is putting on them.


It's also worth noting that Wi-Fi Sense passwords are stored "in an encrypted file on a Microsoft server." Depending on Microsoft's infosec protocols, this is either completely fine and dandy, or a potential goldmine for wardriving hackers. Again, as long as you don't share the passkey from your workplace's Wi-Fi network, the potential security risk is low.


MS has no business holding the keys in any form. But regardless of that the system can only be as strong as it's weakest link. So it may be easier to get the keys by socially engineering a family member to "friend" them or chat on skype instead of hacking into microsoft to get them.


Sure, I get that home networks aren't fort-knox so to speak, but tying network security keys to social networks is stupid and ripe for abuse.

Reply Score: 9