Comments on: Ignoring security (usability) http://blog.waja.info/2007/07/07/ignoring-security-usability/ Just a place to be! Sun, 07 Sep 2008 15:27:13 +0000 http://wordpress.org/?v=2.6 By: Marc 'Zugschlus' Haber http://blog.waja.info/2007/07/07/ignoring-security-usability/#comment-6720 Marc 'Zugschlus' Haber Fri, 13 Jul 2007 21:10:54 +0000 http://blog.waja.info/2007/07/07/ignoring-security-usability/#comment-6720 Noone cares about WLAN am Bahnhof. It is only a project running by damagers to make them look cool. If things don't work, Deutsche Bahn will send you to your mobile provider (even if the fault is clearly with the infrastructure at the train station), who will promptly send you back to Deutsche Bahn. For example, the packet filter in Frankfurt/Main Hbf does not allow any user to get through to the T-Mobile login portal to register for the WLAN. Noone cares. I stopped caring long ago. WLAN am Bahnhof is just too expensive. Pop in your UMTS card and go online anywhere. And have a provider who cares. At least marginally more than Deutsche Bahn does. Noone cares about WLAN am Bahnhof. It is only a project running by damagers to make them look cool. If things don’t work, Deutsche Bahn will send you to your mobile provider (even if the fault is clearly with the infrastructure at the train station), who will promptly send you back to Deutsche Bahn.

For example, the packet filter in Frankfurt/Main Hbf does not allow any user to get through to the T-Mobile login portal to register for the WLAN. Noone cares.

I stopped caring long ago. WLAN am Bahnhof is just too expensive. Pop in your UMTS card and go online anywhere. And have a provider who cares. At least marginally more than Deutsche Bahn does.

]]> By: cyco http://blog.waja.info/2007/07/07/ignoring-security-usability/#comment-6172 cyco Sat, 07 Jul 2007 22:23:17 +0000 http://blog.waja.info/2007/07/07/ignoring-security-usability/#comment-6172 Technical you true, but blunting users is a general problem. It shouldn't be such a trick to bring a valid certificate in place. Technical you true, but blunting users is a general problem. It shouldn’t be such a trick to bring a valid certificate in place.

]]> By: Joe Buck http://blog.waja.info/2007/07/07/ignoring-security-usability/#comment-6144 Joe Buck Sat, 07 Jul 2007 00:36:18 +0000 http://blog.waja.info/2007/07/07/ignoring-security-usability/#comment-6144 It's entirely proper to ignore the issue in this case. SSL does two things: it encrypts the traffic, and it verifies the destination. A user of wireless networking at the train station doesn't want to be snooped, so encryption is cool, but doesn't much care about the specific identity of the provider. If this were an online banking application, it would be very different, because you don't want to send money to the wrong people. It’s entirely proper to ignore the issue in this case.

SSL does two things: it encrypts the traffic, and it verifies the destination. A user of wireless networking at the train station doesn’t want to be snooped, so encryption is cool, but doesn’t much care about the specific identity of the provider. If this were an online banking application, it would be very different, because you don’t want to send money to the wrong people.

]]>