This is reminiscent of another recent story in which an Apple Store employee was able to use Mac OS X 10.5 Leopard's Back to My Mac remote access software to connect to a laptop that was stolen from her apartment to grab images and screenshots of the two men alleged to have taken the laptop and other gear.

If you have no clue what 802.1X is, read my recent technology primer first. If you’re already familiar with 1X, you’ve probably heard about some of the 802.1X additions- the 802.1AE (MACSec) and possibly 802.1af (the key agreement for MACSec)… but that’s just the tip of the iceberg, and what’s hiding underneath will knock your socks off!

We’re currently at the 802.1X-2004 edition, with the group working on the REV and hoping for an early-2009 release. When IEEE makes additions (such as AE and af) they’re just afterthoughts and changes tacked on to the end of the standard. But when they do a revision , as they are now, they’re opening up the whole can of worms and all parts of the standard are opened for evaluation and modification. Yee-haw!

So, what’s in this new revision and what can we expect from 802.1X-REV? That’s what I wanted to know, and I’m sure you’re curious too. I was lucky enough to catch a quick call with Paul Condon earlier this week and get some of the inside scoop. Paul is ProCurve Networking’s CTO, but more importantly for our purposes today, he’s the Vice -Chair of the IEEE 802.1 working group and is intimately involved in 1X and a variety of other networking, security and authentication standards.

1) Encryption & Key Exchange : The first goal in updating 802.1X was to add security with encryption, specifically on switch-to-switch links. Of course, with encryption comes the need for fast, secure key exchange, so we ended up with 802.1AE and 802.1af as answers to the first set of goals. The encryption will require hardware refreshes, and vendors are already gearing up for that. The benefits of encryption are pretty obvious, so I won’t bore you with that. There are some fun little gems hidden in the AE/af set though. Even without using the encryption piece, we’ll be able to use the key exchange as a means of quickly (in ~4-5 packets) authenticating (or re-authenticating) switches to one another after a reboot. It will be a critical piece for maintaining availability and integrity in the network. And w e can do this piece without a hardware upgrade, which is pretty nifty.

2) Same-Port Multiuser Support: Here’s where the 1X-REV sauce starts tasting really good. The new revision is leveraging some of its security updates to support multi-user modes on a single port. And no, not by using multi-tagged VLANs, this is way cooler than that. In theory, multiple PCs, phones or other connected devices can connect through a single port, which would essentially be running multiple instances of 802.1X, letting each communicate securely. It’ll be similar in practice to how wireless APs segregate and encrypt traffic between the AP and the endpoint. I’m sure at first we’ll see software-based endpoint encryption support and of course, move towards hardware encryption and see NICs with the capability baked in. That’s still down the road, but the road is getting shorter.

3) Network Advertisement/Selection : Now the 1X-REV sauce is the best you’ve ever had- you’re gonna want to put this stuff on everything ! :) The 3rd goal of the revision is to add support for network advertisements on the wired side- which would be a similar experience to selecting the wireless SSID from a list of ones available on your laptop. But, it’s happening on your wired switch. Wild, right? They’re going to leverage the EAPOL types here to communicate from client to network. Imagine the possibilities…

All these new functions and features give 802.1X numerous new use cases. I think you’ll see parts of these technologies leveraged in various parts of critical networks everywhere. Sponsor ballots come at the end of the year, and they’re hoping to see something solid and released in early 2009.

You can see why I’m excited. The 802.1X-REV may be the evil stepchild for a while, but it’s coming. When it does, it’s going to rock our little network worlds and flip our thinking about wired security and network segregation upside down.

Of course, you’ll be seeing more on this from me, so hang in there!

# # #

AT&T appeared to have flipped a switch several days ago on its "attwifi" SSID that has appeared alongside T-Mobile's during this several-month transition at Starbucks from one operator to another. iPhone users were presented with a custom login screen that prompted them for their phone number to obtain free access. That gateway page disappeared a few days. I haven't tested if it's back, but at least AT&T has, at long last, made the connection that its iPhone customers might enjoy the same free access to hotspots as its 7m fiber and qualifying DSL customers.

Stories with pictures at MacRumors and Ars Technica. I'll test this out with my neighborhood Starbucks tomorrow. [Link via Fabio Zambelli]

The companies also said that AT&T high-speed DSL and fiber customers will gain free access at 7,000 Starbucks starting May 1, but as other eagle-eyed readers have noted, that option is already available on any T-Mobile login page that anyone's written me about or I've seen. The difference will be that a separate SSID called ATTWiFi will be available as an option for network selection, presenting a different gateway page.

The notion is that visitors can gain Internet access by using an existing OpenZone subscription, paying a fee (the business can sell vouchers), or being a member of a roaming network. The business customers receive 50 to 500 minutes of use on OpenZone each month themselves, based on their BT contract for broadband.

This business hotspot option extends a previous relationship for residential users with Fon that allows BT home users to flip a switch and become a Fonero.

These kinds of organic extensions of networks have very little impact on the party that's sharing their broadband, because there's almost no work involved. But if enough people opt in, it can have a large impact on the amount of hotspot service that's available. While I have critique Fon for its backside-utility quotient--how readily one can get work done or even make a phone call at many Foneros' locations--the BT business plan assures that hotspots will be in places where people work and gather.

OK I am out of Orlando and Infosec World and now in DC for some meetings in this week's version of the Shimel world tour.  I wanted to put some finishing touches on the trade show though and some previous posts. 

First on the issue of Air Defense spoofing SSIDs to direct people to their site which I wrote about yesterday. Several people wrote to me privately and confirmed that indeed this is something that the Air Defense people have been doing for several years evidently at trade shows. They also agreed that while showing what their product can do, it is a pretty sleazy way of doing business and they are turning off more people than they win over doing it.  Real life example is someone tried to show someone a web site and were unable to do so initially because their machine would automatically log into the spoofed SSID of the Air Defense WAP. I have someone sending me a picture showing the spoofing in action in case anyone disputes that Air Defense actually stooped this low.  In fact let me tell you what I did on this one.

I went over to the Air Defense booth when there was no one else around.  I pulled the guy over and told him that I know what they were doing and I think it is pretty sleazy and they should stop spoofing SSIDs as it made them look sleazy.  At first the Air Defense dude played dumb and said he was not aware they were doing that.  Than I pointed out to him that the laptops they had set up right next to their WAP at the booth were showing the same Air Defense we have hijacked your wireless page that others were getting. I asked him to show me what SSIDs they were attaching to, to get to that page. He realized at that point that I had called BS on his story and said he would correct it. 

Now my young friend from Air Defense did not realize that when I walked away from his booth, I stopped just a both or two down and watched.  I saw him go over and tell his other booth buddy about what I said, they laughed like they were quite the hot stuff and didn't do a darn thing about it, as I checked the SSIDs a few minutes later.  That is OK a word to the show organizers about other exhibitors having problems with connectivity due to Air Defense's sleazy ways will put an end to them doing that in the future.  In fact I encourage my many security vendor readers to make sure and make show organizers aware of what Air Defense does at these shows and put an end to it once and for all. If they can't police themselves and act in a decent manner, I guess we will have to do it for them.

Other shows news - We had a booth next to Ken Belva launching his new info sec blog magazine which I wrote about they other day. I never met Ken in person before, it was good to meet both him and his dad. Always fun to spend some time with fellow NY'ers. Also, it always amazes me at the end of shows when the "adult trick or treaters" come out with their shopping bags looking to load up on chachkis.  Whether it be a foam little computer, StillSecure branded chap stick (that was a big hit this show) or anything else not nailed down, these people have no interest in your products or anything, they just want to know what they can bring home for free.  There is always a big competition for our fit balls which have become a trademark of ours over the years.  We are the company with big (fit) balls.

All in all, it was a great show.  Good catching up with folks, meeting new ones and keeping abreast of security news. Not sure why they "pit bull of self help" was a key note speaker but he was interesting if not security related per se.  This show has me really looking forward to RSA!

OK I am out of Orlando and Infosec World and now in DC for some meetings in this week's version of the Shimel world tour.  I wanted to put some finishing touches on the trade show though and some previous posts. 

First on the issue of Air Defense spoofing SSIDs to direct people to their site which I wrote about yesterday. Several people wrote to me privately and confirmed that indeed this is something that the Air Defense people have been doing for several years evidently at trade shows. They also agreed that while showing what their product can do, it is a pretty sleazy way of doing business and they are turning off more people than they win over doing it.  Real life example is someone tried to show someone a web site and were unable to do so initially because their machine would automatically log into the spoofed SSID of the Air Defense WAP. I have someone sending me a picture showing the spoofing in action in case anyone disputes that Air Defense actually stooped this low.  In fact let me tell you what I did on this one.

I went over to the Air Defense booth when there was no one else around.  I pulled the guy over and told him that I know what they were doing and I think it is pretty sleazy and they should stop spoofing SSIDs as it made them look sleazy.  At first the Air Defense dude played dumb and said he was not aware they were doing that.  Than I pointed out to him that the laptops they had set up right next to their WAP at the booth were showing the same Air Defense we have hijacked your wireless page that others were getting. I asked him to show me what SSIDs they were attaching to, to get to that page. He realized at that point that I had called BS on his story and said he would correct it. 

Now my young friend from Air Defense did not realize that when I walked away from his booth, I stopped just a both or two down and watched.  I saw him go over and tell his other booth buddy about what I said, they laughed like they were quite the hot stuff and didn't do a darn thing about it, as I checked the SSIDs a few minutes later.  That is OK a word to the show organizers about other exhibitors having problems with connectivity due to Air Defense's sleazy ways will put an end to them doing that in the future.  In fact I encourage my many security vendor readers to make sure and make show organizers aware of what Air Defense does at these shows and put an end to it once and for all. If they can't police themselves and act in a decent manner, I guess we will have to do it for them.

Other shows news - We had a booth next to Ken Belva launching his new info sec blog magazine which I wrote about they other day. I never met Ken in person before, it was good to meet both him and his dad. Always fun to spend some time with fellow NY'ers. Also, it always amazes me at the end of shows when the "adult trick or treaters" come out with their shopping bags looking to load up on chachkis.  Whether it be a foam little computer, StillSecure branded chap stick (that was a big hit this show) or anything else not nailed down, these people have no interest in your products or anything, they just want to know what they can bring home for free.  There is always a big competition for our fit balls which have become a trademark of ours over the years.  We are the company with big (fit) balls.

All in all, it was a great show.  Good catching up with folks, meeting new ones and keeping abreast of security news. Not sure why they "pit bull of self help" was a key note speaker but he was interesting if not security related per se.  This show has me really looking forward to RSA!

I have nothing against marketing but think that is pretty sleazy. If they have their WAP SSID labeled correctly and you want to connect to it fine. But hijacking other SSIDs is wrong. Shame on Air Defense.