F12 EEEPC 1000H WLAN with hidden SSID no go

[Robert Moskowitz]

Bill Davidsen wrote:
> Tim wrote:
>> Tim (re hidden SSIDs):
>>>> It doesn't add *ANY* security.
>>>> It *does* add problems.
>>>>
>>>> It doesn't hide your access point, at all.  It still appears as an
>>>> access point that can be used.  Anybody, and everybody, can see that
>>>> there's one there.  It just doesn't have a name associated with it.
>>>>
>>>> And the lack of a name doesn't prevent anyone from using it.
>>
>> Bill Davidsen:
>>> FUD. How can you hold two diametrically opposed ideas in your brain 
>>> without your head exploding?
>>
>> You idiot.  You don't understand what you're reading, and the one
>> spouting the FUD is you - that hiding an SSID has anything, at all, even
>> to the slightest degree, to do with security.  Get a fucking clue.
>>
>>> Look at your first two lines and reconcile "adds no security" with 
>>> "harder to use."
>>
>> The two have absolutely nothing to do with each other.
>>
>> Security is about *preventing* unauthorised use, the SSID has absolutely
>> nothing to do with security.  And *no* amount of futzing around with it
>> will ever "secure" a network.
>>
> The only way to absolutely prevent unauthorized use is to turn off the 
> machine. That's why there are security updates regularly, *all* 
> measures are about making it harder, forcing the evildoer to find and 
> use the more difficult exploit. 

I have a colleague that recommends putting your AP on a timer, so you 
don't forget to turn it off when you won't be in the house.

Actually WPA2 with 802.1X authentication is REALLY tight.  No MITM will 
crack EAP TLS (EAP TLS is a little different than the TLS used in the 
most recent attack).  Then use AES CCMP (not TKIP).

Of course your management frames are not protected.  That is 802.11w 
that will soon be in products....

BTW, I worked on the 802.11 standards.  I use past tense, as in June my 
management had me move over to work on 802.15 standards. (I was in 
Atlanta last week for the 802 meeting).