SoylentNews is people
SoylentNews
from the we-are-really-security-conscious dept.
According to The Register Microsoft plans to enable their WIFI Sense feature on all versions of Windows 10 by default.
WIFI Sense has been lurking on Windows Phones since version 8.1.
A Windows 10 feature, Wi-Fi Sense, smells like a significant security risk: it shares access to password-protected Wi-Fi networks with the user's contacts. So giving a wireless password to one person grants access to everyone who knows them. That includes their Outlook.com (nee Hotmail) contacts, Skype contacts and, with an opt-in, their Facebook friends.
With every laptop running Windows 10 in the business radiating access, the security risk is significant. A second issue is that by giving Wi-Fi Sense access to your Facebook contacts, you are giving Microsoft a list of your Facebook friends, as well as your wireless passwords.
Microsoft offers a totally ridiculous workaround: you can simply add _optout to the SSID to prevent it from working with WiFi Sense.
Microsoft's page on WIFI Sense hasn't yet made it clear that every Windows 10 computer using WIFI will have the feature on by default. But that page does also include this little gem:
Wi-Fi Sense uses your location to identify open networks near you that it knows about by crowdsourcing.
Where are the lawyers when you need them?
Original Submission
(Score: 3, Insightful) by Anonymous Coward on Wednesday July 01 2015, @09:28AM
Don't let Windows 10 machines connect to your WiFi until Microsoft reverses that decision.
(Score: 3, Insightful) by jimshatt on Wednesday July 01 2015, @10:42AM
(Score: 2) by skater on Wednesday July 01 2015, @11:12AM
Yikes. At work, our network password is also required to log into the Wifi, and it's saved in the settings on the device (I'm not sure what the setup is we use to log in, because I haven't done it in a while, but it's not simple WPA or anything like that - we need our network username and password). So with this sharing, someone would have my network password (if I used Windows 10/8.1 for mobile). Please backpedal on this, Microsoft, before Security decides we need yet another different 12 character password.
(Score: 2) by Freeman on Wednesday July 01 2015, @07:40PM
You password is only 12 characters long?
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by skater on Wednesday July 01 2015, @11:22PM
What does your question have to do with the article? If Microsoft does this, it won't matter how long anyone's password is.
(Score: 3, Interesting) by bootsy on Wednesday July 01 2015, @11:56AM
Very sound advice.
Does anyone know how MS plan on doing the automated upgrades from 8.1 as, depending on how it is done, you could suddenly find yourself running Win 10 and connecting to your Wi-Fi network without much say in the matter?
One side of MS must have some clue about security as Windows Authentication is basically Kereberos and LDAP and it works really well but then you get stupid things like this article and the fact you cannot have a read only RDP login to a server running Windows. Unlike Unix you cannot login to check a server without having the ability to wreck it.
Given MS's biggest Market is corporate IT on desktops and servers, it still bases its designs around the rapidly dying home desktop market. I am frequently amazed at how bad Windows is in a coporate setup and the workarounds that have to be done to get it secure. I am told from colleagues who have visited Redmond that they use very different machines to test that Windows will work on many configurations and types of hardware but in a big Corporate most people will have the same hardware installed from a fixed image.
(Score: 2) by Gaaark on Thursday July 02 2015, @01:33AM
Don't use Windows anything to do anything...
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2) by fnj on Thursday July 02 2015, @01:47AM
And ... we have a winner.