h1

Dear Steve Gibson (and reply)

September 20, 2007

Vista busy cursor Wow! My recent posting about wifi security looks set to be the subject of a future episode of “Security Now!

Steve Gibson Security Now!

This is the text of a message I sent to Gibson Research Corporation‘s Steve Gibson, following up on my experience trying to let a visitor to my home have casual access to my (heavily secured) wifi on his laptop to check his emails.

Steve Gibson, creator of Spinrite, is co-host of the award winning technology podcast “Security Now!”, part of Leo Laporte‘s popular This Week in Tech network of podcasts.

Steve

I have 3 things for Security Now!

(1) The main question is about what to do if an acquaintance pops round and wants to access the Internet using your home wifi, when you have followed good practices – WPA PSK with perfect Gibson password, MAC filtering, non-broadcast SSID etc etc. It can be a pain to let one PC onto the ultra-secure wifi for short term use (and he wanted to use his Mac not any Windows laptop I could loan him). Why is there no simple facility built into routers to give guests easy Internet-only access temporarily? I wrote about my predicament here. Your name comes up in the comments, suggesting you’d have the answer. I’ve been listening to Security Now! since episode 1 and am sure there’s no-one better to ask.

(2) I was listening to the fascinating episode on your e-commerce system and I think I may have beaten you to the session management scheme. As you were talking I could see where you were heading because I’d been there myself. I’m an actuary by profession but have IT interests, and some years ago I created an interactive on-line retirement modelling system for the consulting firm where I work. I had the same issues – can’t assume cookies or javascript are available and didn’t want an overcooked database solution, so I had the data items (which were few and not needed on permanent record) shuttling back and forth between client and server using the query string and hidden form fields. I skipped the encryption because the whole thing was running under SSL. No doubt you’ll tell me that was a mistake.

(3) I sent a work colleague a link to Security Now! a couple of weeks back as I thought it would be useful for his line of work. He’s just popped his head into my office beaming. He’s started with episode 1, got to 20 and he’s hooked!

This was Steve’s reply:

Hi Dennis,

>I have 3 things for Security Now!
>
>(1) The main question is about what to do if an acquaintance pops round
>and wants to access the Internet using your home wifi, when you have
>followed good practices – WPA PSK with perfect Gibson password, MAC
>filtering, non-broadcast SSID etc etc. It can be a pain to let one PC
>onto the ultra-secure wifi for short term use (and he wanted to use his
>Mac not any Windows laptop I could loan him). Why is there no simple
>facility built into routers to give guests easy Internet-only access
>temporarily? I wrote about my predicament here
>(http://denniswright.newsvine.com/_news/2007/09/17/967189-why-oh-wifi).
>Your name comes up in the comments, suggesting you’d have the
>answer. I’ve been listening to Security Now! since episode 1 and am sure
>there’s no-one better to ask.

I’ve read your blog posting, and I think this is SUCH a great question that I’m going to make an entire episode out of it. So … stay tuned! 🙂


>(2) I was listening to the fascinating episode on your e-commerce system
>and I think I may have beaten you to the session management scheme. As
>you were talking I could see where you were heading because I’d been there
>myself. I’m an actuary by profession but have IT interests, and some
>years ago I created an interactive on-line retirement modelling system for
>the consulting firm where I work. I had the same issues – can’t assume
>cookies or javascript are available and didn’t want an overcooked database
>solution, so I had the data items (which were few and not needed on
>permanent record) shuttling back and forth between client and server using
>the query string and hidden form fields. I skipped the encryption because
>the whole thing was running under SSL. No doubt you’ll tell me that was a
>mistake.

THIS one, being so timely, I’ll address in today’s (airing tomorrow)
Listener Feedback episode. 🙂

>(3) I sent a work colleague a link to Security Now! a couple of weeks back
>as I thought it would be useful for his line of work. He’s just popped
>his head into my office beaming. He’s started with episode 1, got to 20
>and he’s hooked!

Yay! I’m glad these are useful to him, and to you.

Thanks for your note.

And my reply back:

Steve

Wow! What can I say?

Thanks and I’ll be tuned in as ever. (Maybe that should be iTuned in?)

Regards

Dennis

AddThis Social Bookmark Button

Advertisements

One comment

  1. hey.. thank you man



Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: