Yesterday I mentioned that I’m hoping to drag my feet on deploying Windows 10 at work and I doubt anyone else in even the most vaguely technical role will argue with me. Ultimately, it’s going to be some executive who sees it running on a display laptop at Best Buy or something and I’ll be forced to tip the first of many dominoes in a succession of many bad decisions and then white knuckle it through the days leading up to the first fix patches. Since it’s technically out in the wild over the next few days and I’ve generally found that the least technically adept with the majority of their crucial files saved to the desktop are the quickest to hit the shiny, candy-like ‘upgrade’ button.
I hadn’t really studied up on the WiFi Sense feature in Windows 10 and now that I have I can see a whole bunch of potential problems with it. My workplace has the most basic wireless setup I’ve ever seen and, because it’s ultimately so useless, it really doesn’t have much traffic. It’s internet only and is protected by a fucking WEP key that is crackable in about 15 minutes. That said, you’d get a slow unreliable internet connection and nothing else. You’d need a VPN client and it’s difficult enough to get our VPN appliance to poop out a compatible client much less valid credentials. So, in our workplace, WiFi Sense would almost make sense since an outdoor only experience that randomly disconnects would not provide much of value to an intruder and isn’t stable enough to commit any heinous acts while connected to it. It’s useless, but a safe (from the business perspective) useless.
At home, I’m a bit twitchier about wireless security. There it’s WPA or nothing and I don’t hand out my password to anyone; I go over to their device and type it in for them which I think is more polite than shouting an amalgam of symbols, case shifted letters, and numbers across the room. I think of myself as fairly sane and the reason that I like to keep connections from the outside world to a minimum is that I don’t like to have police my internal network if I can avoid it. I do password protect all of my own devices with a PIN at minimum and I’ve gone through periods of only allowing a double handful of MAC addresses to join the faster AP that actually hands out 802.11ac connections. Those, in a perfect world, can grab 450 MB/s and I’d like to keep fucked up machines off a pipe that wide since I’m ultimately responsible for what they do while I’m hosting. One thing I’m not doing is appending _optout to the end of my SSID because bearing the onus for poor design at my own expense (and god it makes my network look stupid) isn’t something I want to do. I’ve yet to have to deal with this because none of my friends did more than toe dipping into the Windows phone and 10 isn’t really out there yet. I’m going to be right back to typing in passwords again and making sure that the ‘Share with my contacts with compromised machines so my SSID and password can make its way around the world’ button is never checked. Ugh.