by Mike Masnick

Google's Secure WiFi Access Not So Secure?

from the whoops dept

There's been a lot of discussions going on around Google's release of a VPN solution. It seems like many of the stories have misinterpreted what it is. The press has turned this into a big thing about Google launching WiFi -- which it isn't (well, at least not yet). Google has been offering some free WiFi hotspots for a while already -- so that aspect wasn't new. The only thing that's new is this VPN offering. So, as a security offering, how secure is it? The folks over at Full Mesh/WiTopia took a look and sent us their analysis suggesting "not very" is the best answer. Full Mesh certainly is a biased party, considering that WiTopia offers a competing solution, but assuming the basic claims they're making are true (and it would be pretty easy for someone with the VPN client to check), then this solution really isn't particularly secure -- which is surprising, because it wouldn't have been hard to lock this down much tighter. The basic summary sent in by Feed Mesh is that the VPN uses PPTP instead of SSL. That's not entirely horrible if the PPTP offering is better locked down, but it doesn't appear to be (and SSL would have been a better overall solution no matter what). They're allowing both CHAP and MS-CHAP (v1) which have well known issues (as the Full Mesh guys point out, just check Google for lots of info on the problems with CHAP and MS-CHAP). Finally, they let pretty much everything pass through the VPN, rather than just TCP/IP. These are things that both WiTopia and HotSpotVPN do a much better job with. Obviously, the Google offering is quite beta, so it's possible they'll improve on this, but it's still worth noting that the "secure" part of the "secure" access might be a little misleading at this point.

Reader Comments

Subscribe: RSS

View by: Time | Thread

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.