Google's Secure WiFi Access Not So Secure?

from the whoops dept

There's been a lot of discussions going on around Google's release of a VPN solution. It seems like many of the stories have misinterpreted what it is. The press has turned this into a big thing about Google launching WiFi -- which it isn't (well, at least not yet). Google has been offering some free WiFi hotspots for a while already -- so that aspect wasn't new. The only thing that's new is this VPN offering. So, as a security offering, how secure is it? The folks over at Full Mesh/WiTopia took a look and sent us their analysis suggesting "not very" is the best answer. Full Mesh certainly is a biased party, considering that WiTopia offers a competing solution, but assuming the basic claims they're making are true (and it would be pretty easy for someone with the VPN client to check), then this solution really isn't particularly secure -- which is surprising, because it wouldn't have been hard to lock this down much tighter. The basic summary sent in by Feed Mesh is that the VPN uses PPTP instead of SSL. That's not entirely horrible if the PPTP offering is better locked down, but it doesn't appear to be (and SSL would have been a better overall solution no matter what). They're allowing both CHAP and MS-CHAP (v1) which have well known issues (as the Full Mesh guys point out, just check Google for lots of info on the problems with CHAP and MS-CHAP). Finally, they let pretty much everything pass through the VPN, rather than just TCP/IP. These are things that both WiTopia and HotSpotVPN do a much better job with. Obviously, the Google offering is quite beta, so it's possible they'll improve on this, but it's still worth noting that the "secure" part of the "secure" access might be a little misleading at this point.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Walter, Sep 23rd, 2005 @ 6:38am

    iPig alternative

    As a free alternative iPig was recommended to me. Its freeware (download at http://www.iopus.com/ipig)and includes the option to set up your *own* VPN server extremly easy.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Mike (profile), Sep 23rd, 2005 @ 9:57am

    Re: iPig alternative

    As I said, what's nice about these other solutions is exactly the opposite: that you don't have to set up and maintain your own server. This is a solution for non-techies.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This