Google Secure Access Declared Insecure
Google's Secure WiFi Access Not So Secure?
Google's new secure access wifi program has been declared insecure by WiTopia, who strangely enough make secure WIFI products :) Techdirt have the details in Google's Secure WiFi Access Not So Secure?
Full Mesh certainly is a biased party, considering that WiTopia offers a competing solution, but assuming the basic claims they're making are true (and it would be pretty easy for someone with the VPN client to check), then this solution really isn't particularly secure -- which is surprising, because it wouldn't have been hard to lock this down much tighter. The basic summary sent in by Feed Mesh is that the VPN uses PPTP instead of SSL. That's not entirely horrible if the PPTP offering is better locked down, but it doesn't appear to be (and SSL would have been a better overall solution no matter what). They're allowing both CHAP and MS-CHAP (v1) which have well known issues (as the Full Mesh guys point out, just check Google for lots of info on the problems with CHAP and MS-CHAP). Finally, they let pretty much everything pass through the VPN, rather than just TCP/IP.
All those acrawotsits do my head in a bit, but it all sounds jolly clever doesn't it?