[Mother]

Ah! I think I know where you are getting at.

Quote:

I think we need clarification here. It would all give us some sense of what is going on if, when one enters the key, there is a confirmatory box that it is not being transfered - and, if one chooses to share access in anyway - a warning is given that to confirm will mean an encrypted copy of the key will be transferred.

The only keys that are sent to the Whisher server for redistribution (again, as authorized by the sharing mode you choose), are those of access points or routers that have been actively shared by the owner. This means that he has to:

1) Connect to the signal using Whisher, entering the key in the process. If the connection was already active, Whisher will ask for the key during registration for confirmation.

2. Click on the 'Register this WiFi' link.

3. Fill in the required information, and finish the wizard. Only then is the key transfered to the server.

If you connect to your corporate network using Whisher, the key will be remembered, just as any other WiFi manager does, so that you can connect again without re-entering the key, but it will not be sent to the servers.

Quote:

Most security breaches are done at HQ or by the developers. You might not have many disaffected employees/contractors now - but if you grow and are successful - they are, sadly, a near certainty in the future.

This is true, and believe me, we have had our share of problems with employees, this was one of the reasons for not doing a semi-public beta earlier on. We have implemented standard IT security and data protection procedures in this respect, which in Spain are reflected by standards UNE-ISO/IEC 17799 and UNE 71502 (there are equivalent international ones such as BS etc.).

Quote:

Maybe comforting PITAs like intrax and myself may be part of development process?

It certainly is

Best regards,

Mike

[bizzy]

Quote:

Originally Posted by Mother

If you connect to your corporate network using Whisher, the key will be remembered, just as any other WiFi manager does, so that you can connect again without re-entering the key, but it will not be sent to the servers.

Aha - that was the key point. Thank you for that. You now have a happy, if unstable, user. Sorry I meant client

[intrax]

From a corporate point of view I would not feel very comfortable as a security responsible it-manager to have the keys uploaded to any server out of the control of the corporation no matter how secure that system would appear to be, so I would not be in favor of the idea of using whisher as a corporate wifi network client managing wifi connections within a corporate network. There are other solutions for that.

@bizzy
If you do decide to enable any sharing on your access points the keys will be uploaded as I understand...

[Mother]

Quote:

Originally Posted by intrax

From a corporate point of view I would not feel very comfortable as a security responsible it-manager to have the keys uploaded to any server out of the control of the corporation no matter how secure that system would appear to be, so I would not be in favor of the idea of using whisher as a corporate wifi network client managing wifi connections within a corporate network. There are other solutions for that.

As I have already mentioned before, we are not forcing anyone to share - if you don't feel comfortable, don't do it. I have heard from people that think the same as you, and also from people who see value in providing access to visitors by simply adding them to your Whisher buddy list, avoiding to having to run a separate open network, or giving them the encryption key, etc. It all comes down to your particular scenario, and again, if your data is really that important, you should probably not use WiFi at all (and I am not kidding about this!). We are not targeting the corporate world, we are trying to build a tool to make WiFi more fun.

There is always a balance between security and ergonomics, this is a great read for a case that borders paranoia

http://thedailywtf.com/Articles/Secu..._Insanity.aspx

Best regards,

Mike

[AustinTX]

Caution - coffee may be hot!

Ask your IT Dept for permission to use Whisher to access work resources!

Do not iron clothes while wearing them!

Objects in mirror may be closer than they appear!

[Mother]

I'm in favor of removing the safety warnings from everything and let nature work through natural selection

There is probably more chances to be run over by a bus than having a cracker try to access one's AP, but still, most people cross the roads daily. It's all about risk management and particular scenarios.

Regards,

Mike

[AustinTX]

Who you callin' a "cracker"? :P

I lost a dozen friends until they put up that sign: "Do not play on or around the wood chipper while it is in operation".

[Mother]

Quote:

Originally Posted by AustinTX

Who you callin' a "cracker"?

I just try to disassociate the term 'hacker' from the concept of being a criminal, as it is normally portrayed by the media.

Cheers,

Mike