"..and so on...and so on...and so on...."
Posted on 06/30/2015 7:07:24 PM PDT by dayglored
A Windows 10 feature, Wi-Fi Sense, smells like a security risk: it shares access to password-protected Wi-Fi networks with the user's contacts. So giving a wireless password to one person grants access to everyone who knows them.
That includes their Outlook.com (nee Hotmail) contacts, Skype contacts and, with an opt-in, their Facebook friends. There is method in the Microsoft madness – it saves having to shout across the office or house “what’s the Wi-Fi password?” – but ease of use has to be tamed with security. If you wander close to a wireless network, and your friend knows the password, and you both have Wi-Fi Sense, you can now log into that network.
Wi-Fi Sense doesn’t reveal the plaintext password to your family, friends, acquaintances, and the chap at the takeaway who's an Outlook.com contact, but it does allow them, if they are also running Wi-Fi Sense, to log in to your Wi-Fi. The password must be stored centrally by Microsoft, and is copied to a device for it to work; Microsoft just tries to stop you looking at it...
In theory, someone who wanted access to your company network could befriend an employee or two, and drive into the office car park to be in range, and then gain access to the corporate wireless network.
The feature has been on Windows Phones since version 8.1... Given the meagre installed base of Windows Phones it's not been much of a threat – until now.
With every laptop running Windows 10 in the business radiating access, the security risk is significant. A second issue is that by giving Wi-Fi Sense access to your Facebook contacts, you are giving Microsoft a list of your Facebook friends, as well as your wireless passwords.
(Excerpt) Read more at theregister.co.uk ...
Hmmmm.... that’s a new twist on an old aphorism
"..and so on...and so on...and so on...."
Where group policy enforcement is in play, yes, you're right.
But for the vast majority of Windows users, home and small business, I submit that the proper phrasing is "This feature is enabled unless you do something actively to disable it" and we all know that most users don't screw with system settings they don't understand, or don't see a compelling need to change.
I wouldn't have as much of a problem with this feature if the default was the other way around and they gave the user "checkboxes all over the place" to confirm that they understand about how this is a risk.
I get it, but at some point, we, as engineers, have to step away and hope the users heeded our warnings. It frustrates me to no end when people update Adobe products and choose to install McAfee without realizing they did it. It’s a damn check box. Do you know what you’re checking?!
If you see a check box, you should scrutinize the verbiage next to it!
But NO-O-O-O-O...
Check out Ninite. It updates all of your software without having to download individual packages. We use it in our desktop division, and they love it.
“I will stick with my current version of Windows.”
hmmm....better stick with 3.1 to be on the safe side. ;-)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.