I can't imagine that the DoD would be happy with DHS clowns guarding something that they actually cared about. Though, if the alternative is G4S, maybe they'd take it. I'd certainly want to be rid of whoever thought that training with doctored MILES gear was adequate.

The 'feature' occurred on Windows Phone first, not sure exactly what version. I assume that it made a great pitch to prospective carriers, since they all love offloading customers onto anything that isn't their data network as often as possible, and typing passwords into your phone is a pain, so automating it likely increases network offload considerably.

Just as they say, in the context of backups, that 'if it isn't automated it won't happen'; there is likely to be a considerable difference in the rate of unintended leakage between a 'yeah, I guess I did tell Bob the password, he could pass it on' and 'the password spreads through your entire social group like a bad chain email'.

This sort of 'friend/acquaintance' attack attack is also exactly where slightly-too-automatic automation makes it really easy to bypass what limited good sense about security humans do have.

If, say, Alice and Bob have just had a messy breakup; it would be fairly obvious to any mutual friend of the two that sharing one's wifi password with the other, or a known friend/agent of the other, is something that they wouldn't like. They might do it anyway; because people are assholes like that sometimes; but it would be deliberate. Social-engineering somebody in that situation into telling you the password might be vaguely tricky. Social-engineering them into making you enough of a contact/friend/whatever on the services that this 'wifi sense' system uses to receive the password should be absolutely trivial; quite possibly already done.

I suspect that it isn't for nothing that this 'feature' first appeared on Windows Phone; carriers adore the idea of getting the filthy customers off the cell data networks they pay for and onto wifi as often as they can, and don't much care about a bit of collateral damage inflicted by dumb implementations.

What I would like to see explained in more detail is the claim that 'wifi sense doesn't reveal your plaintext password' during the sharing process.

My understanding was that(except WPA2 with RADIUS and a suitably chosen EAP) there isn't any provision for authenticating to a password protected AP without knowing the password. The AP itself might be able to destroy the password after it has been set, saving only a hash, as is good practice to keep more important sets of usernames and passwords from being compromised; but the client requesting authentication needs the password. The non 'enterprise' cases were designed to be easy to use, not particularly clever; and MS has limited room to get creative without causing nasty breakage on large numbers of variously dysfunctional legacy APs.

With a proper full WPA2 setup, or with one of the 'no authentication at the AP; but captive portal and/or VPN is the only way to access anything interesting' arrangements, you have more options; but how can you 'share' authentication to a WPA-PSK or WEP network without also sharing the key? Did they actually come up with something really clever, or does the UI just not show you the password, thus 'hiding' it?

Surely this is the logical place to insert "In the public sector, they cut corners to waste money!" and then talk about military contracting for a while.

Did you bother to even skim the article? It was essentially entirely focused on human and organizational risk factors, the sort of thing that anthropologists do actually study, in US nuclear facilities and preferred methods of securing them.

If the concern is "will the roof resist a hardware-store-improv mortar attack?", sure you don't want an anthropologist on the job. If the concern is "so, will the guards notice, give a damn, and do something about it; or will I just have to walk past a token force optimized for cheating its way to passing grades during perfunctory audits at lowest possible cost?", that's an anthropological question. And the answer appears to tend toward the latter.

Surely the proposal will be scuttled when the realize that driving the gambling operations out of the province will sharply reduce the number of them that give due prominence to French language text; and acknowledge the right of the people to lose money without brutalizing exposure to anglicisms.

Technically the gun 'works'; but the vendor is too half-assed to actually provide drivers for the gun until some later revision, for which we will presumably pay more.

Optimists prefer to focus on the fact that, in order to preserve the oh-so-sexy-low-radar-signature design, the system only holds 200 rounds, so nobody expects much of it even when the pilot is able to use it.