WTF is happening with Windows 10? And nothing else
-
What could go wrong?
Not exactly a gaping hole by default, but I can see some security hilarity ensuing due to this.
-
Not exactly a gaping hole by default
If that's not a gaping hole, then neither is Kirk Johnson's.
-
I say that partly because it's not clear how "on by default" this is based on the article.
-
It's a pain in the arse is what it is. It means that I am gonna have to set up a guest wifi network at my house with a disposable WPA2 key for visitors with Windows phones or Win10 laptops.
I can trust my guests not to hand my WPA2 key around deliberately, but if their devices are going to do that silently on their behalf after they naively turn on a convenience feature, that's another kettle of fish entirely.
-
I couldn't see anything in the article claiming that sharing with your friends allows them to re share with their friends. That would be a bit of a hole
-
I say that partly because it's not clear how "on by default" this is based on the article.
[quote=Second last paragraph]Microsoft enables Windows 10's Wi-Fi Sense by default, and access to
password-protected networks are shared with contacts unless the user
remembers to uncheck a box when they first connect.[/quote]
-
I couldn't see anything in the article claiming that sharing with your friends allows them to re share with their friends.
Article says it works by (a) uploading the WPA2 passwords your device knows to a MS central server (b) downloading those to the devices your contacts have. So unless there is specific provision for preventing the propagation of WPA2 passwords through an entire social graph, it would appear to be implied.
-
@boomzilla said:
I say that partly because it's not clear how "on by default" this is based on the article.
[quote=Second last paragraph]Microsoft enables Windows 10's Wi-Fi Sense by default, and access to
password-protected networks are shared with contacts unless the user
remembers to uncheck a box when they first connect.
[/quote]Yeah...I remember that being more ambiguous when I first read it. This is pure WTF:
Microsoft also adds that Wi-Fi Sense will only provide internet access, and block connections to other things on the wireless LAN: "When you share network access, your contacts get internet access only. For example, if you share your home Wi-Fi network, your contacts won't have access to other computers, devices, or files stored on your home network."
-
How could that even work? Some kind of gentleman's agreement inside the client never to interact with anything but the default gateway?
-
Exactly. I'm assuming they mean that the people can't access shared folders or whatever that require credentials. Just like if they entered the wifi password manually.
-
I find myself unexpectedly agreeing with blakeyrat: this industry is fucked. It's over. It was good for a while there - showed signs of great promise - but the phone brain worms and the IoT between them have now killed all hope stone motherless dead.
Lawn. Off. Now!
-
I couldn't see anything in the article claiming that sharing with your friends allows them to re share with their friends. That would be a bit of a hole
@flabdablet said:So unless there is specific provision for preventing the propagation of WPA2 passwords through an entire social graph, it would appear to be implied.
The Lumia documentation for Wi-Fi Sense indicates that, if you use it to share your network with your contacts, Microsoft will only provide the key to your direct contacts, and the OS will not make the key visible or otherwise obtainable. (Gentleman's agreement inside the client though, so if there arise other clients...)
-
Some kind of gentleman's agreement inside the client never to interact with anything but the default gateway?
Probably, why not. AIUI you can't extract the password easily.
It would be an useful feature if you could actually pick a contact and click "Send Password". It's rather idiotic to share it across your whole Facebook and Outlook graph - most of the people I have as e-mail contacts have exactly zero probability of showing up at my house and requiring e-mail access. Otherwise, I'd be talking to them and not sending e-mails, duh.
-
The premise of this feature is that wireless networking is STILL TOO DAMNED FUCKING HARD for people.
Microsoft's trying to make it easier. Maybe this isn't the best approach, maybe it's not even a good approach, but they're trying, damnit, which is a damn-sight better than anybody else is doing.
-
The premise of this feature is that wireless networking is STILL TOO DAMNED FUCKING HARD for people.
Right, because pushbutton WPS isn't a thing.
Ok, ok, fine, it doesn't work all the time, and it's possibly just as much of a security vulnerability as this new MS thing. But still, when it works, it's "push button on router, tap button on phone, done".
-
Microsoft's trying to make it easier. Maybe this isn't the best approach, maybe it's not even a good approach, but they're trying, damnit, which is a damn-sight better than anybody else is doing.
That's a bullshit attitude.
We must do something! This is something! We must do this!
-
As opposed to
"Well, yeah, it's a bit hard, but it's how it's always worked, and we don't have any good ideas of how to fix it."
I mean, now maybe other companies will think about it?
-
I was thinking more as opposed to, "Yeah, let's fucking share this shit all over the place!"
Maybe I'm not really understanding the big problem that this is solving.
-
Also, the way I believe it works is, if you're in a place with a wifi connection, it will query for any contacts that have that connection. I could be wrong, but I don't think anyone gets the key without being in range of the connection.
-
Right. I looked at the MS pages about this, and the real goal seems to be "open" stuff. But if they have a key, are they really open? Like, a doctor's office might have wifi for their patients sitting in the waiting room, and have the password posted. But you don't want the guys next door leaching off you.
I would be fine with this if it were an opt in for the network owner, but of course there's no good way to do that and it'll probably never happen.
-
if there arise other clients
That would be when, not if, surely. It's as if MS learned nothing from the KMS fiasco.
-
We must do something! This is something! We must do this!
-
Gentleman's agreement inside the client though
Here we go again.
Why does Microsoft keep making this particular mistake, assuming that they totally control things when they don't?It's the same general category of problem that explains why Outlook was such a security problem for so long: they assumed that everyone else would only ever send emails using Outlook and so pushed a fair bit of critical security on the original email sender. Because nobody else could talk the standard protocol and fixing the receiving side was Too Hard. There were similar features of the FrontPage/IIS/IE ecosystem that would work in a Closed World but which were catastrophically bad in the Open World of the real internet.
It all comes down to the impossible assumption that they could always control all the clients.
-
To be fair, to a reasonable first approximation they do control all the clients.
-
To be fair, to a reasonable first approximation they do control all the clients.
For now. But their model relies on this continuing to be the case…
-
Before you go into "here we go again derp derp derp" mode... maybe confirm the post is actually true? Don't let DailyWTF become this.
-
@TwelveBaud said:
There's nothing new about Windows 10 in this respect... (assuming that @TwelveBaud was right1)Gentleman's agreement inside the client though
Here we go again.The ability to save wi-fi passwords has been there since the beginning of Wi-Fi support. So they're already somewhere on your system, and "available" for Windows to make available to other programs, either directly or by that program poking directly into the key store after reverse engineering it. Windows 10 just (according to current information) affects how the key got there in the first place.
1 "The Lumia documentation for Wi-Fi Sense indicates that, if you use it to share your network with your contacts, Microsoft will only provide the key to your direct contacts, and the OS will not make the key visible or otherwise obtainable. (Gentleman's agreement inside the client though, so if there arise other clients...)"
-
Well yeah, technically there isn't really any security issue that's not there if you just share the key. The problem is with stupid defaults - under the standard config, all your contacts get the key, and the right to share it further.
How often is it something you actually want?
-
I guess I'm lucky that my router has the option of establishing up to three guest networks, separate from my own WLAN.
-
Well, if someone downloads kiddie porn off your guest network, it's still tied to your IP, and that's the problem, not isolating the hosts.
-
under the standard config, all your contacts get the key,
Correct.and the right to share it further.
Incorrect.
-
The problem is with stupid defaults - under the standard config, all your contacts get the key,
...all of your contacts within range of your wi-fi network, which means there's a reasonably chance that you'd have given them your password anyway. Certainly not 100%, and I agree the default should be off, but it's not like they're broadcasting your password to even everyone on your contact list willy-nilly.
-
Pop quiz - how do they get the key?
They can't get it via your wifi network when they come into range because they don't have the key to connect.
Therefore they must get it via some other channel.
If it's a laptop/tablet, the only way this can possibly work is if it downloads every single wifi password every contact has ever encountered each time it connects to any wifi.
In other words, this can only work if the entire keystore is already on the client, ripe for an offline attack.
-
That depends on if it is a 3G-enabled tablet, but yes. Spreading the keys wide will be done with laptops, and that just increases the surface for attacks. I also wonder how this will interact with corporate security: just because I am friends with some guys down the pub doesn't mean that I want them to be able to log into the wireless at work. (This is an easily addressable point via corporate security policies, but will probably catch out a bunch of people anyway. Because security change always does.)
Requiring an explicit share action with a selected set of users would be significantly more secure, but would run the risk of systems being unable to connect automatically as the sharing action would probably not be done until the need was actively present. So, great for smartphones, yet terrible for laptops.
It's in part the old story about security vs. usability. That's a difficult line to tread well.
-
Incorrect.
Then why does it say
Windows 10 will share your Wi-Fi key with your friends' friends
Standard The Register kicking and screaming, or does it actually make you eventually get Kevin Bacon's WiFi password?
-
you eventually get Kevin Bacon's WiFi password?
if that's the case then eventually you'll have all the wifi passwords
assuming the sharing is transitive anyway. ;-)
-
-
Standard The Register kicking and screaming, or does it actually make you eventually get Kevin Bacon's WiFi password?
The Register not reading the documentation, which for Win10 may or may not exist, but for WinPhone certainly does.@accalia said:assuming the sharing is transitive anyway.
It's not.Wi-Fi Sense FAQ, under "I'm concerned about sharing Wi-Fi networks. Can you tell me a little more?":
You share with your contacts, but not their contacts. The networks you share aren't shared with your contacts' contacts. If your contacts want to share one of your networks with their contacts, they'd need to know your actual password and type it in to share the network.
@dkf said:I also wonder how this will interact with corporate security: just because I am friends with some guys down the pub doesn't mean that I want them to be able to log into the wireless at work.
You can choose not to share your work network, your work can change their SSID to include "_optout" or set a flag in the beacon, or:Enterprise networks that use 802.1X can't be shared. If you connect to one of these enterprise networks at work or somewhere else, those network credentials won't be shared with any of your contacts.
@lightsoff said:In other words, this can only work if the entire keystore is already on the client, ripe for an offline attack.
This is a legitimate complaint. If you're participating in Wi-Fi Sense, your contacts' keys are kept in a keystore on your computer, synchronized with Microsoft every few days. You can either trick Microsoft into thinking you're sharing networks from Windows when you're using a third party app instead, or you can crack open the keystore to get at the delicious delicacies inside. Either way requires a significant effort, but isn't impossible.
-
That's what the "keep this guest network alive for the next x hours" option is there for.
-
Windows 10 Automatic Updates Start Causing Problems
Microsoft's controversial update policy has its first victims.
This was kind of obvious it would happen:
unless Windows Update and third party driver management software receive updates at exactly the same time an ongoing battle of upgrading and downgrading can ensue between them. Third party software can be told to stop, but if the driver problem lies with Windows Update (as it does in this case) there’s no way to stop Windows 10 reinstalling it once removed, which causes the problem to come back again and again.
-
unless Windows Update and third party driver management software receive updates at exactly the same time an ongoing battle of upgrading and downgrading can ensue between them.
Well, ok, that makes sense...
Third party software can be told to stop,
Right...
but if the driver problem lies with Windows Update (as it does in this case) there’s no way to stop Windows 10 reinstalling it once removed,
... whaaa? How could Windows Update have both a driver and a third-party updater to a driver and they're different versions? What the fuck is he talking about? That's not what "third party" means, guys.
Once removed, Windows 10 keeps trying to update drivers? The fuck? So if you go back to Windows 8, there's a magical little bit of elf-code left over that still tries to run the Windows 10 driver updater? I guess?
This is gibberish.
Hang on, I'm actually going to read this shit:
“It looks like driver version 353.54 [the latest at time of writing] is available only via Window Update,” Monckton told me. “The problem is the Nvidia GeForce Experience then tried to downgrade that to the previous version while claiming the previous version was actually newer.”
So the real WTF here is that NVidia's software updater is somehow at least 6 months behind the newest version.
I actually experienced this problem too, with Wolfenstein: The Old Blood complaining about old drivers, then me going to GeForce Experience and doing an update only to get-- the same old drivers. The Old Blood came out about 4 months ago, so GeForce Experience has been broken at least that long.
Which is a WTF, sure, but I don't see what Windows Update has to do with it...
The problem is compounded by the fact that Windows Update doesn’t actually reveal driver version numbers prior to install or warn the user in advance so pinpointing something that has suddenly caused problems can be hard to identify.
Ok, I could see that being a problem...
In the case of an SLI configuration Windows Update on Windows 10 also currently believes it has to perform two device upgrades when a single driver update covers both, which forces the update to install on top of itself.
And... so what? "OH NOES it installed the same driver twice! That's bad because... because... that's bad! I'm some guy who works at Forbes!"
-
Jeebus, WINDOWS UPDATE CANNOT BE STOPPED.
Unless you block it at the router. Thank you, that'll be $60, now STFU.
-
unless Windows Update and third party driver management software receive updates at exactly the same time an ongoing battle of upgrading and downgrading can ensue between them.
Why would a program ever downgrade a driver without being explicitly told to do so?It's a WTF for both Windows Update and third party driver managers.
-
Why would a program ever downgrade a driver without being explicitly told to do so?
When both sides think they're “upgrading” the driver.
-
Why would a program ever downgrade a driver without being explicitly told to do so?
I think the issue here is that (say) nVidia and WU have different versions of the same driver. Let's say the nVidia one is newer, so GeForce Experience wants you to upgrade, but then WU decides its version is newer, even if (perhaps) it's not, so it applies itself, and the GeForce Experience goes "oh shit, the driver's out of date". Lather, rinse, repeat.
I think this happened a couple times in the XP era.
-
Then maybe they should actually control the version numbers on their software?
-
Then both sides are shit.
I suppose keeping track of two numbers is a problem far too complicated for driver makers to solve.
-
I suppose keeping track of two numbers is a problem far too complicated for driver makers to solve.
An example of how this might go wrong is if one side is using ordinary semantic versioning, and the other is treating the string version as a floating point number, making
1.3be more than1.17. Which isn't to say that this is what happened; there are more complex failures possible too (such as two different drivers being available to do approximately the same thing).
-
such as two different drivers being available to do approximately the same thing
a thing ATI was once (and i assume still is) famous for.
they'd release their drivers to windows update and basically flag them as "yeah we support every card we ever made" when in reality the updated driver was only ever tested with current gen cards (and maybe previous gen if the generateion flip was recent and you were lucky) so if you took a windows update version of the driver with a non-current generation version of their cards you stood a rather significant chance of bricking your computer (until a trip to safemode could revert) because the driver would turn out to just assume that the card had featureX when that feature was only introduced in the latest generation of cards.
it was even more annoying than the terrible quality of their linux drivers.
-
I dare say that it's mostly nVidia's fault. They were unable to patch a bug which crashed the whole driver on a regular basis when using hardware-accelerated Chrome for a whole month.
Took them four driver versions and a hotfix, too.
UH OH: Windows 10 will share your Wi-Fi key with your friends' friends
