The WiFi Alliance, which owns the WiFi registered trademark, says it means "Wireless Fidelity". See:

http://www.wi-fi.net/OpenSection/why_Wi-Fi.asp?TID=2

It might be a dumb unhelpful name, but the people who coined WiFi meant it to be short for Wireless Fidelity.

Edited by author 06-06-2003 12:43 AM
Pardon my obtuseness, but I just don't get the joke. What is the connection between hi-fi and Wi-Fi? What was the motivation for naming this thing Wi-Fi? Why did they think it was a good name? Or were they just trying to reinforce the old adage that geeks are schmucks?

You need to take that up with the consortium (and I don't know what your problem is with Glenn -- have you ever read his incredibly lucid, intelligent, technically detailed articles, posts and talks about WiFi?).

The WiFi Consortium has certified interop among several thousand WiFi devices. I've tried a couple hundred of them out, and they all work with one another. For instance, I'm currently using an Apple 802.11b/g card in a PowerBook 12", connected to a Linksys AP with a Linksys amp.

I've just switched to a D-link AP. Now I've switched to a Cisco AP. In my living-room. Biff bam boom. No fuss, no muss.

I don't know what they've done for you lately (and keep in mind that NO ONE certifies 802.11g interop: there is no final g standard, so there's nothing to certify). They've sure done a lot for the millions of other WiFi users out there.

   Are you being funny? WiFi is a trademark of the WiFi
   Consortium, which certifies interoperability among
   802.11b devices.

Ahhh - 802.11bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.

That explains why NOTHING ON THIS PLANET thats
80211g/80211b works with my TiVo.

Tell me again Cory, exactly what has this forking
"WiFi" consortium and your buddy Fleishman done for
me lately?

Are you being funny? WiFi is a trademark of the WiFi Consortium, which certifies interoperability among 802.11b devices.

   As Glenn Fleishman has pointed out, "WiFi" isn't short
   for wireless fidelity. It's a play on words, a joke based
   on "Hi-Fi."

Well, as someone should have pointed out to Glenn,
it's a very poor joke and very poor play on words.
Because the "High fidelity" consumer systems of the
50's have *nothing* whatsoever to do with the 802.11
hardware and software of today. Maybe Glenn should be
looking to himself for reasons why people are "so
dim" -- explain to us again Glenn exactly why "WiFi"
has anything whatsoever to do with 802.11 standards
and why we should take your word for it.

The insecurity of cable is a red herring. DOCSIS cable modems encrypt traffic (I think it's only 56-bit but it's better than cleartext). Additionally, they only pass through traffic addressed to you -- you don't get all your neighbors' traffic on your Ethernet segment, only yours. (And a good thing, too; a single cable modem channel exceeds standard Ethernet bandwidth.) So while you could theoretically snoop on others' cable traffic, you'd need special equipment that would pass through all traffic onto your LAN (not a garden-variety cable modem) and then you'd have to decrypt it.

Edited by author 06-05-2003 06:57 PM
Thanks agraham999 and gilbert. I'm on an old Mac running 9.2.2 and Netbarrier. I also have a hardware firewall router (2Wire) but it's out of the loop right now because I only got it to connect my WinXP box as well, and that unit is temporarily out to lunch. Now, with Netbarrier, I keep the "anti-vandal" stuff active at a high level, but the firewall off. Gibson's Shields Up reports me as totally stealth. Also, I keep the Mac's File Sharing off. Finally, I do run a local copy of Radio Userland out of http://127.0.0.1:5335/ - I'd think that was port 5335, but I do see some port 80 activity.
But anyway, even without measures, I still don't get how "local subscribers can 'see' your hard disk" or "peek(ing) outside the firewall". Maybe I don't Need to know, but curiosity persists...

I must, unfortunately, say that there's not a lot of FUD there. If it lends me any credence at all, I'll admit that I'm a former security consultant myself, and continue to work in the field...

Whether or not you accept the argument from authority, the fact is, it's trivial to sniff wifi traffic. This gives up essentially all e-mail traffic (some geeks know how to encrypt that, but most user-friendly systems encrypt at most your logon credentials). And e-mail tends to have sensitive information in it. But whatever; the guy said he wouldn't log on to financially-sensitive sites, and he's right not to.

Sniffing plaintext will let you know who's about to do something more interesting (eg sign into an online banking thingy, or -- god forbid -- ms passport). Once you know who's about to do something interesting, you can fire up a man-in-the-middle attack. Basically, you convince the other guy that you are the access point, thus routing all of his traffic through your computer. Once you have that, you can do tons of attacks on SSL. The most obvious, mentioned below, is just to fake it. ie, you build an SSL link between you and the bank, so the bank thinks everything is legit, and then you have the client build an SSL link to you. The client gets a little window saying "the certificate issued doesn't match whatever", but I guarantee you that not a single End User cares about that. They'll just click OK, and you get to see all the details. If your target is a bit more wary but happens to be using an older/unpatched browser, subtler tricks can be pulled without the warning window.

It should also be noted that, whoever this Security Expert is, all he said is that he wouldn't do it himself, nor would he recommend it. And of course not -- the guy's a damned security geek, and it's his job to give advice which is correct, advice which will not get him into trouble. The article's author, however, portrayed the thing as a big issue -- and this could be just to generate hype and hysteria, but is more likely due to not actually understanding the issues. Not FUD, rather someone just looking for a story. Sensationalistic, maybe, but not in any way false.

Yes, cable networks are sometimes similarly easy to hack -- but an active attack generates an audit trail which can lead the ISP and/or cops to the attackers doorstep. Some companies even check for this sort of thing. Companies that don't can be sued, as can admins who snoop users' traffic. And this is true regardless of whatever user agreement you've signed -- though you will have to hire your own lawyer, and a bad lawyer aint gonna get you nowhere.

(No DSL network I'm aware of has this problem, because the link from user to telco equipment is point-to-point. I have never really dealt with DSL though, so you can tell me why I'm wrong.)

If you want to do public WiFi, you should VPN it all. This isn't especially easy to set up, but if you have access to a server somewhere (eg a home computer with DSL) it's also not terribly hard. And it solves all the problems without costing very much bandwidth. True geeks can SSH a PPP connection and never think about it again.

I've always *hated* the word "Wi-Fi." Ugh. I got the joke, I just never thought it was even remotely clever or funny.

taterhead:

Everyone using cable in your neighborhood connects into the same junction point, or "head end." The same signal is sent to all the houses simultaneously.
A cable modem simply puts ethernet through the unused portion of the cable TV cable. But it's still shared; you could (in theory, though it would be highly illegal) snoop on your cable modem and see what your neighbors are browsing or downloading.

Newton's Telcom has this to say on cable modems:

"Because the a cable modem creates a LAN, you have to be careful when using it since all the other local subscribers can 'see' your hard disk. As a result, it's important to not allow sharing on your hard disk."

That said, it requires a bit more experience than using a webmail client, which is where your average neighbor is probably at.

One upside to a cable modem: you get super low ping times to the other quake players in your 'hood.

taterhead...I'll remove the geekspeak...

Cable and some DSL networks are often shared networks, you essentially have hundreds (or thousands) of people sharing the same "network." You don't actually have a dedicated connection. So, if you didn't have an effective firewall, and your computer is just plugged into the router/modem, you are open to everyone else on the same network.

For example, if I peek outside the firewall of my home server, I can not only see hundreds of other computers that I could connect to, but I also see their printers...and any other device connected to the network. A good example of this would be the iTunes Sharing feature of 4.0. You essentially had tons of people on the same subnet and could share music with them.

The problem is that most people don't know this and leave themselves open to invasion. I've seen folks running a FileMaker database with no password protection, and I was able to go right in (and leave them a note to turn the password on). I've been able to print to other people's printers (hey...get a firewall).

My server has two firewalls...one on the router, and one in the computer.

Aside from WiFi, Cory said "anyone with a cablemodem connection is in the same boat as a wireless user: your communications can be captured by anyone in your neighborhood and read." I'm on cable and I didn't know this was easily done or even possible. Anyone care to update me on this?

SSL is great, however most people who do online transactions don't consider man-in-the-middle attacks, and will just click "Yes" when they get the pop-up message that explains that there was problem with the certificate and asks them if they want to proceed. Redirecting traffic with arp poisoning is really easy on open wireless networks...

Jeeze, Cory, how do you expect this "advisor" to make an easy living if you're gonna question his "advice"? You a commie or somthin?

I suck, because I now say in my writing, "Wi-Fi (short for 'wireless fidelity')" because it's de rigeur. Which sucks. Fidelity doesn't mean reliability and a trademark can't stand for anything -- it has to stand on its own.

Edited by author 06-05-2003 02:07 PM
Right now I am comfortable with "reasonable" security. I never transmit anything I don't feel comfortable with 1,000,000 people seeing if it got out. And for credit card purchases, I started using my Pay Pal MasterCard instead of my others. I can fund it at will and if it gets stolen, they aren't likely to get much out of it. I think that 99% of security has to do with common sense. I'm more concerned about giving a credit card over the phone or to a sales clerk than over the Internet.

Or worse, mailing in an order from a catalog. Talk about security issues...

Considering e-commerce sites all (well 99%) use SSL, you're better off using your laptop to buy stuff in the park than to send out plain-text emails if you're concerned about sniffing.

I've had the opportunity in the past to see news reports on story topics for which I had some substantial personal knowledge. In EVERY instance, the reporter got many of the facts wrong or skewed the story to make it sound more dramatic or ominous than it really was.

Reporters are are out to make a buck, just like everyone else. The lower the overhead (in this case, fact checking and research) the higher the profit margin.

Why would you be surprised that they get a technical article wrong? They are English majors.

Maybe I'm getting old and cynical, but I'm begining to think the reason most papers don't get their facts straight is because they can't be bothered.

I read an article about the latest X2 movie, wherein they saw the Character of Nightcrawler, has 'Stigmata.' Now if you've seen the flick, you know that's completely wrong.

Stigmata are bleeding wounds in the hands and feet and chest, 'replicating the wounds of Jesus' and only the most holy and pious of people ever get them. Nightcrawler had engaged in the process known as scarification, using the letters 'transmitted by the archangel Gabriel' and as he said, he has "One for every sin."

Vaguely similar in that they're religous, but utterly different in practice. Enough to make you wonder if the guy even saw the movie.

Ditto with Matrix Two, another news jockey said Morpheus was battling vampires with razors. I'm not sure about you, but vampires don't desolidify and retain their features. They become a mist or a flock of bats. On the other Hand, Ghosts do act like ghosts and dematerialize and terrorize people with razors and guns and cars, et alle.

So why didn't he just say what WiFi really is and what it's really about? because that would be accurate, and it would mean fact checking. As we've seen from numerous news incidents, there's no money in being accurate. Ombudmen cost too much and just sit around doing nothing anyway.

A few years ago I interviewed Brian C. Grimm, Marketing Director of the Wi-Fi Alliance for an article I was writing on wireless networks. My first questions was "What does Wi-Fi mean?" and his answer:
"Wi-Fi stands for wireless fidelity." He went on to explain that the fidelity referred to out of the box interoperability of equipment from different manufacturers.

I say we riot against Stanley A. Miller II. I'll bring my pitchfork, and an extra torch.

The criticism on boingboing of the security and privacy warnings in the article is wrong.

Your personal and financial secrets are at risk if you send them over the Internet from your office. They are even more at risk if you connect to the Internett from a convenient park bench via a public, open Wi-Fi service.

Try your favourite search engine for 802.11b man-in-the-middle attacks, ARP poisoning, disassociation attacks, unauthenticated control frames, transmission power spoofing, MAC address spoofing etc etc even before you get to the joys of WEP.

Secure Sockets Layer (SSL) or even the more modern Transaction Layer Security (TLS) is not proof against man-in-the-middle proxy servers which replay your credentials invisibly whilst snooping them, unless you are using client side certificates and mutaul authentication. Some financial institutions do implement this for their customers, but the majority of e-commerce relies on simple one way unauthenticated SSL sessions.

There will be people in the park or within extended antenna range of the park, who will be sniffing the Wireless network network looking for usernames and passwords to POP3 email, FTP accounts or even the cookie credentials used by your favourite Blogging software.

Oh man, THANK YOU for pointing out the "wireless fidelity" thing. That has bugged me senseless since the first time I read it.