Mumbai Police To Enforce Wi-Fi Security 134
caffeinemessiah writes "In the wake of the recent terrorist attacks in Mumbai, India, the local police are going to be sniffing out unsecured wi-fi access points and ordering the owners to secure them. The article notes that 'terror mails were sent through unsecured Wi-Fi connections' before bomb blasts in other Indian cities. No word on if they'll be walking around using Kismet, or if people who use pathetically weak WEP encryption will be ordered to switch to more advanced protocols. Unfortunately, a gesture like this does not take into account the insidious scenario of walking into a cafe, buying a coffee and then (legally) using the cafe's wi-fi. Or the fact that terrorists might actually be able to pay to use a cybercafe, and know what VPNs are."
On the other hand, the Mumbai police may still be keeping track of the mandatory keyloggers that went into the area's cybercafes in 2007.
Cybercafe scenario is bogus (Score:5, Informative)
Wrong. You can't just walk into a cafe in Mumbai and use the wifi. You have to show a government ID (such as a passport), which is recorded, before you even get access credentials.
The point of this exercise is to shut down anonymous Internet access, which is illegal in India.
Similarly, you can't legally buy a SIM card for a mobile phone in India without providing identity credentials to the seller, who is responsible for recording the information for possible police followup.
Re:Easy Solution to Keyloggers (Score:4, Informative)
Don't use keys. Copying and pasting messages, usernames, and passwords from a USB stick would work perfectly well for a terrorist at a cybercafe.
Thats just silly. The real answer is one time passwords.
However you really can't do much with a computer you mistrust, they know everything that happens in your session and they might be able to remote control it in the middle of your session.
Re:So who is going to secure the mobile network? (Score:3, Informative)
The point is to limit anonymous Internet access. Mobile phone communications are all tied to a particular mobile phone, which cannot be acquired anonymously in India (for appropriate definitions of "cannot").
Re:Lame (Score:3, Informative)
Both of these issues have solutions (DNSSEC + IPSEC for the first, turning off bridging for the second), but the first is onerous enough that 99% of users won't do it, so having a "must use WPA encryption" policy is actually a good idea for in most cases.
Re:Easy Solution to Keyloggers (Score:3, Informative)